14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443

Analysis

max time kernel
149s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-08-2024 21:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe
Size

959KB
MD5

18a59bf0f05293224bc451bf8f293139
SHA1

004f9ef6d15a6b708a234e7831a6194723750e63
SHA256

14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443
SHA512

114e8c1727e7e975ecb37ea7c4945c8c2197173506955838377dac305ecf827ee9c6d51985a54969cfede672722135522f7978f5f45b3643f513b54799fa73b4
SSDEEP

12288:0RKcv8Nh7py6Rmi78gkPH3aPI9vyVg/0paQuj3IdD02fKBjtp/:ZBpDRmi78gkPXlyo0G/jr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
224	Logo1_.exe
2416	14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\SIGNUP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\d3d11\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\ScreenSketchAppService\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_2019.125.2243.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\en-GB\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\Fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Speech\en-GB\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_2019.430.2026.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe
File created	C:\Windows\Logo1_.exe	14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe
224	Logo1_.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2416	14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe
Token: 35	2416	14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 3036	4752	14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe	84
PID 4752 wrote to memory of 3036	4752	14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe	84
PID 4752 wrote to memory of 3036	4752	14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe	84
PID 4752 wrote to memory of 224	4752	14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe	85
PID 4752 wrote to memory of 224	4752	14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe	85
PID 4752 wrote to memory of 224	4752	14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe	85
PID 224 wrote to memory of 5096	224	Logo1_.exe	87
PID 224 wrote to memory of 5096	224	Logo1_.exe	87
PID 224 wrote to memory of 5096	224	Logo1_.exe	87
PID 5096 wrote to memory of 4556	5096	net.exe	89
PID 5096 wrote to memory of 4556	5096	net.exe	89
PID 5096 wrote to memory of 4556	5096	net.exe	89
PID 3036 wrote to memory of 2416	3036	cmd.exe	90
PID 3036 wrote to memory of 2416	3036	cmd.exe	90
PID 224 wrote to memory of 3432	224	Logo1_.exe	56
PID 224 wrote to memory of 3432	224	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3432
- C:\Users\Admin\AppData\Local\Temp\14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe
  "C:\Users\Admin\AppData\Local\Temp\14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4752
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAE41.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe
      "C:\Users\Admin\AppData\Local\Temp\14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2416
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:224
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:5096
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
247KB

MD5
d077c5c382815b681e7dbdbd285fdf5a

SHA1
402edb52c84fcbdb5ab5c735366d1a11887468db

SHA256
05b1611cd68e5c957eb36980fd8ac790f3dea97a64b0f453cb4b41a15e4f8aed

SHA512
208d90f8cf0c14e05eaa153bad1acb3c70ad6410b228a5eaf8f9949fd24f4d1957ab799170b9beab978d2b6b7275bc54345df89a2e1123879c136aa4e437a936

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
d92773168c12f91e9e3e97dd65064556

SHA1
58202ed501a762e2458543765334ae1c96edcd58

SHA256
6c62d5cb14c7c0d1533f9ca264ff0a5eb35fb750737c83860af76461191aff70

SHA512
aa8b3d382cdca37945aad0ef651e372d13ac52678fa3860a8ade31d0f9852d101e8f481ca2dc33a36438062c594f8072749e9a3b03de86b01377298dab3e8912

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
82e153319701c6a97a66bd363b818222

SHA1
108207f7e7a67d3126a2bd4adbe54e13f16eb989

SHA256
d0e2aa6d001b0c7a6268bf05e98e6bacddace6abbc9a40814e2b55fa0b7891c9

SHA512
542207b862f25c84fb9b76a51eb79cba0abcb1941685dc373c260fb01f60fa93eecb327c6b6121d10c0b57fc0b3b14c222e03fa74f7ca90688dc3691729252bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aAE41.bat

Filesize
722B

MD5
2fd3ef50491a8a0a812b17a38d3a34d7

SHA1
ad362061a98829e701bfc8cb66e1dad78a4b9385

SHA256
d3c90620ad0c6fa889373ace5edca4edde79f8b43f5d19712fa002aabd749e3c

SHA512
898487b48ba4a614c82803a561b86dc8bacc1921f2b2ea3ae663c0a43706b4e13a6ed6ee729cad334843a76c652cb5fbb51bf49482bd5fb203592934bc27bf5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\14832607bdf8860052c6ee8367fdcd0478da379bedc42361b83bca2564927443.exe.exe

Filesize
930KB

MD5
30ac0b832d75598fb3ec37b6f2a8c86a

SHA1
6f47dbfd6ff36df7ba581a4cef024da527dc3046

SHA256
1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74

SHA512
505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
3892a73a8feb14c363f9fc86355e24c1

SHA1
b38d5e8b79fc76ac6c4c92b61f0e42ccbfcb15a8

SHA256
abe3fc6cbe35adb6def32941c3b2244be5fe43c214a0fe4446ce889fbd8da8bb

SHA512
099917ff9a2b844e33be0de5dca9cda472aee12a26c658b821f8098d0c0acd1c5a34eb5e90f0e1520b042dfe3571a558c9598346a7e4009d0e6c3e76ab5e7cf2

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-945322488-2060912225-3527527000-1000\_desktop.ini

Filesize
8B

MD5
a451cf229ab77d19c624b2e48ac11ec8

SHA1
0f3002921952d4e528750030d6340b77d10b5fc9

SHA256
96a8bb2a4a11f6596cd7c59eee4a5ea4dcfb02550aadc0b233e6cc269883f222

SHA512
699a221508bfee448d09720da926c818de965de39253e6c82fe79343d2916c59edb97ae5dc6d1e3b6343928fcefb636f5dfa13507e5ec53b3c4eeb1266caa3cd

Download Submit
memory/224-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/224-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/224-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/224-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/224-1233-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/224-4795-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/224-11-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/224-5240-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4752-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4752-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download