Analysis Overview
SHA256
e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3
Threat Level: Shows suspicious behavior
The file e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Reads user/profile data of web browsers
Deletes itself
Executes dropped EXE
Enumerates connected drives
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Program crash
Runs net.exe
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 05:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 05:37
Reported
2024-06-14 05:40
Platform
win7-20240611-en
Max time kernel
149s
Max time network
122s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Indian\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Mail\ja-JP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Journal\de-DE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\gui\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Install\{9DE7027D-B8EC-4BBC-9990-0AF535C09D17}\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows NT\Accessories\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\stream_out\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\Visualizations\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ky\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Help\en_US\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Hearts\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1033\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Mahjong\de-DE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Help\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Purble Place\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows Mail\fr-FR\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\fonts\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Solitaire\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Drops file in Windows directory
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1DAE.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1E3A.bat
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2156.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a22FB.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a255C.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a276E.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2848.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a29DE.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2B83.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2E60.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2F5A.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3266.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a340B.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a34B7.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3514.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3582.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a35EF.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a363D.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a36D9.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3765.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3811.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a38DC.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3949.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3A04.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3A90.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3B0D.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3BE8.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3C36.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3C93.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3CE1.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3D3F.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3D9C.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3DEA.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3E38.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
Network
Files
memory/1912-0-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a1DAE.bat
| MD5 | 7fd25f830e516b82443bf7ef6f5fbc8a |
| SHA1 | 18af66283e905f5ef4a0e584599d6f68c0bfd847 |
| SHA256 | 9be21d0e376e011d18b2c0cddc4eda49316396e6ef5aa6b7e8fd1f7ad760f77f |
| SHA512 | e9effe35977830aacde1cb7fe283c95e931f2958ad429f9d01588766b8addb2d3d6aa8ba81b19f30a29c2b66d78a77255572cfcb4d02c01e044827877d0eb2bb |
C:\Windows\Logo1_.exe
| MD5 | 4db33aca198f9e9afcc012cd7ea077e1 |
| SHA1 | 6b4b21442dd5091b5d3f586dbf860e0d674f60f9 |
| SHA256 | c1d47f6a5ba1a75b76b8826c21596cc74e342b014b7b559e9d20a403d2bbe1d9 |
| SHA512 | 9a6f36bc295d81e866ac2c2105efff604d1ff065f5bd86e361d1f7538fdba5b32ae6faf671f1b6aff13b112aa7bc8011bca842d554e1091b1aa073c58f3d3a78 |
memory/1912-17-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1320-19-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 3df9284a7a827e96c982aa7dbb0a3449 |
| SHA1 | 2364b9dfdf30587617efdecedf30752aaf1f2c72 |
| SHA256 | 91998a5238603af52e99cf9ebfb764599efacda3dc4373682b7705659888cdf4 |
| SHA512 | f90a6a0ed4973f63dbc467c8d954b559cd297873899d98468e88b13d3bf4b922303ebafb732cd532178ca17b192831e5629480382e23add180c2345a4b4f17d0 |
memory/3064-25-0x0000000000110000-0x000000000015D000-memory.dmp
memory/2600-38-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2600-29-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a1E3A.bat
| MD5 | 202e011d9ecc462b02e1eb221ad42ecb |
| SHA1 | 92ffa5b2c0b3796cce556c3bde14a727d46c4cb2 |
| SHA256 | 15dc93fc9cd5852f84f4f91e673a80215397f780219613ce98b4d45bc9240a0d |
| SHA512 | caaa44bfca6bade47268d6322b2e52cbe938f2765e3ab9858a25b14084c04a380c215d3d52bc1da633ec9980fbfceea6197dcf24a6c535a45042567e61e6af87 |
memory/3064-28-0x0000000000110000-0x000000000015D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | f2c91ec5a712982aa22be52f8d7f2755 |
| SHA1 | 716c4feb2523cbdf1ede42ca0f2cbd1318d79d24 |
| SHA256 | 91a00511132f54629ff39f85651dff382d09572f5270060f1d11da33489279fc |
| SHA512 | d0434ddfc8dc21019db99c423eda22f5aae3e3a377d9b719fb57ad77aa7c81c4eae734213d6665f2b828ebe12fe1c5b945e758b99395c97f103fc0276abe672a |
memory/2728-42-0x0000000000260000-0x00000000002AD000-memory.dmp
memory/2536-45-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a2156.bat
| MD5 | a87e9ef485ab5b2494c0eb8cd275ef56 |
| SHA1 | 9cbe856048c8f1a5cbb94af6cc1424941ceb3472 |
| SHA256 | aa80c4628e9b53dd7a4fd36800baee84bcd5ea597f68e8a05ac19186c03acf84 |
