def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe
Size

154KB
MD5

337220ea92a2fd41266f444125d91a3b
SHA1

01472c82ac7ce0de27c816533810def6632d6636
SHA256

def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0
SHA512

57b8fd4a2bdefbfc5347abfbe9cfbb0a04847cceaa60ca3d3e2f912f437cd0546222602792ceba6c19b468679fc3793ffaedc18e0e9169e8f292987542f05eed
SSDEEP

3072:GYftffjmNjleQjpgqK0I4rV3Fxi9DiIeolE+:zVfjmNjnxVI4RVxieH+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2768	Logo1_.exe
4072	def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\locimages\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ml\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\CoreEngine\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Oracle\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sw-KE\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\swiftshader\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\xaml\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\hr-hr\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe
File created	C:\Windows\Logo1_.exe	def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe
2768	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 548	2908	def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe	83
PID 2908 wrote to memory of 548	2908	def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe	83
PID 2908 wrote to memory of 548	2908	def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe	83
PID 2908 wrote to memory of 2768	2908	def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe	84
PID 2908 wrote to memory of 2768	2908	def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe	84
PID 2908 wrote to memory of 2768	2908	def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe	84
PID 2768 wrote to memory of 1412	2768	Logo1_.exe	86
PID 2768 wrote to memory of 1412	2768	Logo1_.exe	86
PID 2768 wrote to memory of 1412	2768	Logo1_.exe	86
PID 1412 wrote to memory of 4372	1412	net.exe	88
PID 1412 wrote to memory of 4372	1412	net.exe	88
PID 1412 wrote to memory of 4372	1412	net.exe	88
PID 548 wrote to memory of 4072	548	cmd.exe	89
PID 548 wrote to memory of 4072	548	cmd.exe	89
PID 548 wrote to memory of 4072	548	cmd.exe	89
PID 2768 wrote to memory of 3532	2768	Logo1_.exe	56
PID 2768 wrote to memory of 3532	2768	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3532
- C:\Users\Admin\AppData\Local\Temp\def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe
  "C:\Users\Admin\AppData\Local\Temp\def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC2C3.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:548
  - - C:\Users\Admin\AppData\Local\Temp\def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe
      "C:\Users\Admin\AppData\Local\Temp\def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4072
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1412
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
244KB

MD5
f048e6aefe1361962ed31dcf10f0c253

SHA1
65e54123268cd3d73920c2aeeade390519af7505

SHA256
270bdd74449b75ac4a265921aa3994e8490bfe95f66bac19be344184674e86a5

SHA512
78502fb1394d852e7a34d35032e7dd3e3008240ad62d7e43d62cdb69e7ef22974f3feba4f96486d1af5f17cbf6c8c6203dde569b4aba0e37c9963dd43c4837b6

Download Submit
C:\Program Files\ShowReceive.exe

Filesize
943KB

MD5
e08b0c3dcfd91fba64049911195ccbdf

SHA1
1606298f848b3f07365f2ea606968a8324d8b91f

SHA256
5c0b22aee7be09a610fb316b605b27fcb2ac645fbab78c73eae6893a3d4d5872

SHA512
d546cc66079e93b219dc5452749991e81bef45fba5b6c247fdcd1b58d544ff4c0e65e9a95a7e957d4ee884102d4f59d43ad5ccfb15c620a251c03519bfa6accc

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aC2C3.bat

Filesize
722B

MD5
41eb6bebab5fb4cc4b2ff959bfe172e4

SHA1
6273bf687a05532aeca56dee96fc91e12e653991

SHA256
f59dcfd55d73f028c8dab07466c67c18ba027c528f1a31e79883b5f2753f1a47

SHA512
3e9d7c24f5e73b6b93df6b27fb28319e4c09419ab68db1f92fe53ddf188a6b5166419f3e8bbd7f1e9cdb89f93a1059ce5bf53c22f950b1697190f93feef7e18e

Download Submit
C:\Users\Admin\AppData\Local\Temp\def2d4632dcb0598c3041ce9831015c2ec0c0fba345e1bde510d7b20f9ee83e0.exe.exe

Filesize
128KB

MD5
fad151747d725ea6717d79882a98f620

SHA1
9ed2868f61162294e43374033ad299621c0cbfd1

SHA256
72c913358b4381dc9a0009489643f08d01b18b31c5e9a24b952e2ebf4e10f51e

SHA512
4d60d21147e5772e88d43bf5ce82ec4f2e6db27c62ac2239dd3bae394f4f03b1b12ef7d96ca01eeff5808e8c484cd55b16f05ad84414fa78ecf1da731479de8a

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
547146e45f74dfa927c1794fa1164a18

SHA1
294b6a028105b71d8c0c90d2af8df1c51ba90589

SHA256
681cc9e4d37a3773c1010d96e1cba5dcb2d6bf59194fe80a8e64363b7ff7c442

SHA512
f1627091ba355a017f07443aa9e362681420d38bdc32f8951407d55ca25c7f4c4a958e2295ce2d508d2ffd931526591c0014920f0f5421dbc1be65c3455b80cc

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2045521122-590294423-3465680274-1000\_desktop.ini

Filesize
10B

MD5
c010c0979cba897776a39e2e35bfc809

SHA1
7e0ccb8430720ad504bf2a9a297ca0e54cc54823

SHA256
98fea56fa777b850c509595156b95cad5645c6834f47288aed19a8828379a569

SHA512
6c398cd179ce726c1d376a6b7b08f1b7796319d3cb8f22378ba25b67aab6f58b0e2299286a08e070a9ff6c38ec72a80a7eab749b0f8f558592082de236260932

Download Submit
memory/2768-30-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2768-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2768-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2768-40-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2768-569-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2768-1238-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2768-4789-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2768-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2768-5258-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2908-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2908-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4072-21-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4072-19-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download