730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1

Analysis

max time kernel
149s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe
Size

70KB
MD5

11732056cf19ddcfadb226f5da651e88
SHA1

1b599cecceeac4bfb6c98ab8697884881a784c8a
SHA256

730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1
SHA512

7ad89716c433460284de3c2c47e12053383614586b8d69e0accc710130b42a9edfdfaadbb03895571d052c2e192cf6dc68f28ddba638d3a01f6503433c32406a
SSDEEP

1536:pmg3SHuJV9NdEToa9D4ZQKbgZi1dst7x9PxQ:pmgkuJVLtlZQKbgZi1St7xQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2716	Logo1_.exe
4756	730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\am\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\af-ZA\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2020.1906.55.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\id-ID\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sl-SI\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MLModels\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerElevatedAppServiceClient.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe
File created	C:\Windows\Logo1_.exe	730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 1508	4188	730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe	82
PID 4188 wrote to memory of 1508	4188	730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe	82
PID 4188 wrote to memory of 1508	4188	730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe	82
PID 4188 wrote to memory of 2716	4188	730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe	83
PID 4188 wrote to memory of 2716	4188	730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe	83
PID 4188 wrote to memory of 2716	4188	730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe	83
PID 2716 wrote to memory of 916	2716	Logo1_.exe	85
PID 2716 wrote to memory of 916	2716	Logo1_.exe	85
PID 2716 wrote to memory of 916	2716	Logo1_.exe	85
PID 916 wrote to memory of 3680	916	net.exe	87
PID 916 wrote to memory of 3680	916	net.exe	87
PID 916 wrote to memory of 3680	916	net.exe	87
PID 1508 wrote to memory of 4756	1508	cmd.exe	88
PID 1508 wrote to memory of 4756	1508	cmd.exe	88
PID 2716 wrote to memory of 3464	2716	Logo1_.exe	56
PID 2716 wrote to memory of 3464	2716	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3464
- C:\Users\Admin\AppData\Local\Temp\730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe
  "C:\Users\Admin\AppData\Local\Temp\730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4188
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a881C.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe
      "C:\Users\Admin\AppData\Local\Temp\730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe"
      4⤵
      Executes dropped EXE
      PID:4756
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:916
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
247KB

MD5
3e13d0f899018b2a0e5c4724d4db6a32

SHA1
ca3661f2b14c1afe25a8238e17e81f05859e64c7

SHA256
2f69d096176bdc72b16f8da9110b180afdc1b2909fbecd47c547dfad55d8f923

SHA512
81bfbb523fcdc46f9dd8453dd7694ca5e4a81e83c0e9ed508f8f8da98073e2110fef04fe6612d65c7ee2f129acbd8e367f4173b14060791339b01ff143fd0531

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
edfa88ef27f8ef01448b227c7bcc3086

SHA1
c3b8fc53450f09d96bc4e681c021749ed2e58751

SHA256
cb192eebf794a483a7e2aa22065303049655d4ba284fe318374a05e9f660dbc4

SHA512
3626be9c8c6129d903d0662c17a8484787784e10a5fbe83772a332dcf7ea67a479354c5c0b02d839056ec8e40dbb0c8e8f76b8e1ba61d4e2f74a8c32e590ad57

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
c8d281da4c32df16eef470c27c8cb459

SHA1
00efc9f6844bfaa37c264b6452c6a7356638ab10

SHA256
058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

SHA512
e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a881C.bat

Filesize
722B

MD5
be1633c0dbfdc59ef014714e0b226c54

SHA1
ef2540ff481ca945aaac0c1a8f75ffb1bb5170f4

SHA256
3dab1bb4b8c0ef9c888e4177a1f0e16aeadc33ac98e74a59b324f90c68781795

SHA512
fbe1ea5796bccc8dc852ce0461a98055a6d4aba7944d26df77fe593add413c37dd81475cb3429ba481c93b3eacf021de1aaa1afb01b9a554332e555c62e30779

Download Submit
C:\Users\Admin\AppData\Local\Temp\730d3b6250d7af3df50eec5f1815e1381c0132559555e1cf351c0b690309a9a1.exe.exe

Filesize
41KB

MD5
977e405c109268909fd24a94cc23d4f0

SHA1
af5d032c2b6caa2164cf298e95b09060665c4188

SHA256
cd24c61fe7dc3896c6c928c92a2adc58fab0a3ff61ef7ddcac1ba794182ab12f

SHA512
12b4b59c1a8e65e72aa07ee4b6b6cd9fdedead01d5ce8e30f16ca26b5d733655e23a71c1d273a950a5b1a6cce810b696612de4a1148ac5f468ddf05d4549eed5

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
037a1557312e57791bd4eeba7dcc7213

SHA1
1e1a35c4488f9cd09e5e6dad09cc67293712c623

SHA256
4ec9caeaf890c301da3587508883df4337635dc6d24b77345322b8617cd18387

SHA512
49f4c6aa4fc8a344e026e5016f3192396ff01d06f4b5097e58fcba29b84df5d049ac1c053edfcadc0e831dc033e5a6d912bab3a9ada6cf79784e671de5521289

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-786284298-625481688-3210388970-1000\_desktop.ini

Filesize
9B

MD5
e02899454c67c7d6d1af854fdcb53b67

SHA1
26fb213f7c299c2a4d8c4afd234ee0b751d7a30e

SHA256
0e67e90646d3ba7b46f935b205c9f89e8bff2dca7aeda3cd5dfb93868b262315

SHA512
e1519bebf62ab4cb28e630a201312812e04f815ec0663f7b68b478da97c0bf7c7c2238a8632540d3d1f37acbe83919fb198b39ebeb222c19faa2130ab65ffffa

Download Submit
memory/2716-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2716-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2716-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2716-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2716-500-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2716-1233-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2716-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2716-4784-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2716-5229-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4188-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4188-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download