396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-08-2024 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe
Size

52KB
MD5

eb60b9f77793c9ce464a5ee35dd12dfb
SHA1

81135ef3c56940ee4dd02229dc4bc111bf29b754
SHA256

396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c
SHA512

2204958727e04c5b882029e2ee1d4e43d2b874844590da879abd488291345746b5e49be2d2bf6f54cb8c8be265d23f8254ce1d36d1c431a078b025b869471252
SSDEEP

768:pX1dv16GVRu1yK9fMnJG2V9dHS85qgt6jpYU5ltbDrYiI0oPxWExI:pX1d93SHuJV9NP6jWWvr78Pxc

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1004	Logo1_.exe
3580	396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_2019.729.2301.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\he\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ko-KR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_92.0.902.67_neutral__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\Font\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2020.1906.55.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\gui\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\uk-ua\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe
1004	Logo1_.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1680	OpenWith.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 4988	840	396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe	84
PID 840 wrote to memory of 4988	840	396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe	84
PID 840 wrote to memory of 4988	840	396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe	84
PID 840 wrote to memory of 1004	840	396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe	85
PID 840 wrote to memory of 1004	840	396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe	85
PID 840 wrote to memory of 1004	840	396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe	85
PID 1004 wrote to memory of 4804	1004	Logo1_.exe	87
PID 1004 wrote to memory of 4804	1004	Logo1_.exe	87
PID 1004 wrote to memory of 4804	1004	Logo1_.exe	87
PID 4804 wrote to memory of 4656	4804	net.exe	89
PID 4804 wrote to memory of 4656	4804	net.exe	89
PID 4804 wrote to memory of 4656	4804	net.exe	89
PID 4988 wrote to memory of 3580	4988	cmd.exe	90
PID 4988 wrote to memory of 3580	4988	cmd.exe	90
PID 1004 wrote to memory of 3588	1004	Logo1_.exe	56
PID 1004 wrote to memory of 3588	1004	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3588
- C:\Users\Admin\AppData\Local\Temp\396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe
  "C:\Users\Admin\AppData\Local\Temp\396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:840
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAF89.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe
      "C:\Users\Admin\AppData\Local\Temp\396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe"
      4⤵
      Executes dropped EXE
      PID:3580
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1004
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4804
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
247KB

MD5
c956a319f9e83c47efe8f30acbcab757

SHA1
f964d8f25a289f378a4024c3fa1f5e5c434547e8

SHA256
fc6f3029b993595c3371740bbc1f7efa4b17d5aca1daea44987e39f38a3025f9

SHA512
f66f2b06c720f27da9f6348d25cf1dd7035d87968293e72191eb005f74cf953546f7e3533f7d269dfa291c827b2efa072f5ae3134f86e4afaba6352cdc92282d

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
f17e0862e72e5f3c56c0666e9ffbdb9c

SHA1
fd798e723b5eb3f39a1dc7c2e3e3c4bc8669e2a1

SHA256
f93c0ae6de01e03d23466bf9d761a0cc024cdfd628409ed5091e5b823daf71fb

SHA512
907df837f3774d554911777edf660a0bb4285c464af0e417d62561f56b3282237e86380c22eddfc79116ea51a329b402a44a1e7767516a72a4055d3c0837ff42

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
fd93240910d7b1f0744b83d0f7bc706a

SHA1
508d162f4e5c8541f6cc1389a9f83c049bf848c0

SHA256
3803edada5f998dc92eb477e572fb4785eb4003285dab3ad2e0bc269e7ff2152

SHA512
d6f65e92a7afddd3e1879449a64943daeaa435fa217f386f7bee28a602a091998bf31bc29c01879228e705dcef59794c3361aa4b3417a2b653d9d40aaf764500

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aAF89.bat

Filesize
722B

MD5
9d592f3b31e0acc727c0b2f57a5de043

SHA1
958f5833bd9438d10757ea3df0c3510a85e6bee1

SHA256
cbd7b232aa5eef7264e1b585063b1afab27d916b83cc3d86eb8a53e034548972

SHA512
82917dd175f730c95efbda1878fc8b7fe093a21cdcfbd1203ca194256fcff85a3a372dd5194fae5b0aede4ca46507dddffe907a90231d281bf1901d687c16a4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\396129632be308ab609bc07f85989ac7c5f7ae59a0a2a3376b9e9626ba77a57c.exe.exe

Filesize
23KB

MD5
3f9dbfee668294872ef01b90740b01d0

SHA1
99a4702b65485cd14736b1c2cdfb81b455dda01c

SHA256
40b32fea1fcadcb2db369475e2bba58b0b83f5c3bb647e2e63877726c35a9f86

SHA512
0113cec160d97ea0cce70860cc5b79b502d16191ee237a3abb84309499be193aa0127dbcb41fc05a90fa61484b061ec4332ad29a918db598e32fe832b74bd1e3

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
2b5bdf36eb0fef11ac07c198ab0874b3

SHA1
e723dc372a2fb0bc9bace6adb679ccd0d13116f8

SHA256
28d5cdb855181907549e049c00abfceb1edeaf73d56a15fafc28c3503cae0a2e

SHA512
fcdadc2227f91d188712c628e58be7c8081488623dd2287c715d7ddda66fc547a419f6e168858dc560dd89478a408d11413b49aeaed11162e1ae34a62ea1f28c

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1194130065-3471212556-1656947724-1000\_desktop.ini

Filesize
9B

MD5
79a2fb76ad00a8ac07f11b6a179f5297

SHA1
72b4f589fd7945d8c80b370d1d3a1f2467f3eb81

SHA256
2f723e98c3a3556269a4d81d4a27d6a0ab13a84c5ba737493c07354a2608684f

SHA512
3a21c2e60e8e035fb90d428e86bb927077d8354a16f1abc291ccba4a4d7fee4f51cf781fa9202e5602a88ca70a6ba264ac49762100be5f6e09a2ec930e098168

Download Submit
memory/840-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/840-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1004-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1004-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1004-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1004-1232-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1004-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1004-4791-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1004-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1004-5236-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download