fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 09:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
Size

562KB
MD5

fa5e58ca1aa2f50246eb24d68279d4c7
SHA1

39a92791d42f535d01f3812447753556c34669ce
SHA256

fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0
SHA512

917d7a9e2a0fd06cab549e024c4534b291f330fd54bffca5be77bbb65cc531ec361f302b18efda10ae6a426d592acbb0da82b272e02c12ce8e5bcb813af4b230
SSDEEP

12288:YOc9iJafmm2VYK+UNo0RweQfoAxHv9sN4A4H9J618UtQ43iUa:YOVm2VZQwy9E1Vf3M

Score

7^/10

spyware stealer

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2684	cmd.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini	Logo1_.exe

Executes dropped EXE 2 IoCs

pid	Process
2556	Logo1_.exe
2484	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe

Loads dropped DLL 2 IoCs

pid	Process
2684	cmd.exe
2684	cmd.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\defaults\pref\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{3CB1163A-165F-4D3C-9CFB-4A6C46727A73}\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ko\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\el\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\dtplugin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
File created	C:\Windows\Logo1_.exe	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\Dll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 43 IoCs

pid	Process
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe
2556	Logo1_.exe

Suspicious use of WriteProcessMemory 38 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2240	2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe	30
PID 2252 wrote to memory of 2240	2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe	30
PID 2252 wrote to memory of 2240	2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe	30
PID 2252 wrote to memory of 2240	2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe	30
PID 2240 wrote to memory of 2772	2240	net.exe	32
PID 2240 wrote to memory of 2772	2240	net.exe	32
PID 2240 wrote to memory of 2772	2240	net.exe	32
PID 2240 wrote to memory of 2772	2240	net.exe	32
PID 2252 wrote to memory of 2684	2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe	33
PID 2252 wrote to memory of 2684	2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe	33
PID 2252 wrote to memory of 2684	2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe	33
PID 2252 wrote to memory of 2684	2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe	33
PID 2252 wrote to memory of 2556	2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe	34
PID 2252 wrote to memory of 2556	2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe	34
PID 2252 wrote to memory of 2556	2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe	34
PID 2252 wrote to memory of 2556	2252	fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe	34
PID 2556 wrote to memory of 2736	2556	Logo1_.exe	36
PID 2556 wrote to memory of 2736	2556	Logo1_.exe	36
PID 2556 wrote to memory of 2736	2556	Logo1_.exe	36
PID 2556 wrote to memory of 2736	2556	Logo1_.exe	36
PID 2736 wrote to memory of 2500	2736	net.exe	38
PID 2736 wrote to memory of 2500	2736	net.exe	38
PID 2736 wrote to memory of 2500	2736	net.exe	38
PID 2736 wrote to memory of 2500	2736	net.exe	38
PID 2684 wrote to memory of 2484	2684	cmd.exe	39
PID 2684 wrote to memory of 2484	2684	cmd.exe	39
PID 2684 wrote to memory of 2484	2684	cmd.exe	39
PID 2684 wrote to memory of 2484	2684	cmd.exe	39
PID 2556 wrote to memory of 3028	2556	Logo1_.exe	40
PID 2556 wrote to memory of 3028	2556	Logo1_.exe	40
PID 2556 wrote to memory of 3028	2556	Logo1_.exe	40
PID 2556 wrote to memory of 3028	2556	Logo1_.exe	40
PID 3028 wrote to memory of 1584	3028	net.exe	42
PID 3028 wrote to memory of 1584	3028	net.exe	42
PID 3028 wrote to memory of 1584	3028	net.exe	42
PID 3028 wrote to memory of 1584	3028	net.exe	42
PID 2556 wrote to memory of 1192	2556	Logo1_.exe	21
PID 2556 wrote to memory of 1192	2556	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1192
- C:\Users\Admin\AppData\Local\Temp\fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
  "C:\Users\Admin\AppData\Local\Temp\fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Windows\SysWOW64\net.exe
    net stop "Kingsoft AntiVirus Service"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2240
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
      4⤵
      PID:2772
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a20AA.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe
      "C:\Users\Admin\AppData\Local\Temp\fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe"
      4⤵
      Executes dropped EXE
      PID:2484
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Drops startup file
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2736
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2500
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3028
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
258KB

