6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Analysis

max time kernel
66s
max time network
67s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-04-2024 15:21

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

LOL.vbs
Size

1B
MD5

c4ca4238a0b923820dcc509a6f75849b
SHA1

356a192b7913b04c54574d18c28d46e6395428ab
SHA256

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512

4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation	rundll32.exe

Modifies Control Panel 42 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iTLZero = "0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iCurrency = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sMonThousandSep = "\u00a0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sLanguage = "RUS"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Locale = "00000419"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sTime = ":"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sDate = "."	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sCurrency = "р."	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iNegCurr = "5"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sMonDecimalSep = ","	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iDigits = "2"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iMeasure = "0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iCalendarType = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sLongDate = "d MMMM yyyy 'г.'"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sThousand = "\u00a0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iLZero = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sNativeDigits = "0123456789"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\s2359	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iTimePrefix = "0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iCurrDigits = "2"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sGrouping = "3;0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sNegativeSign = "-"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iTime = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sShortDate = "dd.MM.yyyy"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sYearMonth = "MMMM yyyy"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sList = ";"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\NumShape = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iFirstDayOfWeek = "0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\LocaleName = "ru-RU"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sDecimal = ","	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sMonGrouping = "3;0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iCountry = "7"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\s1159	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sCountry = "Russia"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sTimeFormat = "H:mm:ss"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iDate = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iNegNumber = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iFirstWeekOfYear = "0"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sPositiveSign	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\iPaperSize = "9"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\sShortTime = "H:mm"	rundll32.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\LOL.vbs"
1⤵
PID:2168

C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe -Embedding
1⤵
PID:2392

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.DefaultPrograms
1⤵
PID:2780

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:864

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.DefaultPrograms
1⤵
PID:2384

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1996

C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe -Embedding
1⤵
PID:448

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1676

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\System32\shell32.dll,Control_RunDLL C:\Windows\System32\intl.cpl
1⤵
- Checks computer location settings
- Modifies Control Panel
PID:1028

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:932

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Device Metadata\dmrc.idx

Filesize
758KB

MD5
ce9d52834ae1e73c4d45bcd4b7895a95

SHA1
d986623a62a177611343cd34993a1f763223d0be

SHA256
8ee48c0822aaf2ca220cb4bf8c69720fe6e04576eb49e3f56cca0765109fd342

SHA512
715ebc42eedc3ecbef4c8e9e774664c9a63283d0a88c4d319980870c9afd13c533678c1f8079e1a961c5bbde2784d72a44805484cc728d0e08d1f7e6f24df0ee

Download Submit
C:\Users\Admin\Desktop\CheckpointConvertTo.ADT

Filesize
545KB

MD5
eee91c6feaa72d15de019f0fe39c6187

SHA1
52d4fff788fa815db6e036dd98666649a4c62174

SHA256
3fb733b9499b6faa4bd77ab10b9794b993b6ecf88bbbc62d566b69c734381a47

SHA512
6f07fd9af3c137aa783c6615ec14be4bfc6d396e5285eace3deb2061d21697af7b7a72066699c10e68fd13a99583ae68a4c3717df0275633427e9517af920b41

Download Submit
C:\Users\Admin\Desktop\CompareSuspend.pcx

Filesize
436KB

MD5
c2066836cdf40b1d8ee420db59648d96

SHA1
5cd5e5d1f3b9f2303f9f54d6875d134b654b8fbe

SHA256
d45feb843c6f7d283686e279b1ce0d1a30816c4ff1deaacdb99c53effb7a1e9f

SHA512
ad9ae0eed2e4848e4a94832c1ee6dbc54e632fb1b4b187ecb8d4a86220fdc8040f6fe032bbeb29ce572a7e7d2cee1b89950a6d56323cc36c5eb448cdb1847dca

Download Submit
C:\Users\Admin\Desktop\ConvertPublish.wav

Filesize
381KB

MD5
d4e262e90237ff50e191165847947d1d

SHA1
4f4f178f2393ac1ed1e86b038f6a3d6d3eb0868f

SHA256
dddb4f79b6ca12f2a240fcdbe282b8abcf86e4e171c45dd7e15d266ae3383ef3

SHA512
f138c6c04366a1aaf0dc333fbd17122e16152d7e9701ebc37c6ece1a0e1be05cdda6693c412d3bf4aa179d7ffe1d1076d49c4f95af6ba392e4f2bab5c8b298da

Download Submit
C:\Users\Admin\Desktop\ConvertToRename.TTS

Filesize
399KB

MD5
09028b9884c0999e277d5ab8b5f019e4

SHA1
b98b55c516f0777094026495605ccc5b2cb4cb9f

SHA256
2d8dcf7fb2a82d81b06d3d10bd6c3626376275415dffbdaccb638d1e94f77ec0

SHA512
0d9229d42abc58519255d46a2e5cec9e381b6cbb82ddb1e4524492f735c498aa17ff95010018d7615687c4c4bbc5527610dc65ddc4df41155b0cf7c1bc2debee

