Germán Fernández on Twitter: "Basically, TA578 was generating the .LNKs from a file named 1.bat in the "test link" folder on the lamar desktop 👀 You can see the matches (metadata) here: 248322abe291aa979c34ee5f9bd76e70→IcedID e1529e1c4bdcf9f34af8faa73f756422→Bumble Same MAC and NetBIOS name too. https://t.co/tLATNzSsVJ" / Twitter