Analysis
-
max time kernel
3s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
18/01/2024, 04:25
General
-
Target
6476bbf019b75400e65de9d79edcefb2.exe
-
Size
70KB
-
MD5
6476bbf019b75400e65de9d79edcefb2
-
SHA1
f2bf1ffcdcaafcf91d9afb94e2f2d9bc723cb394
-
SHA256
14bd4541137ec39fafa313003dbaa93d31ee5c1dcbc90e8287dc279683a9ba20
-
SHA512
070adb617df5e85d460f5ba1c5c7da0a4ced96e80bc4182b780258710406ba7e2b58bb68bff427b352cee012930000dbd706564644ae4f4f43a328a53e611d3a
-
SSDEEP
1536:1LHIlfH7Q6qRBwWa2qxQFZA+j6L0Ww+9:1oS6qcWjqazp6LNR
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 18 IoCs
-
Modifies visibility of file extensions in Explorer 2 TTPs 9 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 8 IoCs
-
Windows security bypass 2 TTPs 27 IoCs
-
Disables RegEdit via registry modification 18 IoCs
-
Disables Task Manager via registry modification
-
Disables use of System Restore points 1 TTPs
-
Executes dropped EXE 8 IoCs
-
Loads dropped DLL 12 IoCs
-
Modifies system executable filetype association 2 TTPs 64 IoCs
-
Windows security modification 2 TTPs 36 IoCs
-
Adds Run key to start application 2 TTPs 45 IoCs
-
Enumerates connected drives 3 TTPs 44 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file 1 TTPs 4 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 12 IoCs
-
Drops file in Windows directory 11 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Control Panel 54 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 16 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6476bbf019b75400e65de9d79edcefb2.exe"C:\Users\Admin\AppData\Local\Temp\6476bbf019b75400e65de9d79edcefb2.exe"1⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Windows security bypass
- Disables RegEdit via registry modification
- Loads dropped DLL
- Modifies system executable filetype association
- Windows security modification
- Adds Run key to start application
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Windows security bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Modifies system executable filetype association
- Windows security modification
- Adds Run key to start application
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\SysWOW64\Lubang Hitam.exe"C:\Windows\system32\Lubang Hitam.exe"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Windows security bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Modifies system executable filetype association
- Windows security modification
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"3⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Windows security bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Modifies system executable filetype association
- Windows security modification
- Adds Run key to start application
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- System policy modification
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!4⤵
-
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"4⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
-
C:\Windows\SysWOW64\Lubang Hitam.exe"C:\Windows\system32\Lubang Hitam.exe"4⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"4⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Windows\SysWOW64\Lubang Hitam.exe"C:\Windows\system32\Lubang Hitam.exe"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"5⤵
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"4⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Windows\SysWOW64\Lubang Hitam.exe"C:\Windows\system32\Lubang Hitam.exe"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
C:\Windows\SysWOW64\Lubang Hitam.exe"C:\Windows\system32\Lubang Hitam.exe"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"4⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"4⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"4⤵
-
-
-
C:\Windows\SysWOW64\Lubang Hitam.exe"C:\Windows\system32\Lubang Hitam.exe"3⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!4⤵
-
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Windows security bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Modifies system executable filetype association