| SHA512 | 659165ed7ed969b8336f49607a74d17a456aad92fed51f9222d31ab81085abd5c5d53e7a7345a3b13c98940c469b199bd7b858a5e42fabe23739c90eee23d229 |
memory/2536-55-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | e0a2a952b40cd65b09b9687e6c38d4d6 |
| SHA1 | 729e185aa0d874f30f53cd6887b6b07d657ba403 |
| SHA256 | c41b1a583ee13a59c30ba021535121768346236b30d600a9fa425c861c64c80b |
| SHA512 | 5eca4c4fc005d57620d67a175db3705f52e344b3bfdbbb1b1e6c23c21cca2d0866332b361dca4f9cc5b7c3a917aee28147a759e800700b1ff99109316f410297 |
C:\Users\Admin\AppData\Local\Temp\$$a22FB.bat
| MD5 | 2be3424d8be3e3ba96c9358273c6f423 |
| SHA1 | caf7c61c893e693a7c68773936ac4c2b2d46d1d3 |
| SHA256 | 1807da6bda1eb5ccf328f6e8a21956ef95a702dec24cbfd4683b0e9114a063af |
| SHA512 | 8bd7177c1c3070226e0f03629dbfd7bc2529e0022d6c45e3df37f013a1e2c6d7adaec7788e97faaaead07b8b5e4011238ea35bef8a6a11c4197723732a87d1b2 |
memory/1952-72-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 960bdf3af50b67e8949e51fef440063c |
| SHA1 | 2601eeddc1104f9a03264dc5775c26bd3e5c67ee |
| SHA256 | 9a62439938a78c883a7339dd331f2a6968be4d587109597f998030f35c44c0e9 |
| SHA512 | 7f6d050122b3262a47494e28d7ac8419f834351ad90c6d2695da1b0601eae91d367ed81d4fe1ce8c32a4a76c8054009ead94e0df61d336d7e3d9047fd309d05b |
memory/1192-76-0x00000000024C0000-0x00000000024C1000-memory.dmp
memory/2848-80-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2848-83-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a255C.bat
| MD5 | c9b6bcffef7ae3e2965fb998c8aa6a46 |
| SHA1 | 62024ac6a438bd66055b4095ab82e874c5ccb694 |
| SHA256 | dd4afdf7ef37273335fa33a33b9c3238599d81d715a27e7e228ed8cc6da3b68b |
| SHA512 | 3887d652cbe982c0d3d27fa855415a5b413cc5ede9b1e1bc849a8086798b8118621982cdeee42a27a15184a3f7494cbe313219d1fd1f0632daf032bef7a0ac3d |
memory/3004-92-0x0000000000400000-0x000000000044D000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-1340930862-1405011213-2821322012-1000\_desktop.ini
| MD5 | 03c36dbecb7f35761f80ba5fc5566da6 |
| SHA1 | 159b7733006187467bda251a1bbb278c141dceb6 |
| SHA256 | 85a53f5b976fb1c26ce14c31e93c1f68997d2d8b09ab9aa2b7e0d32b8e50ec3b |
| SHA512 | fe573085d2abef34adcede2f89b1c2810875ab00ef9ba27a1d95ed1dbe93e182fc53d981901a0b8048dd4eb5fdc852b8f0e0c3a0e1a404cbbe70e13a7a14104a |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 70682aa162f988242c6c43dc229440a4 |
| SHA1 | 7340d30a395f6d8972ead90822e871cc9ab98e63 |
| SHA256 | ab1cc4d7870bcbdc6596c3a3a74459c85c7ded14732a7fe989cc0540957861ab |
| SHA512 | 9eb94dad31f6bad53e95e9420002253b5d6893a85ae59639a952d9b51a2c6ca30d858231224b4df017d04b036cc7d0a36d29c5c34e75377b6e14bb2430603eaa |
memory/1320-104-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a276E.bat
| MD5 | 5a18dc1a7226ff0a9d576eec84b0f1c9 |
| SHA1 | f443d721dc1a5b4adb2a4636288ba9379b7759f7 |
| SHA256 | e20e42b75ce6b6d94426d6aeecb8b617841c08d57f65bc948f6699d75dab3f40 |
| SHA512 | 81cbb5de9c35c80a6e80f000d673d26e5f43e4940e652fe042983d76b83cd7037344bea322d41478183fe3f11e6b376b5ac69a948a22dbe55274fe9196a90974 |
memory/316-114-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 15d42442c0ad97c6db1af59024293e36 |
| SHA1 | 912a692291d0c4eda041f1c423978739c5380585 |
| SHA256 | 6ca7a0c9f3e9383ff5512a05422eab5b740b5b02f65a79df177aa8658557f371 |
| SHA512 | fa83623a4472e94edf6602310265906634f2b6d6cedf76840d830d82403a7af4f6de351df08abf1adfb162374e9b8ef28c2d03eb8ff54d53afd937411d019378 |
C:\Users\Admin\AppData\Local\Temp\$$a2848.bat
| MD5 | 874f536e8585fcb0c9a2e361f6c3ae3c |
| SHA1 | 14a7ed93ddde798ff5e0db2461bd8e6431f7b881 |
| SHA256 | 23fa6836224e2f4ae47873f63fecfe994e3bbedae51f873752abc7bffcb75ec8 |
| SHA512 | 62675787bf3fd81b287ea01f9d267ff98acc734710bc757c792dbe21705da458a5b5490ea9db6488c7ade15e3a262d633d1d91562c0b7d26cfa7f8804d048cad |
memory/800-128-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 8a23794c3ca60b8647fd9bc6d1c0ec95 |
| SHA1 | 1746dbd9a43ab61cd8c1bf882a864a42a86436a0 |
| SHA256 | 01cb843f82dbdc3d1caf47c3a41fd01dc0dc4ac028cbcb7050c7020e73542b53 |
| SHA512 | b3ecb49ced0984140734afe14cc7887c865386454c8891be1f14f0ae21690379da7fdbebe6ba6f45f43c2b7d6d934c9bf384bc5bab733bd8b1a40d3d9117a554 |
memory/2092-146-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a29DE.bat
| MD5 | b8f11dea506f63c57e9634bc226ee87c |
| SHA1 | f6ac88a6c3deb32b784bad5a4697d3d0d6c151da |
| SHA256 | 3f986503a39b71e5ff445bc43ff2bd7a08ac0b9762154d87a1a7afbd08250d9b |
| SHA512 | b530a5849e9dce5991f6e6fbfd42b5b45a13f5515ae7387f8644216c6fc7c62f1ea4d3372e2b78242290dd11f647d236769e9f6136f3c7824811319c1a50c532 |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 3678d22d597811c8c241c18ae51d826a |
| SHA1 | 5b68eb3ea0db72cca60f09321e8592c3d1b01107 |
| SHA256 | 8f59ab94c1cca3315f84864afabe9d348bc7ec79ce7723d3e195e5140d1f98ec |
| SHA512 | 9a0f2d50cfc58613439d7f5ad80390a112f5f9e160e356f911cd89f32bedb52d8543e6d4849dd61c036342cf98f96cdd497c9104a5b50c945d7ec3f855e3bfda |
C:\Users\Admin\AppData\Local\Temp\$$a2B83.bat
| MD5 | 075b9651460a67b7a054d9665fe90065 |
| SHA1 | 1eb05aa80f53a7b27c81f2a254607ff472e436b5 |
| SHA256 | 9f3a39e9eb970e57b27b5fc8858cc30ee1dffa5c4f878f6fd2630a84bfff01ff |
| SHA512 | 2da60fcc06e529e85886e9cf96e29877437246130ab2dfd39a0e818ba879987c85d86c4634d863cf2190f765492747d3b230dc01b578831753b1344a5602bb9c |
memory/2276-161-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | e1742b7f3dcc8ff7142d041edab0c33d |
| SHA1 | d3c738b7723a34c56b557dbe0b596e174619bc72 |
| SHA256 | cd36cf506835c5b3f7f79364e66fa077843d0335639236bd6322a17f456fd43c |
| SHA512 | 8c3f7ed952d576957e65a99af3ccbf532ddf3465e426ac851178777220dbe279546dac7499c2c60624f324031a5b36adddc665ed24233f537b852010f1b14464 |
C:\Users\Admin\AppData\Local\Temp\$$a2E60.bat
| MD5 | adba8048b98dbc9be85e4a08339c1513 |
| SHA1 | 9e3da61ad82a44b4d8dcf8d50c97d2b90baba66a |
| SHA256 | 019c0afa9ab57e492c02e5c51f6c95633555ed52d1855c15cb0b9504b0d42c1d |
| SHA512 | 60fdab6f654c68a94c22153894f4d566f40e06b1955aa7cb69796601435b69aad4b2d85d7ce17229f5c1aa19932e1a3ac232217e7fe5218e51e0937e4d28202e |
memory/1096-217-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | c7f6fb6839fe5c06d91f7b24bd1d3099 |
| SHA1 | fd7c2ca06bb0cdf05786ebdd1a6ed2dd41bb5ab0 |
| SHA256 | 2192d2448c01035c4ceb65155662b2d7cc2676533cf911f5fbb913109b8f52aa |
| SHA512 | c3e72b304fccddf7cb1efd7594860d0df58cea591b110cad11187b0d02e3adc522971a8716bbec9d107badb5d962a4277e03e27a1e2db53ee49630a661b9d40b |
