15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe
Size

393KB
MD5

7a9842b20acff3b9d83dc852fb7d0059
SHA1

be693e260c110d29f3fe12fde5b8593f177e6b56
SHA256

15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd
SHA512

24a697195f40dd2eb94035a03915fb4f3c57a94be9210e038f3f8c33dca897aec45ba1c4e21d6588674e82a6163f5046a865ddf25ba84444c98843977c308315
SSDEEP

6144:wuJOnDXYQ/BWJjmpgtBZQZKQj8p3jyb7HREd4SZ1tzLbF:cDXYJmSTZwYp32bY4qtDF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1396	Logo1_.exe
4884	15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\PhotosApp\Assets\ThirdPartyNotices\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ko-KR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\127.0.2651.86\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\uk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_~_kzf8qxf38zg5c\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_91656\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\EndOfLife\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pl-pl\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe
File created	C:\Windows\Logo1_.exe	15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe
1396	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 3708	2236	15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe	90
PID 2236 wrote to memory of 3708	2236	15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe	90
PID 2236 wrote to memory of 3708	2236	15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe	90
PID 2236 wrote to memory of 1396	2236	15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe	91
PID 2236 wrote to memory of 1396	2236	15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe	91
PID 2236 wrote to memory of 1396	2236	15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe	91
PID 1396 wrote to memory of 616	1396	Logo1_.exe	93
PID 1396 wrote to memory of 616	1396	Logo1_.exe	93
PID 1396 wrote to memory of 616	1396	Logo1_.exe	93
PID 616 wrote to memory of 5112	616	net.exe	95
PID 616 wrote to memory of 5112	616	net.exe	95
PID 616 wrote to memory of 5112	616	net.exe	95
PID 3708 wrote to memory of 4884	3708	cmd.exe	96
PID 3708 wrote to memory of 4884	3708	cmd.exe	96
PID 1396 wrote to memory of 3492	1396	Logo1_.exe	56
PID 1396 wrote to memory of 3492	1396	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3492
- C:\Users\Admin\AppData\Local\Temp\15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe
  "C:\Users\Admin\AppData\Local\Temp\15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4D9E.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe
      "C:\Users\Admin\AppData\Local\Temp\15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe"
      4⤵
      Executes dropped EXE
      PID:4884
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1396
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:616
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3000,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:8
1⤵
PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
247KB

MD5
7c4e197db471f4e98b1fb77cc47dc4dc

SHA1
cd3051330ee938e1413608db7e9958dda81e3aa1

SHA256
c3f7bf528fd3e2d88642a9b63fd3bdf1e91a6ed8e980e7dffa3c1aca6a5d9dc3

SHA512
06736f2550a2844e2ac62d5a79d47b54ae9bbef47f42a93dc335e98507bc4dd99df60429bdcd2e5015e2637f6a4022ec5550d705b9440ebcd8a9a721ea6f8b5d

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
5bd678bdc48051e0eb55e95b2c27b67b

SHA1
396df65ef6229b910c77e29bfecfcf662c55df61

SHA256
7634d299c72215ebb85de431475a493ae24953ba5f0428e5d93352ff3d465e71

SHA512
27a4267f726c1e7622724e3ea4f6e909b155172d88a8252f6b7c16cae61b8cf9e4544ec24d4835cfacecb34c6626a8371e3178bd7f02c602f2ad1946c5030179

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
ad5a7e5eb1a1cdd791957e07c93748ae

SHA1
6e4f8c5f4d791327e11d0d68ca6f514554af8481

SHA256
cfee92d916fbbb95d8282c3264d3708ad1ddfdd9db4daaf00e0c96a22854c4dc

SHA512
a8acd191aec48dac8d5808a93ee973ea52793140e318b4d870fb10e4e8ba0756fe95654134dd1c175168375a0f7caebfd8a7d46a9b3dc71006f830b53dd9fefe

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4D9E.bat

Filesize
722B

MD5
5069576a00d6e0231c30c914313b8501

SHA1
4fe006f9de77b2bc8d2ba48880353e20ed899a37

SHA256
a021d60659c98322866eeba38ff672450d5e5086f69419144925a96bced75e6c

SHA512
ffcd0b878a933069f645c83d235ceb474a0b9d9ccbf1cd16a363f1043d3d4d2cd7fd03873c924112410e765fdbe12875adc16defef523c117a1c90135e05e881

Download Submit
C:\Users\Admin\AppData\Local\Temp\15104f2329dc4730d0fa2de5573e6d10e1d34a75b8939c29b6d6c3133bf7e2bd.exe.exe

Filesize
364KB

MD5
213eeb5e8f54231f68e5b26a0fc81bd1

SHA1
1bc31a42536eacbb57d1cd92ec4b5524a82264d2

SHA256
b309045509efc205eb35d6037d64640093fde6c54ec5934e329b447417005a50

SHA512
ce35c5f453126c98329df141f821c55692f9252549c76921c231d8170df356cda1689e636758519c0b6898f11b5c836cdb4967d296b99f915e4d1980470a083b

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
ca4a7862478fb4f3b45a9e5d76664163

SHA1
3af635e45dca388b8575fc87ceb0c0e3607edfd1

SHA256
c58b63edba763641f3aade2039f2297ad2a94a56d155de78f562b40afd215e0f

SHA512
099fa71c1b45b4e85cf39bc16fb9436efcfeb954ce2a42bd4f3b9c94a30bde50a1d2d376dbebe941f08061f1c506fc6819b499ea52f7abd55de455be3f25322f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2170637797-568393320-3232933035-1000\_desktop.ini

Filesize
9B

MD5
f74f4ac317419affe59fa4d389dd7e7c

SHA1
010f494382d5a64298702fe3732c9b96f438c653

SHA256
74fafb0f14fb17a8a4963d5f46fc50b3517e7aa13414ac5f42edfdf212a9bb01

SHA512
f82fea1632b97d2b6771f43a6941c84d7fbb86f4c4f69e9b4335aa0e166e2670f09d451da61b13cb16994b9294e99b1cfa27f2447579645b3886b7bd014cc00f

Download Submit
memory/1396-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1396-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1396-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1396-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1396-447-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1396-1240-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1396-4865-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1396-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1396-5322-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2236-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2236-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download