5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
13/11/2023, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe
Size

404KB
MD5

4302111a17bf69deabfb58f128c71adb
SHA1

c9bf282ed4a976bc9dbbd9da845dd997b800a821
SHA256

5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623
SHA512

d463a0677a6bb7f47d771805ccd2cf9b41d03ea3e67cb52d14c35db56f69135a5b8e93b2d2624675c1b9a2cd6d3dea2a1709b9c31dbc9d029f5d4eec3df09e16
SSDEEP

6144:VTVfjmNKYJDqxN39AkK829a9ZFFxEA+67DTcaBbm3opTGwGrzSSmO5TCchGHLUs4:Vp7+pANd9ZFgA+6Ya4L6ddgR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1808	Logo1_.exe
2312	5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\Json\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Configuration\Registration\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\WinMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\ScreenSketch.exe	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Security\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Solitaire.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-CA\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\eu-es\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe
File created	C:\Windows\Logo1_.exe	5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe
1808	Logo1_.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2312	5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe
2312	5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 1120	3196	5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe	86
PID 3196 wrote to memory of 1120	3196	5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe	86
PID 3196 wrote to memory of 1120	3196	5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe	86
PID 3196 wrote to memory of 1808	3196	5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe	87
PID 3196 wrote to memory of 1808	3196	5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe	87
PID 3196 wrote to memory of 1808	3196	5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe	87
PID 1808 wrote to memory of 2456	1808	Logo1_.exe	89
PID 1808 wrote to memory of 2456	1808	Logo1_.exe	89
PID 1808 wrote to memory of 2456	1808	Logo1_.exe	89
PID 2456 wrote to memory of 4864	2456	net.exe	91
PID 2456 wrote to memory of 4864	2456	net.exe	91
PID 2456 wrote to memory of 4864	2456	net.exe	91
PID 1120 wrote to memory of 2312	1120	cmd.exe	92
PID 1120 wrote to memory of 2312	1120	cmd.exe	92
PID 1120 wrote to memory of 2312	1120	cmd.exe	92
PID 1808 wrote to memory of 3124	1808	Logo1_.exe	43
PID 1808 wrote to memory of 3124	1808	Logo1_.exe	43

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3124
- C:\Users\Admin\AppData\Local\Temp\5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe
  "C:\Users\Admin\AppData\Local\Temp\5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3196
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAD38.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe
      "C:\Users\Admin\AppData\Local\Temp\5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1808
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2456
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
3d155daa199ad799f9ccc932630abcca

SHA1
a4bd194a97e046ddf5ccaef03debce2c79b8fbea

SHA256
49a785cbb804a40b71f337a7b5b820d784b03a49bbe6d859463f7cdb9fd60cc5

SHA512
c50fdff168ce358f32fe9e4e58e09fe74590498fea4849a9c92020a10bb7729778f63e2a37d0aaadaca4a7e9d87d36ac7ddd35dc1fbcd5c1b3b193c77c6865a2

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
484KB

MD5
70b82f36aea0dd0abe1d527580217626

SHA1
eaddd11d94f1eded928da08c5515ab6edf5af1af

SHA256
6f32dd15582831721e81add0de2a0d34d3bbfc34d3a421b7cb99f2e5ace4521d

SHA512
f37c15260f97292620a396309fcfd73cb8ee0777a18a4b40c8e1657ad25f6c2ea3d254760f56d4796dd4ae2ad14cfb097e7be212acc92f8130eb73eaa0986fb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aAD38.bat

Filesize
722B

MD5
ec0d578dac8589664ed495cf7ffea25d

SHA1
996b3f9b3f1bd40f12283454e40ee3dbf8d0bb8f

SHA256
a89533cc8f663455caa95295ce1219da871249627386d72dbe4ac0e2618b5a49

SHA512
0ad9c86e0a8e51a90ee20e720d7b925cd6e52fe41f066070ca462cac7011a330369d211e5a0fbea3402fe010195708e6c3bc882be9080d630a05eeb136b09255

Download Submit
C:\Users\Admin\AppData\Local\Temp\5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe

Filesize
378KB

MD5
00f8f1a85705f7533255d6caf892cc02

SHA1
89de1eeac3e28d27844d29c1bcfb536379ab5632

SHA256
428115181572671d1f6b8e3d21f27705be0789a1c8d8cb01f97a2ac47cff8d93

SHA512
208ff4eb218fe823c5a7b32980c313d7ff661b7966f0313963081f75c5afc0f2b1f0cedfdbc7dde6e812c3e918e21fa2f3a8f566cd58848c71ef5fad87d380d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\5afc9b5085d7b84173b3dc3cc965d1eada75b9ba4249baa7487a68b0bb1bf623.exe.exe

Filesize
378KB

MD5
00f8f1a85705f7533255d6caf892cc02

SHA1
89de1eeac3e28d27844d29c1bcfb536379ab5632

SHA256
428115181572671d1f6b8e3d21f27705be0789a1c8d8cb01f97a2ac47cff8d93

SHA512
208ff4eb218fe823c5a7b32980c313d7ff661b7966f0313963081f75c5afc0f2b1f0cedfdbc7dde6e812c3e918e21fa2f3a8f566cd58848c71ef5fad87d380d8

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
ffa33fa7aa580111297ca0f65115012a

SHA1
d8f8cc29d4acae6d0ac00afd6aa5fcd69677084a

SHA256
07e4b58de5ec7cccbba41baa084ea701296791de10b172ba569732c4ef0ed2ad

SHA512
e92f77f8bef0aa6ad7f04eb60caab9c16c56b027303eb296056facc4d97b80b783a2cd549bf4e902891814f6de8a11a23644c3cfe7a2fa95305bf32043c46413

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
ffa33fa7aa580111297ca0f65115012a

SHA1
d8f8cc29d4acae6d0ac00afd6aa5fcd69677084a

SHA256
07e4b58de5ec7cccbba41baa084ea701296791de10b172ba569732c4ef0ed2ad

SHA512
e92f77f8bef0aa6ad7f04eb60caab9c16c56b027303eb296056facc4d97b80b783a2cd549bf4e902891814f6de8a11a23644c3cfe7a2fa95305bf32043c46413

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
ffa33fa7aa580111297ca0f65115012a

SHA1
d8f8cc29d4acae6d0ac00afd6aa5fcd69677084a

SHA256
07e4b58de5ec7cccbba41baa084ea701296791de10b172ba569732c4ef0ed2ad

SHA512
e92f77f8bef0aa6ad7f04eb60caab9c16c56b027303eb296056facc4d97b80b783a2cd549bf4e902891814f6de8a11a23644c3cfe7a2fa95305bf32043c46413

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3811856890-180006922-3689258494-1000\_desktop.ini

Filesize
10B

MD5
7af371ae7aad351d505f1b26382de243

SHA1
0a19bf0a1ccfb902a03b3da68bdd289190e62f5f

SHA256
4fcc643d52dbc25dd57a011e27cbb0503711cf1a2ad1610a4f9e7b9f17c5bc1b

SHA512
1127b9c88de9e2d58f7a512dd52c31bb9d96b0543f13e4cfff59ca2b73e60307538dd9bcd1c480e6d260fe45b44208a5554a5a60e8c2e3da8385b2cdd0e77d3e

Download Submit
memory/1808-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1808-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1808-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1808-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1808-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1808-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1808-577-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1808-1084-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1808-4646-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3196-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3196-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download