C:\Users\Admin\AppData\Local\Temp\$$a2F5A.bat
| MD5 | a1172a27b1365b163d63329723556a57 |
| SHA1 | 6dffb9513166abd3007221b24ae66369f0086db9 |
| SHA256 | 54f2ac072d67a731642fff42c2b695898b0b975e032c2c4473db135b5b1f1378 |
| SHA512 | 040e1a90d1159c26e8fc6ca4055319d5771754cbeab5298f85ef1b427bfae51a8834e5eb76fb430edfb6d015e15f0ede282220a05d3fec49bbf2b27f59532d55 |
memory/696-231-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 1db37b80d69fb40b0df0269245159f9a |
| SHA1 | 416a3299e061acef6e3e73ea6ebb038dff1e695c |
| SHA256 | 7d8a946c3b4aceb222ba6399d21ddfaca7f878572c468c50a40758d95e2161ad |
| SHA512 | f2f2aa9de278a1b0dff1dbf18f2044d48332006c29fce72a1446d5a0b00714197fc04c070b61aefd8267b790815a3732e40fd5b319bf73102611b651867e4348 |
memory/2196-238-0x0000000000190000-0x00000000001DD000-memory.dmp
memory/2196-237-0x0000000000190000-0x00000000001DD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3266.bat
| MD5 | 4a95213d9ebf6ea708c967ef195ca2e6 |
| SHA1 | 24de15759d6ffba5a41c5d741bc1037929e630d3 |
| SHA256 | e39e7fa792a6579de2da678b98c92f1565e37d8f5778da7fa0620837c4f0f997 |
| SHA512 | 0e4ad2821d53572e82897b5db5a66dde9ff59c7cc03550d73973926e921aa8c9ff34f28403b1becf3dc777911a9d8186a150349ccf8e04d1b89df4cda0df6474 |
memory/3044-252-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 9c750c4af543bee211e93b57e99bec7c |
| SHA1 | b975eaf950c2677761dea3d849da372579801156 |
| SHA256 | a0ab3788218682f7494c0a84e43ed1aaa58a84e96b50680a365da1fba6c1e9d2 |
| SHA512 | a14aaa21c6032a436ab16ff821dc7b8e8dd3795787964dc36691c9bad26ff07be28bc23c626dab782c733e6877050d1f817c2b2d653da7eacb82eccd0c353e5b |
memory/840-258-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a340B.bat
| MD5 | 1e5b0739b7cac0c483d60583be34ab66 |
| SHA1 | cd149d5363b50a59e0a476142271ebac5dc5548c |
| SHA256 | 97f6300e79945f7c27050ef45d5dd0aeada6fa87956eb454662646844318be46 |
| SHA512 | 4b9e8f1f92af885f826ae6998737ba7791445b19d994fbd87c4578beb4ef43d163b6909a99d63cbcc358eac1fb7375b6cd41a4b7f4cd6013a9efd01e9263b025 |
memory/840-268-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1696-270-0x0000000000280000-0x00000000002CD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a34B7.bat
| MD5 | 96abb8659fb29c5f747507079bf6f791 |
| SHA1 | 1fdbaebf0368d8df0faf600fb8cf709864ac65af |
| SHA256 | 98155a8647ae6749f486e41f2bb290b8b54fdfa8b275a9538b278edda5cd1a3f |
| SHA512 | a316f756dd4b8eddd11a8b624093684413c58becfb96727901f5e79f8153e989e92087bf9ffa297361ac438e75f43884391c7a71951ff9386ddb2659903659a8 |
memory/1672-280-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2812-281-0x00000000001F0000-0x000000000023D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3514.bat
| MD5 | 62acf112d86a64f8a200035c864ff0f5 |
| SHA1 | ab114a709e8b2a6babe550cd9c19c869ae9d6994 |
| SHA256 | 759a6e7a6a87640a3c84cd5ce445d33aabbbd5bde268f115e0e14d3ada5a5b76 |
| SHA512 | 067842d632c0aaac22dc66d0e5326c6610263aee08eccfe3a51d9614075e59af96990730b78a5de2230c0dbaf84de0891e034e0472bbf6e0317155c1c7c6ae44 |
memory/2424-290-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2600-292-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2708-291-0x0000000000200000-0x000000000024D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3582.bat
| MD5 | 91fa98ad734dbdb4e364b5c0196f17cc |
| SHA1 | b4df8b63cc840cba51bcc9fa6fbc4e4e24c9f359 |
| SHA256 | db24e2afb12d17189e15d93ccfea15369cc0de3eb3698c57606f2165976fbbe1 |
| SHA512 | eec37b0b835d7ac1618eafd8bd81c9a47c7b2ecec7a8a8ff21e81d90d716956431ef32785aa3bd9644f97b97a9e227dfbca9135823c1a6d719916c868f619219 |
memory/2600-301-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2768-302-0x0000000000330000-0x000000000037D000-memory.dmp
memory/2756-303-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a35EF.bat
| MD5 | b5d4ac79666cae7be87b49685dfa5ad9 |
| SHA1 | f2819d0e3564e2d65a29522e0a1ce390da45c645 |
| SHA256 | 0ded0ca5b402cd59db59bc72e210a1ac1bc6aa514b34dc398bc679b9f913d949 |
| SHA512 | 3b8d473c8c16d0ba26f13d968104578d799056ca50f84d752e1ae1017c08063eb80e905eba2f11d4e9f4fbfff552b0e4cef9a690b040a66baddbeab6c6a376d1 |
memory/2756-312-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2568-314-0x0000000000400000-0x000000000044D000-memory.dmp
memory/328-313-0x0000000000270000-0x00000000002BD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a363D.bat
| MD5 | fe96cf944e0a1a9f3a1b76530974039a |
| SHA1 | 83a8cfb06e13f67794644c14ec6e31123d26864e |
| SHA256 | 5045d704eaf75db2de27f8da5c59b2f3c4410b43e76a6477804e749dff423b36 |
| SHA512 | f23bcd9aa0c3a2b7fbdf0e093cdd4a605146db5a59586f7df3af4a83b2720e834424d1603effa4e1bfc1bd55628030e899ef7de11f5a3b4b597dd757f1587503 |
memory/2568-359-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a36D9.bat
| MD5 | 3b65763601318569bd22238b90759059 |
| SHA1 | 7b49f569d2db66527a2defea98e406ee20c9a6ec |
| SHA256 | e2a6bef7375caba569a5b7f9f0525f69092f6827eb9f83547bbde82566c8c485 |
| SHA512 | 563724115d842a883a4b32cb273e22128f2a7f5153075e25e33b773b9c14d12f2d9e5e5dcb49dedeac2c561229dd280c60cd2e6e3c8b8158c99b06bef918abb6 |
memory/2020-566-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1284-659-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1284-702-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3765.bat
| MD5 | 12ac1459e7a9d55fbd8429c74d2aa305 |
| SHA1 | 2cdd96fdc7c46f3711ec8807ae5cf77133c82020 |
| SHA256 | 5e81b33d4d83e08a0c0ea94d73b0b5c682968fc79858461188f963318d44b87e |
| SHA512 | 2ab150c115638bfb16de44b78a92390fc285ac43732731a355cbb38d6476a70b85865bc6a5f952ca67019d4a358661cbd7ea3d4a72caeae9786e31b5d257de74 |
memory/1240-812-0x00000000022E0000-0x000000000232D000-memory.dmp
memory/1240-813-0x00000000022E0000-0x000000000232D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3811.bat
| MD5 | 6c427b6ac1bf9d33a2caca4db6bb6c86 |
| SHA1 | 6e1ba11b73b1f98d216878a2d3fb8b9efc0591e4 |
| SHA256 | c75d26280acc079c4d3acad62e4a7819027c7d152454da0ed118fc4881072b16 |
| SHA512 | 4497f2e7ea61a06801e66695309b5055f18f85642ff1c1714debd0c8ce62d774c8d0a23f94ee7a92bfaf17cfd754eb4e3253339dbd315ea3e1023f0075280276 |
memory/2112-1040-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1160-1494-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2356-1481-0x0000000000220000-0x000000000026D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a38DC.bat