- Windows security modification
- Adds Run key to start application
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!3⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Windows security bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Modifies system executable filetype association
- Windows security modification
- Adds Run key to start application
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\Lubang Hitam.exe"C:\Windows\system32\Lubang Hitam.exe"3⤵
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"4⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
-
C:\Windows\SysWOW64\Lubang Hitam.exe"C:\Windows\system32\Lubang Hitam.exe"4⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"4⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"4⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Windows\SysWOW64\Lubang Hitam.exe"C:\Windows\system32\Lubang Hitam.exe"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"5⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!6⤵
-
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
C:\Windows\SysWOW64\Lubang Hitam.exe"C:\Windows\system32\Lubang Hitam.exe"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"6⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"6⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!7⤵
-
-
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"4⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"4⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!5⤵
-
-
-
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"3⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Windows security bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Modifies system executable filetype association
- Windows security modification
- Adds Run key to start application
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"3⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!4⤵
-
-
-
C:\Windows\SysWOW64\Lubang Hitam.exe"C:\Windows\system32\Lubang Hitam.exe"3⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!4⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"3⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!4⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"3⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!4⤵
-
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Windows security bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Modifies system executable filetype association
- Windows security modification
- Adds Run key to start application
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"3⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"2⤵
- Modifies WinLogon for persistence
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Windows security bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Modifies system executable filetype association
- Windows security modification
- Adds Run key to start application
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!3⤵
-
-
C:\Windows\Black Hole.exe"C:\Windows\Black Hole.exe"3⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!4⤵
-
-
-
C:\Windows\SysWOW64\Lubang Hitam.exe"C:\Windows\system32\Lubang Hitam.exe"3⤵
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"3⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!4⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"3⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!4⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"3⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!4⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"3⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!4⤵
-
-
-
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"3⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!4⤵
-
-
-
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!1⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!1⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!1⤵
-
