5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299

Analysis

max time kernel
150s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 07:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe
Size

800KB
MD5

37125a26631f1635736df5dcdaf1eadf
SHA1

a74ae289d971e2c6f8d0f58e42a35e2d1479b81a
SHA256

5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299
SHA512

53919e72f160db80ff0f114e485d5a95a36384dc6f8be608d38f870b1783b063f79aa48c03d79f254bf22a4ef6171b583fba0ff0d23d1ff0ee33c4f325da00a3
SSDEEP

12288:/7+O3Asc5iRkbb4qfS1T+jYB1ye6gpu2gIaTm3VMdCbk0kGjLz4efUaV+At:/7NcMGbMEZ+IXkRmdefrV+C

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2360	Logo1_.exe
4536	5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\cef\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\Installer\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Config\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Validator\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\identity_proxy\win11\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft.NET\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\vi-VN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\ResiliencyLinks\WidevineCdm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.86\cookie_exporter.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\Icons\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe
File created	C:\Windows\Logo1_.exe	5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe
2360	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2196	2280	5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe	89
PID 2280 wrote to memory of 2196	2280	5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe	89
PID 2280 wrote to memory of 2196	2280	5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe	89
PID 2280 wrote to memory of 2360	2280	5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe	90
PID 2280 wrote to memory of 2360	2280	5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe	90
PID 2280 wrote to memory of 2360	2280	5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe	90
PID 2360 wrote to memory of 2180	2360	Logo1_.exe	92
PID 2360 wrote to memory of 2180	2360	Logo1_.exe	92
PID 2360 wrote to memory of 2180	2360	Logo1_.exe	92
PID 2180 wrote to memory of 4836	2180	net.exe	94
PID 2180 wrote to memory of 4836	2180	net.exe	94
PID 2180 wrote to memory of 4836	2180	net.exe	94
PID 2196 wrote to memory of 4536	2196	cmd.exe	95
PID 2196 wrote to memory of 4536	2196	cmd.exe	95
PID 2360 wrote to memory of 3412	2360	Logo1_.exe	55
PID 2360 wrote to memory of 3412	2360	Logo1_.exe	55

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3412
- C:\Users\Admin\AppData\Local\Temp\5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe
  "C:\Users\Admin\AppData\Local\Temp\5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a40FC.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe
      "C:\Users\Admin\AppData\Local\Temp\5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe"
      4⤵
      Executes dropped EXE
      PID:4536
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2360
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2180
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4344,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=3904 /prefetch:8
1⤵
PID:1140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
244KB

MD5
4b87b791e1c75cf8712c672ac619f5c7

SHA1
c1c8d020fc9baa736adb67834c5199622f77882d

SHA256
f6d706d34897de72c2e7e6ab7a5db4fc5d978eb665bca8c7a8e1d644017099d1

SHA512
3431e2cd9cc9928cfd28b444f618ddc149e942dc8892d780a8aaea39a5be0e7bbc005a056c796998178a7fb4b97f138ee803a848efa7c084197c1a6591852891

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
e95d93bf42ea1289c3685b244d413c67

SHA1
97d75cae5b9c0f072abd68993849c00d89378a62

SHA256
554906177b7d34f255eedd097969ae58bfd2fd635a573d76a0c3c4767dd5d720

SHA512
683e5b64c0b0f0501e4080c16ef3b0af09047c888ee08ae8b3337080b6136b62bdb9f141740891ffa853967e0d8fed5c8723f4614e2b8bf9059ec6766f755cb2

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
7c0581e2c34a99e0e6b7b63deb7540d8

SHA1
2ad688b178321284f2eab56ad02ef1d32e7ea46f

SHA256
200d8896a4cf3d442567696ff425b2aeca8b87428173337c4f5b9022ae0d6ab0

SHA512
4e65033131dd98ef1eb39d5da1c3a92b8d4c3ca083edb3db7bf9f555e57285f9f5c63bdc4d24cc5aa63312edd216ebc74c0a7f74ed38783e27998a2c013a496e

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a40FC.bat

Filesize
722B

MD5
48678b1942f639c23711cd2311ad6658

SHA1
98cf21708266aaba10e261f70b7724ec4893dcdb

SHA256
d14fb26aa85932c427f9b7c2436cb26615f476e068874ad3d35895eaa24e980a

SHA512
5e17744cb3b67020976cfed355d686448386520d1fc4971b3d5b187e58833344deb0adf9a4a8de11f4047f2096c9c0ab87cb0aea8442add939413eb414627471

Download Submit
C:\Users\Admin\AppData\Local\Temp\5b97b5d2d6599d18721909ff9e962993350ef3a3e3807f26397df72bdd411299.exe.exe

Filesize
773KB

MD5
e5b1cc095833af067dd9b83d584cf6f7

SHA1
a3049ef18292b8b76be7bc0c0a2016c874cb432b

SHA256
370c80506fd03ab15e2a1f3c16af61756dbee85d681c231399ce0dbc5714fb6b

SHA512
367c99a9dffaf17948339165bab1c6fd7795246b1e3bfcdd4aa6b4c2389c184776fea148d7284f42ea41456775bbaaf93cdf63fbcdf70f6f56bae6fdd31cafca

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
1ce7dcca2c2fc2155d6937b15ce0b068

SHA1
9f3a4b5e1c2dcb090a91f5c1f497db073de5fba5

SHA256
e203a52936d507518a0bd25db2ebd64081eae6a65419621b11b1449416c36dd9

SHA512
de1903033eaf58f4560da89af6ff05eb56b7b8132b479ea3440eaea3c06f2df681eee947acba1b5bc529b8288c0d1048d97d9d6ee2baff5353af4daab69a3409

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2170637797-568393320-3232933035-1000\_desktop.ini

Filesize
9B

MD5
e92b0dcf7d27eb997606ca871d866c93

SHA1
69b76ef532ec922985b95329dbc5133f8d9fa994

SHA256
d0caa78610c77bb9fda1e6430ae7d9859d955dd9b19d26d12e409c8a39e24053

SHA512
8ea4006e99155f3821e05771cd80a7b2172078f77f2d1fe5daac4089809d94bad706d11a1af95ee3ea8d66959e65fe415dee8199ea7e1bf17d0b9f578cdb25ee

Download Submit
memory/2280-11-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2280-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2360-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2360-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2360-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2360-551-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2360-1240-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2360-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2360-4865-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2360-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2360-5322-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download