MD5
b5410fc429914200276ec7a3af01029a

SHA1
3ff9addb437659b743dd0ba280e3579ab09b38de

SHA256
b8539bd9b6e238a1df46ac0616ebe7e590831aba721f427a1681e45dfc90c384

SHA512
8ad8c2b1e1834976c20583e0368fcc3c634baba0a8bfbb03698a86b755a147a4a786c81e928a54a873675c11121084d72faddc90117a0e22eff13f04f25942d7

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
478KB

MD5
79d96b6a2771e7783309bf05ebe7b5c1

SHA1
b19da11278224b17598d5b6de189892a83196708

SHA256
eb38a47ec49f3f376f53aff58def8c3a0e095bad67e2887d3f58bb4a3c71a19e

SHA512
72e30060fd922fc37662d762bc647bf85938986d810057926fe86a1622e1b05fc841bab9ee06ee7855071ed27da3d8fe20d41f03ae68c4c76cc720a7e56d4d68

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a20AA.bat

Filesize
722B

MD5
b29b106e10c4be1d6066a25d34e6a254

SHA1
472834ad126a97c22652ab7b8f72bc9543a4bc45

SHA256
50c169f559ac1a0b072b762237ddc4396f0f1633d5c53e94cd598635d3faf7d3

SHA512
e402ee7b9652d7ea988f6c2fa30ac278c3f3cef7ce4e995dfc0deb3ea6e9d835d4e7a5410e574f0109eb960ab448167bba5292d58bba01fab518df0d88c79710

Download Submit
C:\Users\Admin\AppData\Local\Temp\fd838afd7a1544868918ae3e26b310fca89629f0b919d07a8088907521df1ac0.exe.exe

Filesize
529KB

MD5
cca0c5482b8a6a275d9d49433f435dfa

SHA1
a72ae8621386e13c34055f612ae7612b8a18a39e

SHA256
6ea08bbcedf7cb51cfbe4896ef8c589a4568b1d5240265b1dcfda83dc8b55365

SHA512
b88f5cdb4bc08429ca40d24cef490128d341e10615d1d93d084b3247c2b28573d177d878c1385d3941e16a8bcc8a9f6b7870c152f4a43d02e69c05defcc9196e

Download Submit
C:\Windows\Logo1_.exe

Filesize
33KB

MD5
290dee5a49ef64523421b246a4cedf2a

SHA1
9007fc4f0068bec23817185e12ac4ad5cae11fbf

SHA256
bd104419c07fdc4dc576e21673a193efb0e9fabd2884cfc6e82afca89b2384f7

SHA512
2b8e4681c617192dc99c710028fd2d2005ad18a0d2fc7fc33b27cbe13c20a2503aee7e120cee787fef53318a2162539dc841ac04779cb8591b4915427165cc8f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-940600906-3464502421-4240639183-1000\_desktop.ini

Filesize
8B

MD5
d8dca68320777bb03e3a6dbdb7624c4f

SHA1
094cbdfea49743824e2aaf9c66082c25da2157b1

SHA256
ebe46a39e49fe879afd1b4ac0de5c6c62e8e90342cd71aaaf3ec1d84269e9c6e

SHA512
9097e8a3df0ae12235002caaef04951ab586d84ea9db1b9952e684b5ab570a033ba1bf047598fca329652cab23a5ec1516e6cd6dbcbd979fd32b9b8afbdf88cc

Download Submit
memory/1192-30-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/2252-19-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2252-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2252-17-0x00000000002B0000-0x00000000002ED000-memory.dmp

Filesize
244KB

Download
memory/2252-15-0x00000000002B0000-0x00000000002ED000-memory.dmp

Filesize
244KB

Download
memory/2556-34-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2556-21-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2556-3309-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2556-4156-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download