d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2024, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe
Size

168KB
MD5

56d6894cad03e4beebcb52881b5a00d6
SHA1

b23ce0a18492a99214ebeae061f706fd3e62066b
SHA256

d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2
SHA512

49f64c412a2746f5b7b42a89fa071c6358e698821a377f7bfa0cedb6cff68386ede82afe467392c0535dfd1489561774a7c0c324f3d46539107713e656c1c3d6
SSDEEP

3072:pAkuJVLUbFnBS1RkLRXo1ID0NBi+fgKwJP:7uJSbFnBS1R8gq0NBi+fk5

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4048	Logo1_.exe
4740	d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\bin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2019.716.2316.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Extensions\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Resources\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.UI\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ca-es\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe
File created	C:\Windows\Logo1_.exe	d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2492	2396	d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe	84
PID 2396 wrote to memory of 2492	2396	d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe	84
PID 2396 wrote to memory of 2492	2396	d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe	84
PID 2396 wrote to memory of 4048	2396	d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe	85
PID 2396 wrote to memory of 4048	2396	d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe	85
PID 2396 wrote to memory of 4048	2396	d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe	85
PID 4048 wrote to memory of 4468	4048	Logo1_.exe	87
PID 4048 wrote to memory of 4468	4048	Logo1_.exe	87
PID 4048 wrote to memory of 4468	4048	Logo1_.exe	87
PID 4468 wrote to memory of 2060	4468	net.exe	89
PID 4468 wrote to memory of 2060	4468	net.exe	89
PID 4468 wrote to memory of 2060	4468	net.exe	89
PID 2492 wrote to memory of 4740	2492	cmd.exe	90
PID 2492 wrote to memory of 4740	2492	cmd.exe	90
PID 4048 wrote to memory of 3532	4048	Logo1_.exe	56
PID 4048 wrote to memory of 3532	4048	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3532
- C:\Users\Admin\AppData\Local\Temp\d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe
  "C:\Users\Admin\AppData\Local\Temp\d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7791.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe
      "C:\Users\Admin\AppData\Local\Temp\d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe"
      4⤵
      Executes dropped EXE
      PID:4740
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4048
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4468
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
247KB

MD5
f537715ad85e4c5a0f5ed97b1359ce3d

SHA1
95d87bf3cc71975bbc031b72d982a411f3555d7d

SHA256
a1e6085a6fc331e5cb8b365a324f8c6f0d9b1ca1da17bbb51611234ae8079fa6

SHA512
94d558a6c1de556039ebbcdcad0472a4959b280d8eca080f0a8c2b133d7e07d0e479007cb9d4d5306aa030e7de1891bfd8c174dfd5ac4abb07975eda9e3ace9b

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
b5fde048c1a71ba4865766570c9e31d4

SHA1
9d366736c1b42c5eb330e7bde09b287816a11fdd

SHA256
5923fcb6f6125bbef33c62862625e8e78ab0156ffea1da268988934b6673c4db

SHA512
d33393b007eb7fb8f7e86dde26a75a6bb025decb1ee3940278869450f9f12bc427cda8a8bc40f185e56c8f1bd8e1dbc69b8e909ae20bb433ef464fda049a4a8c

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
551ae9e9cc67cf901529ee2c39004dc9

SHA1
85bd72021e0e2bb814841df681bb4087a7cb0912

SHA256
47463035ba0f56730a31dde07759fe59fc3dcc23acaa0f7689e40cd6db4f824c

SHA512
fa580913e4ad72e919ad24e5170a00acbb533b79eb767ace52c645ba51ddcf9636c18392b629a8f50f6f581519e38d8fb2dcd671d652c52faa5e29001dd3192a

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a7791.bat

Filesize
722B

MD5
06b18d906486dd14094fefc98659ec9f

SHA1
35aa42ceae813e0a75a8c70b2e39ecf80a0e327f

SHA256
de17f247295f6246aa0d377d980581ccc54619aa0ce7fc9dfcfd7791409cd333

SHA512
c9e777bd02fef9509d89f7e89b3528a26320a66fb8925df7265728c84645c62c880257ad83c249e887e1dfe16a3aacdd1a34c850335c93e02db00937a8b244f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\d81027e41501c7e8f97b1f5653b816ffd3b0c0ca2a706c61a0a959c877cb55e2.exe.exe

Filesize
138KB

MD5
b51fb63223915f23c60adc580c9a0531

SHA1
a22bf33ac2769c31c922c45f314b4d6e42ed77db

SHA256
b9eace03c8471717e3f98873527005dbd9a92367b954f8c48484d2b7b78efbac

SHA512
cd72aac2128c48c34568db1ac7b33e6934f31f473278426ef2acf9cd4df545dea8424bedf79340eb74a966ce39a3a7d9910fcbe456047d83330c62761644194d

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
b597a8fe712fc5bbf5cdfc3c601aaccd

SHA1
c9d85f8c12bb53976ffb8054ec04f98aa582c386

SHA256
46b3f5e82795e0730bdaacbe6ddb2100ff8cc506dd96b895beceef106dfc18a4

SHA512
af3f75224d8217e171f537aab78b0c4bb2b54612d0e5b33fb26c24305d44df7f641c3161bfd439aaeac421c2d4df237e6170a9dd27b86e1dddc517b1213c5298

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1045960512-3948844814-3059691613-1000\_desktop.ini

Filesize
10B

MD5
52a225cec34530c05c340f9ae894aa31

SHA1
d6553bc25b5bc40447184e9dd520dd7c88f5c2aa

SHA256
bddf98f152ff77575c277b91c8f7aa5f69973cd3bfe7aa55ebe61b7d3df17fab

SHA512
726f8a96e3dab9ec548bda81a01dc3e0d93afa2363c76c4bf639de4b0471f8a43a8e32e90b230b95639e82b7daa8da3e8d9c848755e2b58398aa48e46e5ba5b5

Download Submit
memory/2396-11-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2396-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4048-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4048-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4048-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4048-787-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4048-1234-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4048-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4048-4785-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4048-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4048-5254-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download