d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
04/11/2023, 11:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe
Size

79KB
MD5

31e4e02d3c2f02437a484adef87423eb
SHA1

75142bce6720b83c075c3b6998d1b25843424023
SHA256

d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac
SHA512

6b80852107f85b2c9ad9a8abc78f24d260cc2c9edcec8b2015b97a05b40d3efd1112ed5fb3668c0ab6d673867bec07ace130943966037c8a7ff940974eb04841
SSDEEP

768:21ODKAaDMG8H92RwZNQSwcfymNBg+g61GoZwcmYDVZjMJwXl0gF1ytpnLMd:wfgLdQAQfcfymNVDXMJM0I6pnLMd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3444	Logo1_.exe
2600	d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\whatsnewsrc\script\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-IN\en-IN_female_TTS\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-GB\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\nb-NO\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fil-PH\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-Toolkit\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Defender\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\server\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\id-ID\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\cef\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\es-es\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe
File created	C:\Windows\Logo1_.exe	d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe
3444	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 4464	2088	d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe	87
PID 2088 wrote to memory of 4464	2088	d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe	87
PID 2088 wrote to memory of 4464	2088	d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe	87
PID 2088 wrote to memory of 3444	2088	d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe	88
PID 2088 wrote to memory of 3444	2088	d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe	88
PID 2088 wrote to memory of 3444	2088	d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe	88
PID 3444 wrote to memory of 3620	3444	Logo1_.exe	89
PID 3444 wrote to memory of 3620	3444	Logo1_.exe	89
PID 3444 wrote to memory of 3620	3444	Logo1_.exe	89
PID 3620 wrote to memory of 1356	3620	net.exe	92
PID 3620 wrote to memory of 1356	3620	net.exe	92
PID 3620 wrote to memory of 1356	3620	net.exe	92
PID 4464 wrote to memory of 2600	4464	cmd.exe	94
PID 4464 wrote to memory of 2600	4464	cmd.exe	94
PID 4464 wrote to memory of 2600	4464	cmd.exe	94
PID 3444 wrote to memory of 3428	3444	Logo1_.exe	39
PID 3444 wrote to memory of 3428	3444	Logo1_.exe	39

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3428
- C:\Users\Admin\AppData\Local\Temp\d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe
  "C:\Users\Admin\AppData\Local\Temp\d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7ABE.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe
      "C:\Users\Admin\AppData\Local\Temp\d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe"
      4⤵
      Executes dropped EXE
      PID:2600
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3444
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3620
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
548ddcade423bdb543717d8073ac88d5

SHA1
0210f769b1b16ae5e569e65e20fafbd12f2d0e04

SHA256
052524488f71bf143183bbf817657f609e226b2830071e8dea7fcede4c0ec052

SHA512
8576336e7eb0b1132dc5c4eef772ba5f9b57844173f17d9c5cf1fbb09afa443313a1675fcd03e028c592ecc59d0f52ea44529c58f721ccfc2bc958ae292bb0b0

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
484KB

MD5
f9befaf4b2a3fea22216860449f7e862

SHA1
2906ce4e65cab286fdbb706c4380eab2083f3825

SHA256
1f117544245400d7cd378da287f788766d7db882279f1786c43e82324f8dee65

SHA512
75ad6493cc9c0de631036418546e71715d222735a7603ae48ee6c662e3b7299116df7e4a5bae016af21da1d675131456479fcdd1feb0af40724ed6c2f89583d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a7ABE.bat

Filesize
722B

MD5
f64760621d3b7436cfba4cebeb5ef93c

SHA1
03694d97eb0ccbefc883a0d609cc2fa9c687bf08

SHA256
8484f5344a7bf6499f7368f8d6a3736e149e7d6273419755b0c702a933344c4b

SHA512
b972424fedc13fd30b1fef7f404bf6b3f851643704e0f73c49c627d3d0d7eace496d77c9e5deeb8d0a02cffe866d8a9bc2a4d7deeef7662bf0bd9905d55dfcea

