Analysis Overview
SHA256
f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec
Threat Level: Shows suspicious behavior
The file f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops startup file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Deletes itself
Checks installed software on the system
Enumerates connected drives
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-26 04:20
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 04:20
Reported
2024-10-26 04:23
Platform
win7-20241010-en
Max time kernel
149s
Max time network
124s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Internet Explorer\ExtExport.exe | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\en_GB\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\es-ES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Journal\Journal.exe | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Mail\wabmig.exe | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\EURO\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\br\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\brx\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\de-DE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\kinit.exe | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\art\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\mk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Journal\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Analysis Services\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\bin\server\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\VC\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\uninstall\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\demux\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Minesweeper\de-DE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe | C:\Windows\Logo1_.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rundl132.exe | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
| File created | C:\Windows\Logo1_.exe | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
| File opened for modification | C:\Windows\rundl132.exe | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Windows\Dll.dll | C:\Windows\Logo1_.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Logo1_.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe
"C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe"
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3CF1.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe
"C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe
"C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe" -burn.unelevated BurnPipe.{867ADDB3-92A1-4389-9562-99DA3A07396D} {A5907949-362F-43AA-9C83-109F92F26009} 2656
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
Network
Files
memory/2776-0-0x0000000000400000-0x000000000043D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$a3CF1.bat
| MD5 | c862d0940f612bd83874e5bfc6dead17 |
| SHA1 | ce556fd27b35bc6a5f9a9df7b5bae434f823b9a7 |
| SHA256 | 5eae0d6cf0a4b102a18caede39fd279dd4d2ccb9087b35a5a20f9e9fd56d263b |
| SHA512 | 27f2289791e82c139b0e39e1744c4f5b38a0d1e7f97ce7eef8f66b8aa6880f2a7fd79f7e7ab0831501a36f5b11524700f09cd5ad82ccf542f8c4c05e17245650 |
C:\Windows\Logo1_.exe
| MD5 | dd7de04b7104a93e35fb3a577b5b621b |
| SHA1 | 4d84ff8b82f359e1c303d9d68dda6dc503848ad6 |
| SHA256 | fc02df6a818f176e9499cda422291726b9e3d37d6e381dd5629295df031cde03 |
| SHA512 | 569116a84fd5d09c06c4967d466de2f6a7be71b77edaa28bef11836d0eb5fa20eef5c9c415540a8f5f785cdbe0e059f21a835952b81ac97b5e620a52bf56a921 |
memory/2776-17-0x0000000000230000-0x000000000026D000-memory.dmp
memory/2776-19-0x0000000000400000-0x000000000043D000-memory.dmp
memory/2776-15-0x0000000000230000-0x000000000026D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe.exe
| MD5 | 2b48f69517044d82e1ee675b1690c08b |
| SHA1 | 83ca22c8a8e9355d2b184c516e58b5400d8343e0 |
| SHA256 | 507bdc3ab5a6d9ddba2df68aff6f59572180134252f5eb8cb46f9bb23006b496 |
| SHA512 | 97d9b130a483263ddf59c35baceba999d7c8db4effc97bcb935cb57acc7c8d46d3681c95e24975a099e701997330c6c6175e834ddb16abc48d5e9827c74a325b |
\Users\Admin\AppData\Local\Temp\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\.ba1\wixstdba.dll
| MD5 | d7bf29763354eda154aad637017b5483 |
| SHA1 | dfa7d296bfeecde738ef4708aaabfebec6bc1e48 |
| SHA256 | 7f5f8fcfd84132579f07e395e65b44e1b031fe01a299bce0e3dd590131c5cb93 |
| SHA512 | 1c76175732fe68b9b12cb46077daa21e086041adbd65401717a9a1b5f3c516e03c35a90897c22c7281647d6af4a1a5ffb3fbd5706ea376d8f6e574d27396019c |
C:\Users\Admin\AppData\Local\Temp\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\.ba1\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
memory/1188-46-0x0000000002BA0000-0x0000000002BA1000-memory.dmp
memory/2960-49-0x0000000000400000-0x000000000043D000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-3692679935-4019334568-335155002-1000\_desktop.ini
| MD5 | 28a582403dbb209b6c5cb7bada9c918d |
| SHA1 | db58560be63032a4cbd738d2d639e5bf764d6277 |
| SHA256 | b5a9fa3acde4d9499ea08a6d9ff193fc9cda57f04141f82d2422a4008f451200 |
| SHA512 | 511b4d3886d671d01c66d2509b784a199e68a00f2597d311d8d0770f0b1030680136ee450343a8d6c4b51d9de8448bafdde44dc1a1c6e62bccde47d5af03fbae |
memory/2960-1191-0x0000000000400000-0x000000000043D000-memory.dmp
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
| MD5 | dd5f511ac42d9719d30a69ad45d2efd4 |
| SHA1 | 6a74d19c5f70b2950a01f54d6526ed1e1db4dd42 |
| SHA256 | b209a195049e7e6704c77e5856589ab1a257bb70f6457099a5a39cd9531d81bb |
| SHA512 | f1aae77e9af1cccdd44936477504d7d1e92a093b9755d555eaa1510f66e5ed4e96b25c7a8b6f2cb79bd39537d1aae368d6af0176be563885ef61d4e7d752ffaa |
memory/2960-3611-0x0000000000400000-0x000000000043D000-memory.dmp
memory/2960-4113-0x0000000000400000-0x000000000043D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-26 04:20
Reported
2024-10-26 04:23
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
