dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92

Analysis

max time kernel
149s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe
Size

1.5MB
MD5

4f9c6a1e2c3f6ae064a3dbca2506462d
SHA1

69ba1f69509dd976051495cb2c5b9bb9ba88c033
SHA256

dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92
SHA512

69ae91e2e09b6ade350c393f31741f0a57d3794e6b3b72938978ee6ff0e6a31a8c6faf0d929d50703dda47483ee80f0cf03c6728063da2881571f29944b25af5
SSDEEP

24576:F7MzoPVhggvWBFQP6s+LK77kx6Z4TIPhKMQbQQ92qXRovKkZz1odTDLQ:F7McPVhgaSsirtMsnLRovTZ5f

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2156	Logo1_.exe
3528	dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\collect_feedback\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2019.716.2316.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\hrtfs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleAppAssets\Videos\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe
2156	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 4904	1420	dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe	82
PID 1420 wrote to memory of 4904	1420	dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe	82
PID 1420 wrote to memory of 4904	1420	dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe	82
PID 1420 wrote to memory of 2156	1420	dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe	83
PID 1420 wrote to memory of 2156	1420	dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe	83
PID 1420 wrote to memory of 2156	1420	dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe	83
PID 2156 wrote to memory of 4848	2156	Logo1_.exe	84
PID 2156 wrote to memory of 4848	2156	Logo1_.exe	84
PID 2156 wrote to memory of 4848	2156	Logo1_.exe	84
PID 4848 wrote to memory of 4488	4848	net.exe	86
PID 4848 wrote to memory of 4488	4848	net.exe	86
PID 4848 wrote to memory of 4488	4848	net.exe	86
PID 4904 wrote to memory of 3528	4904	cmd.exe	88
PID 4904 wrote to memory of 3528	4904	cmd.exe	88
PID 2156 wrote to memory of 3512	2156	Logo1_.exe	56
PID 2156 wrote to memory of 3512	2156	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3512
- C:\Users\Admin\AppData\Local\Temp\dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe
  "C:\Users\Admin\AppData\Local\Temp\dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1420
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8925.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe
      "C:\Users\Admin\AppData\Local\Temp\dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe"
      4⤵
      Executes dropped EXE
      PID:3528
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2156
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4848
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
244KB

MD5
2e3f489b96e5a5c3146dd8b5ec1baed0

SHA1
d737ce8bbd5daf5e7c889fd24a426ec8d730141e

SHA256
15952175bb55ecc9cce2cd6ee2f679e241b8ff52e6e78ec90d0c04e505874368

SHA512
4448441dac9f28ca6aa1a573ff587acca5e46adb9960530ab76a735a3d4997acf162d7a2f6eac834f9a0dbeaa4dcb5a528800248046d2607d54fc082bb97c9fb

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
4fe5d3d4f914c0e2f8a33cbc67a80379

SHA1
8552bcf102818de0e144deaf53d76331ddb57ff3

SHA256
56a04c3f67193c8fcb2b0251296e6e70535a8e034ebe5baf7d5cb960c549327b

SHA512
ffc31939fe18c4a3b1864b8d09718a4f7cc067680c91f573c4dc3fd99083ad6e0eb53214b6669db8993d8dc900ded54feaa6a7fa97d6abb4ad1f19185eca4a90

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a8925.bat

Filesize
722B

MD5
0df8e681a40756f18c8830f3e1af68cd

SHA1
9b615dc45645656b757deea97f330c42237f11bd

SHA256
3eb7d747ccf28ab57e3e48a0bbe33768dbe7dfec21c2cf43f51a3e5750b4087b

SHA512
d54d5fa5ab792572ca238e85dedc9bbf736c62e94b92966e3a014c660c4789bc87b5181778301d20951050fe51119f6196bf1cceafceed12b48b55deedc1f023

Download Submit
C:\Users\Admin\AppData\Local\Temp\dfe3f15b2e42c4fdca5dc6cc8dabda39038ca3e1cafca01d46fbb38c077d1a92.exe.exe

Filesize
1.5MB

MD5
31c7a44ac2648b6e4fb3221a686c0ea4

SHA1
d256a483e45909015df232f73820953066452443

SHA256
3fc2edf27b7170419f813400795cc0ccfbd1a042c4be281808042885dc4dd12a

SHA512
a070f9e2b5fa520173dbe150c951e1ae5af1d78bec01c515704f1e937771c0fb727e73598a85aed74cf0af320a0055df8ad9a411350556abd54e8c7702cab89b

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
0156c9d302ae23cba00dd1920257b740

SHA1
76bff8acd51329cfdb5476f92990d28b5e381c7a

SHA256
0687d056943d8efa2e597cdd822514799d9510d69b7c12d437baed56f26f07f7

SHA512
ade9c277c4e25d1d26895bdebc689a96abdcf046283fb83ec4c6b59bc6330a63ff82e68782af8923713a2a28b1d45d81d4ae176a8fc5310ad86ebe78b5a914b1

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4182098368-2521458979-3782681353-1000\_desktop.ini

Filesize
9B

MD5
e02899454c67c7d6d1af854fdcb53b67

SHA1
26fb213f7c299c2a4d8c4afd234ee0b751d7a30e

SHA256
0e67e90646d3ba7b46f935b205c9f89e8bff2dca7aeda3cd5dfb93868b262315

SHA512
e1519bebf62ab4cb28e630a201312812e04f815ec0663f7b68b478da97c0bf7c7c2238a8632540d3d1f37acbe83919fb198b39ebeb222c19faa2130ab65ffffa

Download Submit
memory/1420-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1420-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2156-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2156-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2156-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2156-411-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2156-1234-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2156-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2156-4792-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2156-13-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2156-5237-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download