| MD5 | be12cf02d6b467c3acbd4bf265ec40bd |
| SHA1 | bccf1b27c8ab481e260d290226fa77d883264f3d |
| SHA256 | 734b658a2f0767164dbcba21e340999ebd6df93553680b6b28519b74bfd6c694 |
| SHA512 | 3405f58b248a967bb658676016a50d8683988a5a0c85eef9784f4f1e817cda9280446344701f1cdf13d54285a4d93aaab924859e708593968234fd3b04d3570f |
memory/1160-1528-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1960-1631-0x00000000001F0000-0x000000000023D000-memory.dmp
memory/2100-1634-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3949.bat
| MD5 | ff84259ccb52e37ea46f08dcc070bc9e |
| SHA1 | 39d94a20077d73321500cd66e2ded9f5b5da7785 |
| SHA256 | da3f378d7edfd8b880e8d1627fa2edc60bfa517dd3ddc4a4454272d442b8d35e |
| SHA512 | b116dd23dd31ceeb87ffba7651e4bf6302037298bbd3d233db378a823fb654497692794e2487ceca01ed012b22e687bed4156a3dd23fcf5c89796d5126809b5a |
memory/2100-1752-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2516-1920-0x0000000000400000-0x000000000044D000-memory.dmp
memory/888-1919-0x0000000000110000-0x000000000015D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3A04.bat
| MD5 | 4b5491f2b661770f2e1130965c22843f |
| SHA1 | 588696e506b154954200da5546c887f939b5f304 |
| SHA256 | b09fe9f85de5ffaa74c36f383c8eedd103b4d6c57f1fc0057f312148dd899a09 |
| SHA512 | cef4c67d72bf9eeb45ecbe492f8eecdf6601dd4b996c032ca38b21f7ebb428b0b86c3e48567f05ef988624f8f6737699a732507637f62dbb2ca26621ca72aba5 |
memory/2516-2026-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1236-2086-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1132-2085-0x0000000000130000-0x000000000017D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3A90.bat
| MD5 | d990e615d820bb1e8c2d3111a79adf26 |
| SHA1 | 2393756343f77497e55a2b8396b84a548512d226 |
| SHA256 | b5dc1bfa77dee31ce7021905009325b6f206d9ddbb69997560793bd1bdb49656 |
| SHA512 | 022b30dc1fe3b31bc7a57864e51b5096d49ca3211cf0c39a46d8714fc50b82bf3330b32ce4637cd889fad27b84b5a96877e74c8572601397db7aae2e55fb040e |
memory/1236-2095-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3B0D.bat
| MD5 | 7bba0ce7ef423ec29616c7fc14043df4 |
| SHA1 | 4b18fecb5155f48fffa209d09cb414ab842621b7 |
| SHA256 | 8559a97009612da930de9eb74abfd9b4859430b66d21f7176b1aa37ea6609bd3 |
| SHA512 | 5cc21a5a5332980996f6dd98b2571c4fb3e334e1caecbd5d1a93f673511f6e67612e29bb48e870c3e7ae8d1a0962451f8f7ff894bde0cce76053609f9eb60a1b |
memory/2196-2097-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2020-2096-0x0000000000280000-0x00000000002CD000-memory.dmp
memory/2196-2106-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2208-2107-0x0000000000300000-0x000000000034D000-memory.dmp
memory/2208-2108-0x0000000000300000-0x000000000034D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3BE8.bat
| MD5 | 0453bedcfc2dafbc59efd29d003bcb36 |
| SHA1 | 8d75accb961e787da33dbff6e24554158a4e5c2f |
| SHA256 | 2ea97a75fa4a4b2669ab260f99eee5d4d79515e1e505fcd4e98b1a67f4803585 |
| SHA512 | d289e9cee432df9ef573ebf4b284ca3e1a4eee9fce1cda2d368c5899445b064419f581457a0a52a44c40ec7d9f23f05720a011c553538acc655d03b75ed06434 |
memory/2400-2117-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2576-2118-0x0000000000870000-0x00000000008BD000-memory.dmp
memory/2684-2119-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3C36.bat
| MD5 | 87163aa528cd8a10f6bf40d8d0eb858c |
| SHA1 | 048c2a90057735b966e46dc3f46ed68ea1a51df1 |
| SHA256 | 0b2b30b485e0db0b88fe97e8601a57a6531272d81e3e4aaf489849996cfd1639 |
| SHA512 | 0a71352745b639e0287555b443d73b631db9d659d5c895d02f1f32e41cb9fa6c8c3eab961eb1cf7876d5464ffb1527745a2c3033fb9346fc9770c0ced341ed24 |
memory/2684-2128-0x0000000000400000-0x000000000044D000-memory.dmp
memory/3060-2129-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3C93.bat
| MD5 | 441dd060d5a9865a8316fdaf7a6a396c |
| SHA1 | 4412c9cecd02ccbc0ebe94d793870068869dee80 |
| SHA256 | 1a803cb1911a10f908f0d8025e2230234c208e642979765c95bcabc4d1bf3a75 |
| SHA512 | ab3092169d77fc186e7bb084ff7766c3870c7bb081bdeb0a0302d8fe85291458f285a52ac16a77ff315ca34a2b544dffbfb239c61ed66d74b7de4239ca2a3e45 |
memory/3060-2138-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2608-2139-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3CE1.bat
| MD5 | b45c3d281dd8e2a9e58e1cf67bdc0791 |
| SHA1 | b4307943b8c44fd239ccf19ebc76ead54aee7536 |
| SHA256 | 22a4f2587252ba85f6a6c794f67119ded33bf04475f884b7e8e1d878157b00c8 |
| SHA512 | a32fbf92d0a8756e8cbd6c44c42cfaf8235a6d7b7d8ace49ec9fefe6ef71a3ae9f5b01fb847ef9441e7c651b12da89ad2d4f0514ffa3275de449aa4e96263e8a |
memory/2608-2148-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2704-2149-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3D3F.bat
| MD5 | c51035102e96fdd2dd430d807640f7c9 |
| SHA1 | 81deba3a82f164dc3185771159e4e17288b4b30f |
| SHA256 | 1bcc45ccd2958dcbb6c9e4e2bdebc1bdcae7e16c1b3d8effdf77ebe29641dc9d |
| SHA512 | 3ca265db259c13cebd61dea72dcb51fd58b0941bce678dd90d0d42e9ced993f2dd0bc64cf0c3c635f5ca488fa45339759d71b1569ef81d2f395df63f6a1d6507 |
memory/2704-2158-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2768-2159-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3D9C.bat
| MD5 | 3d0ca2411f27b80557210df455b02166 |
| SHA1 | 07d6979c21010f85426bc9e95b19ee5002a41326 |
| SHA256 | 6d1c7159131a5f7a2b6f5cfd839488a12646d672a4f2e4fe97638007f2e96bd1 |
| SHA512 | 91812c40b71e10c76d4bfcbc6288b42741005e4d1dfeca7105805dad203dfa4cf522f2d8c3dfecfa59d18e63461070eed57050398cee33900727faed4dbcfd93 |
memory/2768-2168-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1284-2169-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3DEA.bat
| MD5 | 44b1a5189f24bda17ffc5aee6fcff5cf |
| SHA1 | f9dd7b893b7fa9746b3e93b77e3647d692e06e4e |
| SHA256 | 3695fa4c51a1d8211271fc6397495433c8ad0829e2579598b1d24955f601ea4f |
| SHA512 | 91c83ece436c762a40ccd417dc6814072730fcf544433e96eb219d483799797f77647876f085df0097b6a08efabc1a2ad018604330975ac9c734ffe3ca2d8662 |
memory/1284-2178-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1952-2179-0x0000000000130000-0x000000000017D000-memory.dmp
memory/2820-2180-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3E38.bat
| MD5 | dc3630e281380613c9c33cc737168a0d |
| SHA1 | 306b89ecd1b53cf4571320a6550af4245b723f0e |
| SHA256 | a0a920659bdf490dd79408a9e20572e4773ce8931f95a05887de2d6732bc3a06 |