143s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Logo1_.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\P: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\Logo1_.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\Logo1_.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jinfo.exe | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\meta\reader\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\es-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nb-no\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ar-ae\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\cs-cz\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\de-de\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\meta\art\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Windows Portable Devices\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hr-hr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nl-nl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\bn_IN\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\cs-cz\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sl-si\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\javafx\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\audio_output\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ach\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\spu\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\ja\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\he-il\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\es-es\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sk-sk\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft.NET\ADOMD.NET\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ko-kr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\MSBuild\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ka\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-sl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\css\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Configuration\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pl-pl\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\nb-no\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\it-it\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\dtplugin\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\en-gb\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ja-jp\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\an\_desktop.ini | C:\Windows\Logo1_.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rundl132.exe | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
| File created | C:\Windows\Logo1_.exe | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
| File opened for modification | C:\Windows\rundl132.exe | C:\Windows\Logo1_.exe | N/A |
| File created | C:\Windows\Dll.dll | C:\Windows\Logo1_.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Logo1_.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe
"C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe"
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aAD66.bat
C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe
"C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe"
C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe
"C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe" -burn.unelevated BurnPipe.{20B8B901-54FE-41E1-9C3C-043951117FAB} {AD731F2C-88A0-48DE-B7F6-C9D5098B039F} 1916
C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
memory/4860-0-0x0000000000400000-0x000000000043D000-memory.dmp
C:\Windows\Logo1_.exe
| MD5 | dd7de04b7104a93e35fb3a577b5b621b |
| SHA1 | 4d84ff8b82f359e1c303d9d68dda6dc503848ad6 |
| SHA256 | fc02df6a818f176e9499cda422291726b9e3d37d6e381dd5629295df031cde03 |
| SHA512 | 569116a84fd5d09c06c4967d466de2f6a7be71b77edaa28bef11836d0eb5fa20eef5c9c415540a8f5f785cdbe0e059f21a835952b81ac97b5e620a52bf56a921 |
memory/2924-8-0x0000000000400000-0x000000000043D000-memory.dmp
memory/4860-11-0x0000000000400000-0x000000000043D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\$$aAD66.bat
| MD5 | 341058fb9fafaeb388442dd979f0ca54 |
| SHA1 | 67f40f3c87661dc03503c03476eb0407522a5b52 |
| SHA256 | 288b0fdb82f827dc8036b64970ba0333aeb74a8fbbd235d70ad34a29bc571608 |
| SHA512 | 258d8fd64100913aa2e3655fc46178693d8213ead66dd1b6842a47fd8d988278ee28ff62da1ad592c43f8c44264361404cc18ddb7531696386050d9bb9c804e5 |
C:\Users\Admin\AppData\Local\Temp\f033bbb306ff9feebc9f881d7bf293d303af233130e795d86a20b16aad085eec.exe.exe
| MD5 | 2b48f69517044d82e1ee675b1690c08b |
| SHA1 | 83ca22c8a8e9355d2b184c516e58b5400d8343e0 |
| SHA256 | 507bdc3ab5a6d9ddba2df68aff6f59572180134252f5eb8cb46f9bb23006b496 |
| SHA512 | 97d9b130a483263ddf59c35baceba999d7c8db4effc97bcb935cb57acc7c8d46d3681c95e24975a099e701997330c6c6175e834ddb16abc48d5e9827c74a325b |
C:\Users\Admin\AppData\Local\Temp\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\.ba1\wixstdba.dll
| MD5 | d7bf29763354eda154aad637017b5483 |
| SHA1 | dfa7d296bfeecde738ef4708aaabfebec6bc1e48 |
| SHA256 | 7f5f8fcfd84132579f07e395e65b44e1b031fe01a299bce0e3dd590131c5cb93 |
| SHA512 | 1c76175732fe68b9b12cb46077daa21e086041adbd65401717a9a1b5f3c516e03c35a90897c22c7281647d6af4a1a5ffb3fbd5706ea376d8f6e574d27396019c |
C:\Users\Admin\AppData\Local\Temp\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\.ba1\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
memory/2924-35-0x0000000000400000-0x000000000043D000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-4050598569-1597076380-177084960-1000\_desktop.ini
| MD5 | 28a582403dbb209b6c5cb7bada9c918d |
| SHA1 | db58560be63032a4cbd738d2d639e5bf764d6277 |
| SHA256 | b5a9fa3acde4d9499ea08a6d9ff193fc9cda57f04141f82d2422a4008f451200 |
| SHA512 | 511b4d3886d671d01c66d2509b784a199e68a00f2597d311d8d0770f0b1030680136ee450343a8d6c4b51d9de8448bafdde44dc1a1c6e62bccde47d5af03fbae |
C:\Program Files\7-Zip\7z.exe
| MD5 | c271a86be0a29d90a35fe31a5c49272e |
| SHA1 | 40ce9f85f7a6dda6fe54d36a86a46d131bc120dc |
| SHA256 | 6865992bfc8198f5af017209cc289eb9d2adee1e4aede750f881fb5cf307523a |
| SHA512 | e32d6246ec9c00d8bb8a14793f30b22983f1c03ea418c241bf4c8e22c9992334fe0ab3715b64e3d43d44b9a6cba86e4d75c2ff55d8ff2201fcb1329510b762ae |
memory/2924-2930-0x0000000000400000-0x000000000043D000-memory.dmp
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
| MD5 | 10a7fff2e496850370cd3b3ee33cada0 |
| SHA1 | 2fbeb0236ab8937b7aa472cae8b3720802e9c764 |
| SHA256 | 3114db136b324064263065317536490601c26e731d3558a7caf6cc7507db4d97 |
| SHA512 | d714185364cce8be63ecaa6ba4abdd3da5ded059a2df252f9d26e2440cbbcecfc96e0944a84ea3201b0d8b1afa57154053dc814995dbea36bd06dfbfe629ef58 |
memory/2924-8940-0x0000000000400000-0x000000000043D000-memory.dmp