bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe
Size

398KB
MD5

ca4eef83512d0a2704a0146c7dcc8a92
SHA1

bb6b28582da7a1661fdbb0ec026b2c2919fd84ba
SHA256

bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7
SHA512

362457b3a2d89015ec34a181af95442eed8eb43ff6ebe4e8b66a38c36c01991af62c84b7494c936d85cf031548e5ae1aafba55ea8b67a8955aabea64c20e2372
SSDEEP

12288:x7+iY+evpFV5DJhzAtUskJ0eZHQ2ksAKNeiQ30blG:x76HVnkszNerEk

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2552	Logo1_.exe
3808	bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateComRegisterShell64.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2019.807.41.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\libs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kab\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\123.0.6312.106\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sq-AL\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe
File created	C:\Windows\Logo1_.exe	bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 3564 wrote to memory of 3448	3564	bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe	84
PID 3564 wrote to memory of 3448	3564	bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe	84
PID 3564 wrote to memory of 3448	3564	bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe	84
PID 3564 wrote to memory of 2552	3564	bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe	85
PID 3564 wrote to memory of 2552	3564	bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe	85
PID 3564 wrote to memory of 2552	3564	bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe	85
PID 2552 wrote to memory of 1244	2552	Logo1_.exe	86
PID 2552 wrote to memory of 1244	2552	Logo1_.exe	86
PID 2552 wrote to memory of 1244	2552	Logo1_.exe	86
PID 1244 wrote to memory of 1520	1244	net.exe	89
PID 1244 wrote to memory of 1520	1244	net.exe	89
PID 1244 wrote to memory of 1520	1244	net.exe	89
PID 3448 wrote to memory of 3808	3448	cmd.exe	90
PID 3448 wrote to memory of 3808	3448	cmd.exe	90
PID 3448 wrote to memory of 3808	3448	cmd.exe	90
PID 2552 wrote to memory of 3356	2552	Logo1_.exe	55
PID 2552 wrote to memory of 3356	2552	Logo1_.exe	55

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3356
- C:\Users\Admin\AppData\Local\Temp\bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe
  "C:\Users\Admin\AppData\Local\Temp\bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3564
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5D43.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe
      "C:\Users\Admin\AppData\Local\Temp\bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3808
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1244
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
244KB

MD5
8fadbbfa2cdf437049151616b19faa45

SHA1
72db849be5fcde39a899eb76a9d815fec6d53356

SHA256
b933e6ca142608f5b09f7b7db1d3f49bae24b8d5de24eb69af5c881ce33fb670

SHA512
0c15eae76dfe56766496f4c6139b529bf8502273b63d8f56437ee86a91565ad89e5b9e0616be20118e1f5bdec8caa717f33cc871a250ce8e05fb4757f043ff76

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
cbe18105891aa010ee45a0c1312641ad

SHA1
5688a04617cec19bf41c6363b0cc97b8517a7d2c

SHA256
3a1a43479f66e3000c62a8d84e1a5de21dab6d931202b1c043da6a46471758de

SHA512
1bf32a287751cc28616287aff0a02d1b5313090e1c922ecadf5f11cfb8e7705bd269e7685b8e47406e36212275da735cb1c90af611a6786dae8e17d281d4d13e

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5D43.bat

Filesize
722B

MD5
3a70ef3861a18dcedcb06d80b4ac0dd5

SHA1
433e711bda3850d5a556588862d1889417aa5aa9

SHA256
fdcfe312965d439b6317c427d84354c9575fcfc4a553572146cdd20ed46cfee8

SHA512
a732b13f0ba80408de7470a2f012520cc1b87bf3cf36dccc3629849b946c4caacea06e1e1f11346f82efda8d125627d895bf873e7e6b20d73a91e8da41d4a538

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdc3eee5d021b20f8def7ff2bf0355daf38dded2aefa3fd8250401d11613b8f7.exe.exe

Filesize
372KB

MD5
6da7293f38e94cb996573701b304c023

SHA1
1138423f6c20051813861da57dbd1d801d45a1a9

SHA256
e08a1fd51eb282da8bb1d62f441b9dc1c908dfe48681a53340b0bf4dab2dcd7a

SHA512
4642994096d39f226ffa5c9a5d53b8b82fdf507dffe2f23573e4c96b76d5893416e7741245f43cb96e2f1e59b0829b2b81c5bb19caefd1bb3de49ec4821fe407

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
299f200b35bb4d4b2806d2126f9adaf0

SHA1
d79612590eabd0b56be89ac3df76ff2070e44681

SHA256
6f659314234895b3f36d86958d115025e5151bb5f3eb05a7c86a91aa15a3fa82

SHA512
5c40e2692cbe3b33f27d8281a4fc5d1069de84964cdae28d6986145e39d66be9751eee147874ab359768e3d33a58053b4ef8ff90fb63326131555d8c3ae58eb8

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-384068567-2943195810-3631207890-1000\_desktop.ini

Filesize
9B

MD5
26a799e5457b5e8836d7b58e5787f437

SHA1
7dc33652947afbe41d930e2a928dbd2f2e23e983

SHA256
a6038a34fb7a4cafee0fabca96d108d7ffbb35832abfa12290467dea3360e00f

SHA512
03d1a024d878a4021e38dfda03c8b8941640dd7f580a85b9045c1b421df3c32925d1bd9d3818983eb4987a6ac18fb88d368f7f712a9095a089657299c233095e

Download Submit
memory/2552-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-1233-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-4785-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-5230-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3564-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3564-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download