| SHA512 | 3b0c2894c736172aca43384532171f7f453a5d8f70d7591460f1c2ae979e71ce1882d0b2d31ecbb2a9cdf23c2051934be90a8e8c57f3548283f19dfb251d52b0 |
memory/2820-2205-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~3F63.tmp
| MD5 | 1533ce34575752aaf9a3020599c131ba |
| SHA1 | 24c1e2313276a40de717fc556240e4199701b19a |
| SHA256 | 25675678c980d33a1db21fee21bb8ba75354f3403f26c2a25e8c5c3ce37da0ba |
| SHA512 | 46c22e96abd4a8b03acb05a8e0aba5ba42ab026707dccb80538e50c8f4ad625a01b6808840f1801912b4bc8ff33f00d8354283d3b0dfc9591c8279fd9de4e1a1 |
C:\Users\Admin\AppData\Local\Temp\_is3F85.tmp
| MD5 | 5453343afefb32307659574a4da803bf |
| SHA1 | b01072bdcc799391c510054447a6a8cbab71abd3 |
| SHA256 | 02eedbc35423bf428545f27b5575528ee996e75a0cf8157f47cf3e302547d508 |
| SHA512 | 99c4d5731ebba9ea659d30956d60beb6c1be5e9872ee027eb7174ba08e7fa2ad8bd9d91c82313a27577f3e9c5eb49b46b8929c7f29491d0db15d3e1cd803eafa |
C:\Users\Admin\AppData\Local\Temp\{0F90AE3F-B818-4860-B20F-B6783173A698}\0x0409.ini
| MD5 | be345d0260ae12c5f2f337b17e07c217 |
| SHA1 | 0976ba0982fe34f1c35a0974f6178e15c238ed7b |
| SHA256 | e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3 |
| SHA512 | 77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff |
memory/1320-3953-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{0F90AE3F-B818-4860-B20F-B6783173A698}\_ISMSIDEL.INI
| MD5 | db9af7503f195df96593ac42d5519075 |
| SHA1 | 1b487531bad10f77750b8a50aca48593379e5f56 |
| SHA256 | 0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13 |
| SHA512 | 6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b |
memory/1320-4781-0x0000000000400000-0x000000000044D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 05:37
Reported
2024-06-14 05:40
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
157s
Command Line
Signatures
Executes dropped EXE
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\management\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\host\fxr\7.0.16\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\swidtag\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\jdk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\ext\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Google\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\deploy\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\javafx\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\uk-UA\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\server\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\security\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\legal\javafx\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\cmm\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\fr-FR\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\security\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\legal\javafx\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\legal\jdk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\legal\javafx\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\applet\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Drops file in Windows directory
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Logo1_.exe |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a347D.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a35E5.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a373C.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a38B3.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a39BD.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3AF6.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3C3E.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3D28.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3E80.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3F6A.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4093.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a416E.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a42F4.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a43C0.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a44C9.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a45A4.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a46BD.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4798.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4873.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4A19.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4AB5.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4C0D.bat
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1104 -ip 1104
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4CB8.bat
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 984
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4D74.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4E10.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4EFB.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4F78.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4FD5.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a50B0.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a510E.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a517B.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a51C9.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5217.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5266.bat
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe
"C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
Files
memory/4456-0-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Windows\Logo1_.exe
| MD5 | 4db33aca198f9e9afcc012cd7ea077e1 |
| SHA1 | 6b4b21442dd5091b5d3f586dbf860e0d674f60f9 |
| SHA256 | c1d47f6a5ba1a75b76b8826c21596cc74e342b014b7b559e9d20a403d2bbe1d9 |
| SHA512 | 9a6f36bc295d81e866ac2c2105efff604d1ff065f5bd86e361d1f7538fdba5b32ae6faf671f1b6aff13b112aa7bc8011bca842d554e1091b1aa073c58f3d3a78 |
memory/4456-8-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1104-10-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a347D.bat
| MD5 | 291e9f95e54344c90e089c10a39bec86 |
| SHA1 | 91249b11242e7ae73ad19fc4c09ea35423b494bb |
| SHA256 | 2c96ffac3504377cb437cd8e1b32e4be9f0bd4b7ef1186218502c8d5db3a4d91 |
| SHA512 | 3f0b9b5df48d93b24b5a92881441adaac28c17bb24a93330382a8227dd21a5551a388625d2022c2e4fdba3ee194a1e9845cc9e970da0cc41ea58c056f63ee941 |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 3df9284a7a827e96c982aa7dbb0a3449 |
| SHA1 | 2364b9dfdf30587617efdecedf30752aaf1f2c72 |