C:\WINDOWS\SysWOW64\shutdown.exeC:\WINDOWS\system32\shutdown.exe -s -f -t 3600 -c An Error Occured. System Not Found!1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1578136260-21315786022705180671686163461-13123353501013558843-1259675250736403683"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
2Disable or Modify Tools
2Modify Registry
8Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD50c768853d02b5f1b9650057e89faaed5
SHA163ea4f8c4053c8b966d6c2e224ad1fa0947782b3
SHA256541c44ebcb0f68610f19a9845dec03ac149d205a452418f2a38a7a0349f92901
SHA512446c842f38f4507bb0c54325992fcec08c55071ee1ebf3cd559ef60ac1fec8d24493f4bfa57bdbb54e9284f7302164310105ab64e22ddd914d84b1fdf21a8557
-
Filesize
70KB
MD52a29d6334e6956c0787d0bdf56be0a0d
SHA197f6ab09c0488efd661210a7551896aa84e45bc9
SHA2569b276b1713a20b4e15a1c1e00f7baab1fae1a50c45479c8799758224f6547eb1
SHA5120b01d3beca51fc402659fe4341a1802d996d8fb32dcb053003ee5567103301f93b56ba209e9600e1b6957512fce8f7f05fd433e8635f0e41965ab382d0999700
-
Filesize
1.9MB
MD54502c51515045aa02a9dd90dd0b0277f
SHA1bdcc0be9a267658b749af96aafecbd0a35f31c87
SHA25650e723f8ec136796e6a2d6c2cd91940fc3177734a7281d28d0822e451c40000c
SHA51213958eb77715103caabc4998a1879647fb77c414587a6b78043b2ad50029b67f2d775cd12b8860a4fbbc1e1180e73466d15c22037a48db4d476e8fd0faeffb2d
-
Filesize
2.6MB
MD5b3830170ee157ca341668ed47c9963e9
SHA1c9eb2a77da8eafc1ae050c1f47e92c5ddc2972fd
SHA25621ce1dccb1296647578575ac05bec622c672969fc221af22bb3c4c94b1b360ca
SHA512589012b1794954d26a444b378608fcfdab2e7446db18b9b881398eb486ea60bd7102c48ac73ec5d5c2c1154489470593bfaf36569c134e898ee9d157d04a349d
-
Filesize
70KB
MD57fbf65ae60bd70bd04f8116d2be73fa2
SHA10d396b021c18f34e660664b4978652329de8c18e
SHA2560c5dab7b3e5c148c9bc53f2701bffabdd268a5cc24239aa9763256a36d6baa12
SHA512aca3334eef339d4dcfc9c04b2b2b58328448d525efa15ab8d4a0bbe73f56338c88262be808baeedda95efbb178261ae78df0b62bca1862bd514716835d348d24
-
Filesize
70KB
MD5d1642a6447c9c1f88847d3db6f37f29c
SHA129a92100f7db37c6ee3c9cd77024c48b691dcea4
SHA256d10a5921004009796e018bcac938fec9dca5dd0a13540cc59b6f76325d47c910
SHA5127d7ae2a660536290e8572ed84c595e87c704fdbe346791fc71844b48acd408aff3c21566603a948088b74d174a1364c5406d5d896da51026e440e3607f57a750
-
Filesize
70KB
MD50db0a1dd398d96a61650fff93cade594
SHA106ed2a4652cd2b04c14198c97aecc79bee288eeb
SHA2562cf371499bbe9f924343e18e347c0034b1a4549b880f560632c3e63bfea1609b
SHA5128ef8c69fc7c6220f18e872e21b97c2193a8bf67dca2874e3e93c7eda1c0eda8a0312f37d83d854060e25650fa781280624ecb4024f1c27c163869dd24bfd3403
-
Filesize
1KB
MD56635e047c242e6d64b2716d81095bf5f
SHA15def5300f894e58bbb0caaa94680f7735ccd248d
SHA2569757b4f406657c44fcbd40757d1ae06e833a8e1542ca976e6ae63578031b32bf
SHA512c9bae9bf090e7c67fac53d061bb43c2091e991c8f568889463d0c1af8f48652c79c51785c0906705098b418b2d7a4b200580fb44091ecf8bf24d8b1b45a258c0
-
Filesize
1KB
MD5e067dafcbe64a95f5045a281397732db
SHA11af7095f98c486ca247449980000d06b04ffc50c
SHA256b6085ee8c1f2de574973b9f3a7417257e25573c2b5228b5a8f87e3788e2733b6
SHA5121b575d62fee219538f8d624ab833cbce0aee431559a0adfa1e3ce9cd4f5ab8a2887b394843ebf164c884ccbed5687d644474328471b23c28edba8f99ccf08b58
-
Filesize
70KB
MD5c3a9df9cc65317076fc4ba1df5ef5745
SHA152bb940eca5354c8928a2422bcacd9e2cebab205
SHA2560ba5e2ac2d0a10a9ce1ca9584232d5f5bbc4a0c48a01909a589b060bd2a3be5b
SHA512a6421942bf45a45fefbc5230f9115b2e5a0785dd228d3d190cbc090e7aaddf57f30010816ee6a23fcd29e9868d08ae7bd0ddec59460e4a2e34aa4cb7228d6d4a
-
Filesize
70KB
MD59c4a146d323b00a3cb0edcef7178bd3b
SHA11cbf3aaefc9ce44a47255b5a42b2572f6972be4d
SHA256ea9c8210b9f3311c4cb47a69fe875f4a5005b27d6b22a77462d06fbd5fc9b23f
SHA5123d3f197c2cae3355c49b2578a62d2ec23d3151fa5229053ad322e8dc47eb9dcd024ab12a4941a7716c1363bee119d9fcc1c8b8586fad3962098097eb5dabbe13
-
Filesize
551KB
MD567bb3be10efb4e541a9f3283fc149934
SHA1279a8ba284656b05d4ec19828c23ce72170e3349
SHA256d262930a7ead73ea6dd9dd2d480608783601eb3700520b7111a71492ceb6622c
SHA512faf87c593cdaa1a8e06f13a0e132722a71be4be7c37d10ac65722f75af0a6c5d480184df978f086766413e9e586a00493ee2e53f6bc6632ccde2655f308f7575
-
Filesize
2.6MB