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe

Filesize
53KB

MD5
fa4ccade686d9a4a3620ec3333e5fa1f

SHA1
86e7398ebd92c145772e0812a451fc169e7fb79a

SHA256
86d41b076ce41684d141c16d617015dc099c20a9c774c340def1ecfaa46a1bef

SHA512
c4ea61e6cc98d2e95fdb0c38a47c324e693f54b0856460e8f1194c340677d291bd7765baab3759c928ec6e34d6809a546d619fad08edd8bf2dac8d88c2d3ea92

Download Submit
C:\Users\Admin\AppData\Local\Temp\d9e39ae160b091d90068dcca6fd239129bd4bca28165b373a9e99dc75c4005ac.exe.exe

Filesize
53KB

MD5
fa4ccade686d9a4a3620ec3333e5fa1f

SHA1
86e7398ebd92c145772e0812a451fc169e7fb79a

SHA256
86d41b076ce41684d141c16d617015dc099c20a9c774c340def1ecfaa46a1bef

SHA512
c4ea61e6cc98d2e95fdb0c38a47c324e693f54b0856460e8f1194c340677d291bd7765baab3759c928ec6e34d6809a546d619fad08edd8bf2dac8d88c2d3ea92

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
bf432bacde0b936f7fd20c466ec0bfc9

SHA1
aff70b2cb9c409e3b63e7fc33f132441edad86db

SHA256
5d2e80c8e42ad3cf43ca754fb4597753ec8d80fc7d027e11f43536dd2f88d39e

SHA512
c134428f8da55038acf63eaae12357060574e2f062befc57c6a69c6833ab10a4eb08c6f36cd6433de1538f2b5b09ef8bb74acb8235856a5aac024914165c1a1a

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
bf432bacde0b936f7fd20c466ec0bfc9

SHA1
aff70b2cb9c409e3b63e7fc33f132441edad86db

SHA256
5d2e80c8e42ad3cf43ca754fb4597753ec8d80fc7d027e11f43536dd2f88d39e

SHA512
c134428f8da55038acf63eaae12357060574e2f062befc57c6a69c6833ab10a4eb08c6f36cd6433de1538f2b5b09ef8bb74acb8235856a5aac024914165c1a1a

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
bf432bacde0b936f7fd20c466ec0bfc9

SHA1
aff70b2cb9c409e3b63e7fc33f132441edad86db

SHA256
5d2e80c8e42ad3cf43ca754fb4597753ec8d80fc7d027e11f43536dd2f88d39e

SHA512
c134428f8da55038acf63eaae12357060574e2f062befc57c6a69c6833ab10a4eb08c6f36cd6433de1538f2b5b09ef8bb74acb8235856a5aac024914165c1a1a

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-984744499-3605095035-265325720-1000\_desktop.ini

Filesize
9B

MD5
6029ce528adbc1284163cdd2b27a082e

SHA1
a2f23e1d5101c3b6929686a2d5711c2af2dec1b7

SHA256
5036deecfbb090aa7f7c21c159b1921df0cf23eedafb7e0c208668ad82872dae

SHA512
a661e939e69a59f88fd86fa654371ba4b3e3e8faf5c1b39bdaa0def8b277b26b63e96d4f5eb047ca3d8888597165dc709f395eeaf333c25c9cf56441c31dd676

Download Submit
memory/2088-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2088-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2600-19-0x0000000001000000-0x0000000001013000-memory.dmp

Filesize
76KB

Download
memory/2600-21-0x0000000001000000-0x0000000001013000-memory.dmp

Filesize
76KB

Download
memory/2600-18-0x0000000001000000-0x0000000001013000-memory.dmp

Filesize
76KB

Download
memory/3444-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3444-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3444-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3444-45-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3444-51-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3444-30-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3444-1088-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3444-2123-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3444-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3444-4640-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download