| SHA256 | 91998a5238603af52e99cf9ebfb764599efacda3dc4373682b7705659888cdf4 |
| SHA512 | f90a6a0ed4973f63dbc467c8d954b559cd297873899d98468e88b13d3bf4b922303ebafb732cd532178ca17b192831e5629480382e23add180c2345a4b4f17d0 |
memory/4320-19-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a35E5.bat
| MD5 | ce4ee6378638dd335d049e2b7fa3a5dc |
| SHA1 | d62508b150acea4dbb8a235d4abf55fd5b58e76e |
| SHA256 | 876b2239a8cbddd830335aace3580eb94d46083a6407a8a158fb41782bd2bc71 |
| SHA512 | 5e65a69bd0c99250b27da49d0d9c25e8a9a366d1f1deb0a9a1611e24f6b30df92e0e897f55815094c86c6178495602639ec583774bf3b96c4f7abd3e7f2bbd7d |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | f2c91ec5a712982aa22be52f8d7f2755 |
| SHA1 | 716c4feb2523cbdf1ede42ca0f2cbd1318d79d24 |
| SHA256 | 91a00511132f54629ff39f85651dff382d09572f5270060f1d11da33489279fc |
| SHA512 | d0434ddfc8dc21019db99c423eda22f5aae3e3a377d9b719fb57ad77aa7c81c4eae734213d6665f2b828ebe12fe1c5b945e758b99395c97f103fc0276abe672a |
memory/3096-26-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a373C.bat
| MD5 | 175ab80b235565020b470d97f407fab9 |
| SHA1 | 9e0367eadcd721a004ad85aa0a8a72a38013a7ea |
| SHA256 | eb099f95c64c26c3fed3c54ea9fe4119440d88f5249fd44148065c390f2fea28 |
| SHA512 | 59257ef97471a88d830767255cc6ecea0e0a9e26f08539b43f1ad78164c7f765b99b198c68133f01e9a6049dec15a425b0662fbfbc45b61ac007dcc5cbf71754 |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | e0a2a952b40cd65b09b9687e6c38d4d6 |
| SHA1 | 729e185aa0d874f30f53cd6887b6b07d657ba403 |
| SHA256 | c41b1a583ee13a59c30ba021535121768346236b30d600a9fa425c861c64c80b |
| SHA512 | 5eca4c4fc005d57620d67a175db3705f52e344b3bfdbbb1b1e6c23c21cca2d0866332b361dca4f9cc5b7c3a917aee28147a759e800700b1ff99109316f410297 |
memory/3672-31-0x0000000000400000-0x000000000044D000-memory.dmp
memory/3672-35-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a38B3.bat
| MD5 | 234814137609b9486048de64d61ff0ac |
| SHA1 | 0d62e2b7ab58bd783abb95ee00c5b05b46270264 |
| SHA256 | 479afbb699a5611863b1d0d19f7ffa2b9ed5ded6a5eceb704c70abfe579f2fc0 |
| SHA512 | 578aaa298d12be6bc03050474e4eec7cb0334d431c74b71f2e2775b46410c289255f4be5aff996d5053025ebce851e5cf7a4366c4c7c926b1bf0f613c5bd5491 |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 960bdf3af50b67e8949e51fef440063c |
| SHA1 | 2601eeddc1104f9a03264dc5775c26bd3e5c67ee |
| SHA256 | 9a62439938a78c883a7339dd331f2a6968be4d587109597f998030f35c44c0e9 |
| SHA512 | 7f6d050122b3262a47494e28d7ac8419f834351ad90c6d2695da1b0601eae91d367ed81d4fe1ce8c32a4a76c8054009ead94e0df61d336d7e3d9047fd309d05b |
memory/2648-44-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a39BD.bat
| MD5 | 952cd02f795c2ea7426c769d1fa773fe |
| SHA1 | fb4840c30d722347894b8374d335863f19d6266c |
| SHA256 | cfe47d63f59f0a05c34e06c3e44299276102acda0f7c2bfe011816b9c7d51345 |
| SHA512 | 2dff491bfb28afba5c2e240bec7b99dd3fafd980c71cfe3b83286dc8a22203da76a2b6f321e82cfddfe6c5e4c5dd8018b14f81169472fed0923b2f27a5d5d9ab |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 70682aa162f988242c6c43dc229440a4 |
| SHA1 | 7340d30a395f6d8972ead90822e871cc9ab98e63 |
| SHA256 | ab1cc4d7870bcbdc6596c3a3a74459c85c7ded14732a7fe989cc0540957861ab |
| SHA512 | 9eb94dad31f6bad53e95e9420002253b5d6893a85ae59639a952d9b51a2c6ca30d858231224b4df017d04b036cc7d0a36d29c5c34e75377b6e14bb2430603eaa |
memory/1360-53-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3AF6.bat
| MD5 | 1c8f03f1f044fee4adc2ecc25239d059 |
| SHA1 | da97fe6e0a620168c5dcb757625b44b51379fcf3 |
| SHA256 | fcbe27371b850521017b0766aa1ab7252a871b527b6dbd0efa689d96fd6a51d9 |
| SHA512 | efa0b79878c99bebd2557caa8124a35258338553fcfc357c52100b7650dc39907c2f3b75ce43d3a78b80b8f3dab111d41a3aaf5e0c871873297ab9b7315b1878 |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 15d42442c0ad97c6db1af59024293e36 |
| SHA1 | 912a692291d0c4eda041f1c423978739c5380585 |
| SHA256 | 6ca7a0c9f3e9383ff5512a05422eab5b740b5b02f65a79df177aa8658557f371 |
| SHA512 | fa83623a4472e94edf6602310265906634f2b6d6cedf76840d830d82403a7af4f6de351df08abf1adfb162374e9b8ef28c2d03eb8ff54d53afd937411d019378 |
memory/548-61-0x0000000000400000-0x000000000044D000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-2080292272-204036150-2159171770-1000\_desktop.ini
| MD5 | 03c36dbecb7f35761f80ba5fc5566da6 |
| SHA1 | 159b7733006187467bda251a1bbb278c141dceb6 |
| SHA256 | 85a53f5b976fb1c26ce14c31e93c1f68997d2d8b09ab9aa2b7e0d32b8e50ec3b |
| SHA512 | fe573085d2abef34adcede2f89b1c2810875ab00ef9ba27a1d95ed1dbe93e182fc53d981901a0b8048dd4eb5fdc852b8f0e0c3a0e1a404cbbe70e13a7a14104a |
C:\Users\Admin\AppData\Local\Temp\$$a3C3E.bat
| MD5 | 6f8345ec9559d73da9cba358a0f36c52 |
| SHA1 | 22bb14a1e314a3abf7585948e635cce00fd15f96 |
| SHA256 | f2abfaa83fabb4f4e01fd9399f1aa30fbdb7369963000ff6a29c3a315a3a99ee |
| SHA512 | c0f30c0c9bad244551b3833833b041045cd847549cdd64f559fb3adac6286731801ede851eb816ff7607ad34c662337f0f4a5b1b69d510ebcba8a835f30fa696 |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 8a23794c3ca60b8647fd9bc6d1c0ec95 |
| SHA1 | 1746dbd9a43ab61cd8c1bf882a864a42a86436a0 |
| SHA256 | 01cb843f82dbdc3d1caf47c3a41fd01dc0dc4ac028cbcb7050c7020e73542b53 |
| SHA512 | b3ecb49ced0984140734afe14cc7887c865386454c8891be1f14f0ae21690379da7fdbebe6ba6f45f43c2b7d6d934c9bf384bc5bab733bd8b1a40d3d9117a554 |
memory/748-75-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3D28.bat
| MD5 | 45839bd5dd2dfa90205c9c52776c06b2 |
| SHA1 | 4d4f91437b90f2ad78c4e051c71f16e25fb8c518 |
| SHA256 | e9646a40af29fd0f8c1799197920361a1ef622ec1084f4c90090d668b38d3a35 |
| SHA512 | 2e9e6536dcc2fe39c25f2e18c3cc24622a9ffefa676dab93756a430a7963b018799be061c553ffe83dec4feb08d92ac785d552370ad7d7355202ff46b213000f |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 3678d22d597811c8c241c18ae51d826a |
| SHA1 | 5b68eb3ea0db72cca60f09321e8592c3d1b01107 |
| SHA256 | 8f59ab94c1cca3315f84864afabe9d348bc7ec79ce7723d3e195e5140d1f98ec |
| SHA512 | 9a0f2d50cfc58613439d7f5ad80390a112f5f9e160e356f911cd89f32bedb52d8543e6d4849dd61c036342cf98f96cdd497c9104a5b50c945d7ec3f855e3bfda |
memory/1444-83-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3E80.bat
| MD5 | de1736d377b2501f2a7ce152722f9fff |
| SHA1 | 3b6bde2e71eef9757bd048113fcb0fb2a4877784 |
| SHA256 | 56240fbf5c6ef92657182cc499678403d3bfa314223fcc6d12b86716efd4d990 |