MD54abb42b0b8072c7f09a199828f946df9
SHA13f71e74bed509a46c23f8b41011446e412812066
SHA256dace681d4f005ddff778ef6862383f47a23141c3427a144ce77e1ab23aa94570
SHA51249f245163195337eaab56945ea0257a8a01b4aa6a0adcbfd7d4bc37e174e44927c38e4ce3470d9f9f29a487455066a8f7ee15ea7ee8cc0f646e824ce6baf628f
-
Filesize
70KB
MD5c948d560e2d7d9acec6e94ee00e8bbe3
SHA147f6db0ae3abbe7acb0bdc9b1f834ae673f2034c
SHA256bf8192d3a7daa80828eb6790eb9bc063c6b81a3be1d149718904a1a51026a1b8
SHA51228997617283163beaa50969cd6c778da9919e03db3ae61db10a0b3319a17afe5bdb482d525ae9719e37a15e49dc3a58f77df5ead93e6870e8f9d2e6687f4b21b
-
Filesize
70KB
MD5f6b2827788689b4fb1ab81b188502d71
SHA10aac111948e6b126b66a0767954724dea4bfb12e
SHA2562b3e6db39c47dc4ea9f669b733accd9715a082dc2f9190779490efe38b1f6d9b
SHA512f244c90429981e0aeb681a2978589ff8f9209d55c97ed33193f6b5f77a206a4d56198deccd5f9a22ddb893d818107140f72c6d2bdc463e0986da0f5acedcd17f
-
Filesize
70KB
MD56476bbf019b75400e65de9d79edcefb2
SHA1f2bf1ffcdcaafcf91d9afb94e2f2d9bc723cb394
SHA25614bd4541137ec39fafa313003dbaa93d31ee5c1dcbc90e8287dc279683a9ba20
SHA512070adb617df5e85d460f5ba1c5c7da0a4ced96e80bc4182b780258710406ba7e2b58bb68bff427b352cee012930000dbd706564644ae4f4f43a328a53e611d3a
-
Filesize
70KB
MD52eb74659135e5b2cba3338165978e12d
SHA100567299646404ebe8e7ebb506ba490219c97a49
SHA256c7f5d8d9ba9c98fadb9453e31d10abc1770a7cbc27e005f4ba8eaf435a761af2
SHA512ecfff08f8d376d923a6274a013f8dde12b0fbc78c1895e07c6f289fe04d24b2b68fa27879823e1781300b1851cb66209392442f3e21b616a0220b0f8af66dd67
-
Filesize
70KB
MD52efcc3ad040a2ea55a12942c74de04de
SHA17302b280718c006737f73bc02f521ed75f951b9f
SHA25635d2cef1a7bc449971df5b2d39d3d58ff8ab80a386efe1e0575f22f89e128595
SHA51219b9d4c1f55f376aa7d46c5e170e1029ff8a799108360836dafab1f560984e0ef0e763cee34c5b53cbd07e7327d528e221fa0f1697e8e7da781c39abaeaa5ac3
-
Filesize
70KB
MD5fbd8ff32100a997616d70b4af5f258ba
SHA1f8ff7b88661d10ed79e1d78139ceba6b1ceab436
SHA256453f78f329b3b1ad2deebdd4c9f154202592cfedcc9b8cd9fea1769f98642551
SHA5128f794f3ce8f0286e45d7b7a673b9d453156a8760c2e1f2e5a68c8b640a99080524a64c6ef5140cc81de789c7267a478a430430b8cda67b8f7bed78f1961f225f
-
Filesize
93B
MD54809daf962803cad2b891b94c195d3dd
SHA1707bdd28edcf5e9e288959f62d4da8823777ec12
SHA2563468667630714eb86464ecfe903b59a843670ade55b49ac9d653421b91bcf139
SHA512c9c233b22a853ce17731cb3466f7e8234da4e3de0dec6cc48ed15232303d4f29c49770e20a7064ad9329f8d9d27f8d4b547443d837320f58ac230973bb7dd11f
-
Filesize
3KB
MD55c462f1ea2917c0b502ae0761c0f60d8
SHA1c1d15b093b2843528544d77dc0d9d4e3b8a85297
SHA25609c76898e4fa4174c53c2ad514274b5d2ca636ec6f223be5fda4c6135ec4ac10
SHA512e6219ccbabe77a4999ade79c7074753495da9c61d6451c53be34219cc19746ca9a0dadef3b47cd8859cd59604064af5e9fc2a5044780bcfebaaa13dc08c36bbc
-
Filesize
70KB
MD522e946502b7fd84d0066a76418cec06e
SHA19ded02cfd63ed093f39f255d46b04451c8cf27e2
SHA25622c482d18d73af3ab35fe87296da121a5832d3f8fc0d46b72cb83a0a7217c8fc
SHA512b2284444947cf2d7ae792451fe09ccf98f2a9c7ed66dc61dbaeb1cd7b6503331f2465c3524fef90f39a291970a89effe2e034af6c5a271cadbfd4b42cfcb25c1
-
Filesize
70KB
MD5e3eec3ce6126fcaf476391867b5246dc
SHA1befd40ebf8c3d0c131b788951de53e9e455cb13d
SHA2569d4598641c601c729db2a17368efddaf9e3ae7fdb82732dc693993a827edd696
SHA512d650517504fdc45117ae400d235fb276e84b19dbb0199c8a85654a800cb8399a793665ff486e956c9839f1658d414efa3ae66e2c2fa27cda6276fd4c9b417c56
-
Filesize
70KB
MD5c8bcac30f45bac10572c961771b64df6
SHA1a5655c9dc3506feba6e6d3bcaa99859f08ab2f30
SHA25637f4fb18bf33c4e8cfeaca7b6b8a47febb7ef7c3e7faf1bcb144bcff98cd3562
SHA512ae1a41c620c8aa33f42228d50c4e58b1bc3d595566b37f89a516fbefc078f910a9e757bd555cf03b51ddf3f00e8bfed09d605b39ba80fc4cd1efeaa2f535153e
-
Filesize
70KB
MD55934d40b0cc748ac73715f6d9fcf03bf
SHA1e0d7464614df25ac503aa4d2bb4ab64bd21b73ed
SHA256317e08a08850856e0d9026cf687875b6011a1aebc8a64557b2a7fc8688df305d
SHA512b016092c4b13ad4e938959f238791c4b84b95cfa057531ed7487784920be636266d2103f1773d17199d66e0aa043d0d1ced7e3365d3a6bc68b52034373ab3b98
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
8KB
-
Filesize
432KB
-
Filesize
432KB
-
Filesize
432KB
