de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe
Size

173KB
MD5

592234a2317ba22029bb09420b4690fe
SHA1

e67ef09c5da79da773e1b130d378213d7ebc9385
SHA256

de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d
SHA512

cacf9401b49f8d7201a0236cf2961ffbbdf7519e92e9f37b84319c639f27199a810f746d23a004a72469fcee49265097270db4c555ccff24816b49d1d4b37b6a
SSDEEP

3072:XftffjmNfpDBAKMk0gAN4lgOjCFQ2nf6bdtUNhomcN8KPqD:PVfjmNffMPgwIyNSb/Yhow

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3384	Logo1_.exe
2108	de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\plugin2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.175.29\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Views\Utilities\Styling\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\Visualizations\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_2019.305.632.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\YourPhone.exe	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\WinMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\rmiregistry.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ckb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-tw\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe
File created	C:\Windows\Logo1_.exe	de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2144	2108	WerFault.exe	86

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe
3384	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 1776	4512	de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe	80
PID 4512 wrote to memory of 1776	4512	de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe	80
PID 4512 wrote to memory of 1776	4512	de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe	80
PID 4512 wrote to memory of 3384	4512	de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe	82
PID 4512 wrote to memory of 3384	4512	de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe	82
PID 4512 wrote to memory of 3384	4512	de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe	82
PID 3384 wrote to memory of 2508	3384	Logo1_.exe	83
PID 3384 wrote to memory of 2508	3384	Logo1_.exe	83
PID 3384 wrote to memory of 2508	3384	Logo1_.exe	83
PID 2508 wrote to memory of 4340	2508	net.exe	85
PID 2508 wrote to memory of 4340	2508	net.exe	85
PID 2508 wrote to memory of 4340	2508	net.exe	85
PID 1776 wrote to memory of 2108	1776	cmd.exe	86
PID 1776 wrote to memory of 2108	1776	cmd.exe	86
PID 1776 wrote to memory of 2108	1776	cmd.exe	86
PID 3384 wrote to memory of 3156	3384	Logo1_.exe	50
PID 3384 wrote to memory of 3156	3384	Logo1_.exe	50

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3156
- C:\Users\Admin\AppData\Local\Temp\de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe
  "C:\Users\Admin\AppData\Local\Temp\de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4512
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB824.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe
      "C:\Users\Admin\AppData\Local\Temp\de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe"
      4⤵
      Executes dropped EXE
      PID:2108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 188
        5⤵
        Program crash
        
        PID:2144
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3384
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2508
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 2108 -ip 2108
1⤵
PID:4616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
0d4761cf7636b373c15676e6d9452f06

SHA1
7f9e3feb42bf97ec56438631d7cb91b4d0f56524

SHA256
77548fa3351e09c7e43805e80b704810cfd2fce393f320ab43c04bea6ac7e0bf

SHA512
62d6763a29750cb6e7ee55764699b20e2cd67ced26abbd9ba4b5554906d0dc432c3eb75522e2dee77e5a5d082ff297e21602c22049d0b45104613d1cc7c01e25

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
484KB

MD5
c2e39e25a0b53ef865b3a502946bd13b

SHA1
022a2e2bfc789b468d89290e62c687a2891ea37f

SHA256
de60f108d11f2a0a8d3d427c3b283101164ea0e22e5b8787b52f211a5d917090

SHA512
32e4d31973e7b8565eb6fb6c568c352461c435435511bd1cee138b55392192eb84a395658c9508d6938d6b2f76d7146ff45a64f6f54e74244e9590e8d1a4602f

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aB824.bat

Filesize
722B

MD5
0f51886704160a90ee7e677fb71a56f7

SHA1
14cff24334aaddb72e5c0d9a89843787f085f37a

SHA256
fccd83aa5d89eaebb30628ba20472c51d2a774a1fa3bffa62d142f8634383597

SHA512
cd01c5117b0ea4c1cf139914a152533e664dec92a6eda5bc250a30165a692b14102a6b6d0ea254e459a5c09f88ad60dcf5219eb9ac92bb4ee0076e0eb90ee97d

Download Submit
C:\Users\Admin\AppData\Local\Temp\de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe

Filesize
147KB

MD5
147fe284ae058482289c4b5fffc0071a

SHA1
06ed8cf0391122509e64add943a0f481899f1119

SHA256
10ee7c5e152a6445289aa4a90f2f96aadffb5767ceca2d2a9dfd826da59b549d

SHA512
e3efab9ca462e49dd57d3ec9fb1b9e8ba2dce8e0d9313581286b7ecb3c81f74a7c24864435bb7b8e11aa6b6c1eafbc2303dde082e386e4df210ffe581bd991be

Download Submit
C:\Users\Admin\AppData\Local\Temp\de1ff69ae086eec05daf0ff50a82d1bce005e91e63f9ea574c401554b077c83d.exe.exe

Filesize
147KB

MD5
147fe284ae058482289c4b5fffc0071a

SHA1
06ed8cf0391122509e64add943a0f481899f1119

SHA256
10ee7c5e152a6445289aa4a90f2f96aadffb5767ceca2d2a9dfd826da59b549d

SHA512
e3efab9ca462e49dd57d3ec9fb1b9e8ba2dce8e0d9313581286b7ecb3c81f74a7c24864435bb7b8e11aa6b6c1eafbc2303dde082e386e4df210ffe581bd991be

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
08e114b25aeb020094e7dce7eba9e065

SHA1
7e8557ad96037d61dfd290b75c28bd9473a33619

SHA256
79e1b456ae93204e57403b1622a1f5e60246f0a3fe3e6558a19890a49369ee99

SHA512
a2092635e0ae982faf40365b4478ba734e207f37c4dc578fce19d0114f8f552f709b027a150463a12cc321be9aea1b84194aab9ca55ee6afe24c2c23fb80f845

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
08e114b25aeb020094e7dce7eba9e065

SHA1
7e8557ad96037d61dfd290b75c28bd9473a33619

SHA256
79e1b456ae93204e57403b1622a1f5e60246f0a3fe3e6558a19890a49369ee99

SHA512
a2092635e0ae982faf40365b4478ba734e207f37c4dc578fce19d0114f8f552f709b027a150463a12cc321be9aea1b84194aab9ca55ee6afe24c2c23fb80f845

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
08e114b25aeb020094e7dce7eba9e065

SHA1
7e8557ad96037d61dfd290b75c28bd9473a33619

SHA256
79e1b456ae93204e57403b1622a1f5e60246f0a3fe3e6558a19890a49369ee99

SHA512
a2092635e0ae982faf40365b4478ba734e207f37c4dc578fce19d0114f8f552f709b027a150463a12cc321be9aea1b84194aab9ca55ee6afe24c2c23fb80f845

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4176143399-3250363947-192774652-1000\_desktop.ini

Filesize
9B

MD5
4a4922bdf377baedb0460540a7e52405

SHA1
82789c7c3ee038da34ac62e38ddde0fe667d52ac

SHA256
589848447b17adf03dfa9db6e17b5ec00d1fabf203fa496bae29ed64764a052f

SHA512
fe635f97709f5f3df9290c6c53a374351481f13aa45105f48fe3709c15532313eb4d032eed20f2a278b9837c84bba9ba7a7fa2d83cd2a1e3adc0bc930d40c2a1

Download Submit
memory/2108-20-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2108-18-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3384-44-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3384-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3384-29-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3384-35-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3384-39-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3384-154-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3384-1281-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3384-3882-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3384-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3384-4823-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4512-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4512-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download