| SHA512 | b27980de8a0499c5d104750edbadadc5d68137aec5345971b11c06c11997e947f2549d8b1258344201b7685c1c508cde87234fb646d2a81bbd29682233f6440d |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | e1742b7f3dcc8ff7142d041edab0c33d |
| SHA1 | d3c738b7723a34c56b557dbe0b596e174619bc72 |
| SHA256 | cd36cf506835c5b3f7f79364e66fa077843d0335639236bd6322a17f456fd43c |
| SHA512 | 8c3f7ed952d576957e65a99af3ccbf532ddf3465e426ac851178777220dbe279546dac7499c2c60624f324031a5b36adddc665ed24233f537b852010f1b14464 |
memory/3132-87-0x0000000000400000-0x000000000044D000-memory.dmp
memory/3132-91-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3F6A.bat
| MD5 | b93f1a84bc6c28e95d809c4e785b276c |
| SHA1 | 815eaf6ae765f47d25def401a85ef7e37a04c01c |
| SHA256 | 519294eaeb0bb9102405382b1db1f88264752df273f023e69680cf0f5928df7d |
| SHA512 | f16772478ccff68c2bee39070a099a470e8e8e38b645a1c54ec6f8fed0a240ab9a6252a7ab84987b5b5c0cf6053a9fb2187925b789f2d1f9f10cdd0ebacb51a3 |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | c7f6fb6839fe5c06d91f7b24bd1d3099 |
| SHA1 | fd7c2ca06bb0cdf05786ebdd1a6ed2dd41bb5ab0 |
| SHA256 | 2192d2448c01035c4ceb65155662b2d7cc2676533cf911f5fbb913109b8f52aa |
| SHA512 | c3e72b304fccddf7cb1efd7594860d0df58cea591b110cad11187b0d02e3adc522971a8716bbec9d107badb5d962a4277e03e27a1e2db53ee49630a661b9d40b |
memory/3832-96-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1104-95-0x0000000000400000-0x000000000044D000-memory.dmp
memory/3832-100-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a4093.bat
| MD5 | 93ca7a4932e3f16e966d09d4b104f215 |
| SHA1 | ba64cc57c59e0314570e07a2ef4e3776bf5d7e67 |
| SHA256 | bad47a74338937409ac15535551fbc8e05ce28376e6f7dd3e7d045188a617ba8 |
| SHA512 | a0e0bdeff41f01742486acc61274564df18cb7edcffcea54fc323314f82289f933c23684746c9fb26f996be343cce1d73f600b43b4b02200b277c56df473b127 |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 1db37b80d69fb40b0df0269245159f9a |
| SHA1 | 416a3299e061acef6e3e73ea6ebb038dff1e695c |
| SHA256 | 7d8a946c3b4aceb222ba6399d21ddfaca7f878572c468c50a40758d95e2161ad |
| SHA512 | f2f2aa9de278a1b0dff1dbf18f2044d48332006c29fce72a1446d5a0b00714197fc04c070b61aefd8267b790815a3732e40fd5b319bf73102611b651867e4348 |
memory/3180-111-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a416E.bat
| MD5 | 741cc668a2f222bd7862f138981aa216 |
| SHA1 | 3e406e58e3a3678ee3fa3683da11e7960b03b55f |
| SHA256 | 4bf51fcda557b88189af79c4097098a18554969c2060abb034f5abf0c1f8ad04 |
| SHA512 | b7d98362c712755af51aca5be1e1ebc3ba0977058f9565af1b0cb9a721202ba9777f87bfe40ddcba89a2bf75154efc80da05ee4f366a8a000278cacd82b09caf |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 9c750c4af543bee211e93b57e99bec7c |
| SHA1 | b975eaf950c2677761dea3d849da372579801156 |
| SHA256 | a0ab3788218682f7494c0a84e43ed1aaa58a84e96b50680a365da1fba6c1e9d2 |
| SHA512 | a14aaa21c6032a436ab16ff821dc7b8e8dd3795787964dc36691c9bad26ff07be28bc23c626dab782c733e6877050d1f817c2b2d653da7eacb82eccd0c353e5b |
memory/760-115-0x0000000000400000-0x000000000044D000-memory.dmp
memory/760-119-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a42F4.bat
| MD5 | ca4582b7087313bed1da93194c571e55 |
| SHA1 | 3ec6f150dc084d8cb98e6b8dd74cd71766f68d95 |
| SHA256 | 36c2e1b268b656cc9c7831cef77314744ddd44de784c1890cddb23380240bd65 |
| SHA512 | 3bbdea6d606f28999c1afa9cb511177148666b16bed44701e1aa866cf9df9868bfe3f452ee8c1abeb76e0d230b0dcc03316047de9be304b5347d7b27dbcc17f7 |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 080b508382f4e2a62d3aa72debd7cf36 |
| SHA1 | 3a741bc765be25edafc2e8866e08a0c31768359c |
| SHA256 | 233a945f3a8884504d35d6f0cc2a7f38989f3c3e4cfa8e4ad392e319720e15b4 |
| SHA512 | 3455ddca2882006ebd0243044e5952e610d7bd358deecb80a83c935a2ca2d1f3bb660152f4e6e64d040f540b75ac9fe34ab052b714f9c1f7d2b660c0cd94107c |
memory/1180-126-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a43C0.bat
| MD5 | a985dc3c876cc1a4db9b769394605a3b |
| SHA1 | 2983b8485d5e3e81ff3810b6de5ba3d7be9b3515 |
| SHA256 | 0587cf6bd2e222ef9bcbf1ab99c89382bc886117600a2f808b43ae2bc45cd79a |
| SHA512 | 141e7aaa42ea89c64cb11af26662e7dce8979420c2211d9238f6641668978b1bd6f13a115433fdca6fd965420703c6a3f1d3156861d926267c2641e62b3dc1cf |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | e196371c438d6228c3bdf7c8dbe6a1a8 |
| SHA1 | 60d1812736b5a5e3faed09d2042b92fda1b088b2 |
| SHA256 | 3716ed2493356a69a594f0a1c527d143abc862fd4ffc12c874c189847c97831b |
| SHA512 | 711d2e6e6aca20ebf767549cee4b594a0354aba602f6def3f5e9d741ed93b98aa1571734a57e8a8839cfe1a431a5e1c51b4f2dd664b171ea76197fd89b8fd874 |
C:\Users\Admin\AppData\Local\Temp\$$a44C9.bat
| MD5 | 5963cb738cee9f3946bd6f1b51f99c59 |
| SHA1 | aaeaacdd6fb565dd608139c01934d3f7b984e652 |
| SHA256 | 316a7da3d6218ab3f563bcc1348bbd694bdf345bd401cc0774f0439de12d5a55 |
| SHA512 | 6a39a0137ef613e10fadff7d54d3e04bba986e810f024b52fd6142949c2e3d230cf89ae0e67dc241716fc4b91ae2d9564ca0b834587c9f6588133f754c53a186 |
memory/2888-133-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 408b20e16a98e43459906847e0191efa |
| SHA1 | 1f9dbbe3475b4c93cf66c1da7db556405da0c101 |
| SHA256 | cac256071bc6666638ee6622bc7376710fb6077718c058c1a1615915eaf4f0e8 |
| SHA512 | c1546e7bf15917ed434d45bf2a9dff5c8f43b0f93211b82fb4f43ce5191ae6ede1d6381c8fc9325c7f3134085d1a4ecef1c46eec78abdd206e167e22734f6aa0 |
memory/3192-143-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a45A4.bat
| MD5 | 88fffae85d7aebc8c728df74d227e1da |
| SHA1 | 54921367d36aeea1ceae6d1db4daf90e5ada4d7a |
| SHA256 | 8b21d76fc9e56ce0d0e5a849d8641a514a248f57b551d75f365a61fd254bf4f0 |
| SHA512 | 02a0bdeffee12c1c9e677868aec4c9098a8221476c11832c3ae65a89e2271ad7a10c981a84067819294a1a45bebc95a18cf3d98445c2d851b60960371bf859ed |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 0f7b190e259ba553527ed9fb4e70061b |
| SHA1 | 2257157880ac52fe6e0eb2fc7de2c752468dfa9b |
| SHA256 | 9ea905825aaa08dddcbf76ebc691a15390a56426d9642a4cbf5373d133042059 |
| SHA512 | 0ba911f992f1cd55507959ba4a8da0d263667baace0deb6086382adbae9d05513cb832df5d7d0a64503565b79b4a024e88d431bc852e755580d8f1bd913e0f2e |
memory/4336-151-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a46BD.bat
| MD5 | 67ec8ced025364cd4ce0e5d422b3bc93 |
| SHA1 | d9cc60290255f05e2751e701be8cf06f411d7594 |
| SHA256 | 3ff10c06c236758ce43edd5149e9bf76c742747de45708e21c24c2b4e99e1d5f |
