4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61

Analysis

max time kernel
150s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-09-2024 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe
Size

52KB
MD5

fa2a8fcf49048bc8c095c6db30042ef7
SHA1

e53cd9957713e1e17e4e31a5d02742ba301a9a91
SHA256

4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61
SHA512

63e31442627636c840d23abe27d173d247e1fd9008e2d2796e57ff80215de37696c81fc79e27e87df3300252b33df9abc3b7da95f7b3caca96462cbaa355b688
SSDEEP

768:/b016GVRu1yK9fMnJG2V9dDClcxGqgt6jpYU5ltbDrYiI0oPxWExI:Te3SHuJV9Qaxo6jWWvr78Pxc

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4808	Logo1_.exe
3780	4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-MX\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	Logo1_.exe
File created	C:\Program Files\MSBuild\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hr-HR\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-US\en-US_female_TTS\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_2019.125.2243.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\dictation\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\collect_feedback\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler.exe	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\8.0.2\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateComRegisterShell64.exe	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2020.1906.55.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\_desktop.ini	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe
File created	C:\Windows\Logo1_.exe	4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	OpenWith.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe
4808	Logo1_.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4424	OpenWith.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 1108	224	4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe	83
PID 224 wrote to memory of 1108	224	4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe	83
PID 224 wrote to memory of 1108	224	4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe	83
PID 224 wrote to memory of 4808	224	4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe	84
PID 224 wrote to memory of 4808	224	4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe	84
PID 224 wrote to memory of 4808	224	4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe	84
PID 4808 wrote to memory of 2840	4808	Logo1_.exe	86
PID 4808 wrote to memory of 2840	4808	Logo1_.exe	86
PID 4808 wrote to memory of 2840	4808	Logo1_.exe	86
PID 2840 wrote to memory of 2744	2840	net.exe	88
PID 2840 wrote to memory of 2744	2840	net.exe	88
PID 2840 wrote to memory of 2744	2840	net.exe	88
PID 1108 wrote to memory of 3780	1108	cmd.exe	89
PID 1108 wrote to memory of 3780	1108	cmd.exe	89
PID 4808 wrote to memory of 3416	4808	Logo1_.exe	56
PID 4808 wrote to memory of 3416	4808	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3416
- C:\Users\Admin\AppData\Local\Temp\4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe
  "C:\Users\Admin\AppData\Local\Temp\4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:224
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7A60.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe
      "C:\Users\Admin\AppData\Local\Temp\4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe"
      4⤵
      Executes dropped EXE
      PID:3780
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4808
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2840
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2744

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
247KB

MD5
0674a64b1dc5351c7e4c74f0ab8f5128

SHA1
9e813ade5e68b99224d02f0d9fa042bdd8c10268

SHA256
faaa820c6cc4559b0bea9d81cfcfde32f0ad631542cc2193e3abc3b6744fbbef

SHA512
986b55d32fc1fc354627ad18c3f203422b203de45c47e6abd4267f3921ef8f774f6c278f9ec97400bd9cfc5813ea9f39d63df77f41d644b4855ed0796666e6e5

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
780e344b03ae45f0c3b3402f4784a89c

SHA1
b8cc8d9347b4f00d687d3b97b2b60e41a0fb0dd4

SHA256
1828a477c74d4f220e29a04852933644fec0c1ecf843cea39df551bbb045faf8

SHA512
538dca53d5b1d252870dd4395bb9d68a8240576d90fc77b33b8056b0e7adf37d407768dcd33fed332d0e4fbcde7fa62809ee20bf31f25203d6ae6bb147edc8cc

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
470a3027d524047e1388a789be103e9e

SHA1
9af6b6db9925b91470a1c7c8d8758f670a76fa8c

SHA256
390515c293a7534b1badec267568e5a3f2b7348314adcc1eaf2a2e066592ab59

SHA512
0c76ca58bc45cc3f647dfa617f778457762e1864cc9c41f042f629416165866dda6e8d4d3575bdff12025b70548b0beab4c403213813928668011b388a2138a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a7A60.bat

Filesize
722B

MD5
cfc9a512948e68a878b0daceecc9e736

SHA1
df155baa0843fcf45c47ee0459d4f994a41f20ae

SHA256
95db6bc05d6720ac0da0e31217c3e9d06b662525a287ec7fed6861daec38fd5b

SHA512
2922b7f9162d2eb95cbca273dd4ebf467e1e7160d76234e7e474430b78da274fa718fc67225247903511e13a1d55052d6c6bf0a98d30a84841514e23caaf5821

Download Submit
C:\Users\Admin\AppData\Local\Temp\4c097ef714de4e0ba7ddcbe7cd7b1eae8eec1c2597c15449b16ba3a80e10da61.exe.exe

Filesize
23KB

MD5
3f9dbfee668294872ef01b90740b01d0

SHA1
99a4702b65485cd14736b1c2cdfb81b455dda01c

SHA256
40b32fea1fcadcb2db369475e2bba58b0b83f5c3bb647e2e63877726c35a9f86

SHA512
0113cec160d97ea0cce70860cc5b79b502d16191ee237a3abb84309499be193aa0127dbcb41fc05a90fa61484b061ec4332ad29a918db598e32fe832b74bd1e3

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
b2a95470179dbfc67491209da01c3a73

SHA1
1f71702eab91e66d604b5e37508dc0997fb0cc18

SHA256
26f51b187a06a048a401aa37ad05f8d8ee31c47494ddecb6b665f2f8c56a888f

SHA512
7d3488eb2f0411b51b105aa304bc85ac1bb3c0baedc20255feb466ee457673f91cd3b4a2369b1302f39616ae9b1097d0bfe8ac885777e7d9a87f98fe07fdd0a4

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-786284298-625481688-3210388970-1000\_desktop.ini

Filesize
8B

MD5
5d65d1288c9ecedfd5f28d17a01a30bc

SHA1
e5bb89b8ad5c73516abf7e3baeaf1855154381dc

SHA256
3501728ad227b52ce4d4f85ddd0e6d28dfa7acce977ae27f1e337be209825a5f

SHA512
6177ce001dd535382c3bae5e8c3cfda85d8d8b76b68bce10fa8e5e1e748fd1512a531ffc93fef1316f2c27d93b5b4a5b60a6391f0e131ccc5cc0a65c2755868e

Download Submit
memory/224-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/224-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4808-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4808-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4808-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4808-579-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4808-1234-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4808-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4808-4785-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4808-11-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4808-5230-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download