| SHA512 | 34fbc2ce88835afb28681cf5d192765cbf76ba35b0372c42ddb4fbb6cd9fb1fd5c8d48ca8d2cdd5f9538a93e36e8dab28cfd08054ab0d04f4dd3cde714d4b1d8 |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 9a6ee4318ea0c32484f2d650ba80ce7e |
| SHA1 | e6ebce53915a6c291d21740b29126675eaacc76b |
| SHA256 | 9d59bec06ad62dce146eff3a7d334f0625ce06bdd065f12ba58beaf63d8d4426 |
| SHA512 | f07c33831b89835f8957a093833b93ec35881760b6e21bf7ad5ef567df3a3b5c92af2317a1e6a94ea154930f991c8ec3541a314f66040ce548d2b8e8527350ba |
memory/4940-158-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a4798.bat
| MD5 | 54d6e9955d7a235623efc136e7cef4db |
| SHA1 | 8d701ae57d20b28724ed22724033ddf89e60f10c |
| SHA256 | b6959b11ac0afb0949ea406e73495cc354a17228e3ae6a9bb0fe298ee7925e22 |
| SHA512 | 4a4a432953def4217a1d39a9ced6ff670393dd5c9b1eb5c8a326d8eb30fcde72438301ec921f6f674acfbf2906dab0a495add3975836b7b00a3341462d84519a |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 7eeaca39dd4fa393458297e323eaf2ff |
| SHA1 | 1513685d3b5f4766eb8f31c8ba82e0f5139220f7 |
| SHA256 | 2e05fa5661c2d4eddd4ce6779fc8865d140c7638fbbe32e7eb4c60b49c63d5db |
| SHA512 | c3e4171e120b0fbf7564369cb36613bdfdf7b12af7d0e339a6a82753caa3d8018b5117e5636bb7b07e582133c032cc704bbb0e446bc023e5e67518ef2a69913b |
memory/1628-165-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a4873.bat
| MD5 | 5c179dcbe10cf97a171067f8c1742eee |
| SHA1 | 3c97a4a360542bede3dc52d54b26ea77b5249791 |
| SHA256 | 33959723c9a6f2b6c3802dbc4c631656504d75cf0c35ffee2bf39909e24fdb37 |
| SHA512 | 514a06a448e399f9ffc166fd7065a549e72581c1b993e9e89fff59b108d033551abfeff5e83244231e84180c97cce8d6a045931908f09dae4d087a55049f642b |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | 77ea4ac4f8ad8c6a6cc1e11fcbef1cee |
| SHA1 | 9a7b042d75d4dc836de7390046f15907baffe828 |
| SHA256 | 69814cc92ae1d7f046a22b76d4bc6711e16b8b42871606beffa47ce720a365e7 |
| SHA512 | d19620e01a7562cd49e0a43c4c272d3f2efeed9143afb4d64cc37d92849a4c7fdce6973322e1f101d4a5b946974760298cec83ea55a74053c7f809afd2662edc |
memory/664-270-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a4A19.bat
| MD5 | 2de18e8a4029f1b8b4db1339c3e83982 |
| SHA1 | b43c080d302ff9e864c0112b44093d04609480a0 |
| SHA256 | 95328145f130314555cc52e9584b2fae1e0f517eba2cb15b4646e532b7daa9b8 |
| SHA512 | a673274a56def7b6aac93f41ecb0b6baf7ea345e46565bedac1048061a761308634076b04129665ad84f13116f0814ab4852160e5d6097369408535de7c34bf1 |
C:\Users\Admin\AppData\Local\Temp\e3b476915bc9ac0424303c2badea4fb41c93dd7812ae04d6a51db1eaccbe0fb3.exe.exe
| MD5 | a1efe2405eb43a47d76fd20cd72ef766 |
| SHA1 | af8a9492855d430a8fcc9ab58249c3c097a981ac |
| SHA256 | 6f658213093ba204e684cf00e67e85751a3d3135d0188101f49dcd0184a1c33e |
| SHA512 | 58097f0de64f86d03d9bc61ecbef5c9c1377f86979857f431a2b47eefa39059102a6ee39d6f40e4ae84a7e3c607d64977b11785acfd5d11d69c7fea481e0d676 |
memory/2788-314-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a4AB5.bat
| MD5 | bfadc6b5fa81462d9462e612b24933a4 |
| SHA1 | 04fc2abb9af0b3ca0b19ce78dd61ba2bf148b8b2 |
| SHA256 | 3e34c6e3dc9189bc32bdaff6548c5c5a80550d7d958abdbfb28ba40760c5481d |
| SHA512 | 9f6ded820f2289591e986df72bedd3bf9c47091c44bd753d2295d25931e0059e31b690c6067db924c1e75b7783c88d5869c58da50fbdc2d97121af4e371b3f9f |
memory/4244-380-0x0000000000400000-0x000000000044D000-memory.dmp
memory/4244-406-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2632-462-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1636-466-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1684-467-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1684-471-0x0000000000400000-0x000000000044D000-memory.dmp
memory/3932-475-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1000-476-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1104-478-0x0000000000400000-0x000000000044D000-memory.dmp
memory/1000-482-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2316-483-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2560-490-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2316-491-0x0000000000400000-0x000000000044D000-memory.dmp
memory/768-493-0x0000000000400000-0x000000000044D000-memory.dmp
memory/768-497-0x0000000000400000-0x000000000044D000-memory.dmp
memory/3880-498-0x0000000000400000-0x000000000044D000-memory.dmp
memory/3880-502-0x0000000000400000-0x000000000044D000-memory.dmp
memory/852-503-0x0000000000400000-0x000000000044D000-memory.dmp
memory/852-504-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2436-505-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2436-509-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2936-510-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2936-514-0x0000000000400000-0x000000000044D000-memory.dmp
memory/3980-515-0x0000000000400000-0x000000000044D000-memory.dmp
memory/3980-519-0x0000000000400000-0x000000000044D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~52F4.tmp
| MD5 | 1533ce34575752aaf9a3020599c131ba |
| SHA1 | 24c1e2313276a40de717fc556240e4199701b19a |
| SHA256 | 25675678c980d33a1db21fee21bb8ba75354f3403f26c2a25e8c5c3ce37da0ba |
| SHA512 | 46c22e96abd4a8b03acb05a8e0aba5ba42ab026707dccb80538e50c8f4ad625a01b6808840f1801912b4bc8ff33f00d8354283d3b0dfc9591c8279fd9de4e1a1 |
C:\Users\Admin\AppData\Local\Temp\_is52F7.tmp
| MD5 | 5453343afefb32307659574a4da803bf |
| SHA1 | b01072bdcc799391c510054447a6a8cbab71abd3 |
| SHA256 | 02eedbc35423bf428545f27b5575528ee996e75a0cf8157f47cf3e302547d508 |
| SHA512 | 99c4d5731ebba9ea659d30956d60beb6c1be5e9872ee027eb7174ba08e7fa2ad8bd9d91c82313a27577f3e9c5eb49b46b8929c7f29491d0db15d3e1cd803eafa |
C:\Users\Admin\AppData\Local\Temp\{D1BE5726-C3B0-4891-8026-062B3B080FE4}\0x0409.ini
| MD5 | be345d0260ae12c5f2f337b17e07c217 |
| SHA1 | 0976ba0982fe34f1c35a0974f6178e15c238ed7b |
| SHA256 | e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3 |
| SHA512 | 77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff |
C:\Users\Admin\AppData\Local\Temp\{D1BE5726-C3B0-4891-8026-062B3B080FE4}\_ISMSIDEL.INI
| MD5 | db9af7503f195df96593ac42d5519075 |
| SHA1 | 1b487531bad10f77750b8a50aca48593379e5f56 |
| SHA256 | 0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13 |
| SHA512 | 6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b |
memory/2560-578-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2560-579-0x0000000000400000-0x000000000044D000-memory.dmp
memory/2560-580-0x0000000000400000-0x000000000044D000-memory.dmp