Download Submit
C:\Users\Admin\Desktop\ExitSplit.vbs

Filesize
508KB

MD5
d515485becc18a8d6389fcd0e0aa5a8a

SHA1
ba80425cb4255231a851e483870d19246af1abf0

SHA256
94f0c5d1598d04364ca8ad07c3e6ea493580e0f98aaa4aad97e10b007797f29c

SHA512
f52a61653db126c134c82bd20038324efa4ce3d3cdd6946169f6f6efa7540fae7b8911c1b42388d436b5bd97f455976de7e6c4e2c20149560f6618076a719bf9

Download Submit
C:\Users\Admin\Desktop\ExitUnpublish.xlt

Filesize
290KB

MD5
b027e52ab7c644fc154ba37409bfa85b

SHA1
64f4832833f95ef149a3be2951102b4bc658a6ea

SHA256
c441ce502281de0cade2a318213d10a631229f42e31c7b09b11a8027fab4c5eb

SHA512
1af2791585ad04e7b362556e5d69b5cc81694121bfe3954bdeb00528d9c6f460cf8533de2a4a8ba37304feb360fbc0049f20a2c471e1a54a4e5a07c4563b8e24

Download Submit
C:\Users\Admin\Desktop\ExpandEnter.odp

Filesize
563KB

MD5
6281909620aaf3fa3ecd5267667903c5

SHA1
a7cd3dccb305216537aa9922c084ebfa98ad005e

SHA256
c915358665fc62d337b08c002b3a9e5db1f5cfafb76c47a3f67e0b4e6f821c5a

SHA512
a978ba8a3e6cf5a7fa39546d49be7dc81be619f7812e7be37ccda6664f60a78eda63afa561e31d5ec691c3149df80c73a3564528adeeed34b5587cefad9ba5ba

Download Submit
C:\Users\Admin\Desktop\FormatConvert.wvx

Filesize
527KB

MD5
d0a49c5c30afb393eda8ed4f2042dea1

SHA1
ea5223ae941e09922ab9658dda8257170e7a75b1

SHA256
cbc7dd3403908a546ce31a59c65e958954f4c348eb19e31edeb8c54dd3557f37

SHA512
446033cb8bc75d6cc8814b9d9c557d6f79d2032b0765ae52eaa0d93dd18a1933368a298b1c259a85c2c1ad91c2fcf6a83425b20e765d0ff90e888b1761233a35

Download Submit
C:\Users\Admin\Desktop\HideFormat.emz

Filesize
654KB

MD5
269a57284da3e41fc2bdb3dc261a8bbd

SHA1
6499271e3ecdea52c2b7f615d456e2dc875370b2

SHA256
d44e7cc21df1fe624ed256c52643b25b407c919947930780bd7ab8fca099da0d

SHA512
4d1ae5433f9465ce1205600a4da119834ff132a8464a83f9570cef3ba824c86a89925ff27f37225738ad19e0713f750fb4c144910c0c9d5d75705fed7cc2c165

Download Submit
C:\Users\Admin\Desktop\PublishReceive.mht

Filesize
672KB

MD5
25ee684399a1b69368185eb7e9797ac8

SHA1
ad831e267eb692232fc6c4e39232bf5a557f9df1

SHA256
b3aef3f5776287498a2c77c564485bc7d4c321cab470c1c55ddd82c0f9a75592

SHA512
d3ce37d68ad8502b5a8c3b2ea65bed2a82e4a520b274e1561058079583ea2ecbcd8bf4e3ca9bc82429b9ce86245f0af526c2ee0057b6ee8f13feea7437e066fd

Download Submit
C:\Users\Admin\Desktop\ReadUpdate.avi

Filesize
363KB

MD5
e87ea0c8d34b0e6f981d7091b654fc57

SHA1
25e53503a27d16d0c91036ce6d93c0abb6826863

SHA256
b75c8e1a64388121409b8ab36b4d721f968eabb8995cb88229bf919886817c0b

SHA512
b817d50281a886f0608fe497bdb3eadce8ccd91f7f0252dad0c4d79dd46bf6164131f2e611aa9f348e4b45f3547ee14f9504a742b22467f32e26f1f4b2b26a18

Download Submit
C:\Users\Admin\Desktop\RedoClear.otf

Filesize
618KB

MD5
0e70f2363bd0252d6257f5a53c30e1cd

SHA1
71ced1943222a08eec0d6f8b4365e750c28e04e1

SHA256
83ef7c75db38a8fe419f2da1098117b6087d95e34be37d0b029de8e21973caa9

SHA512
cd6ef3fc64b7b21a6091805c77ed06aa1fdb9d5a488b085bca6a56b9908a6628a194e12fd8f5d4ca9c5910f639e229ed8bcafe71f52b195a0c0a8ad036bdae76

Download Submit
C:\Users\Admin\Desktop\RedoSubmit.wmf

Filesize
345KB

MD5
76a75ed0d9066054255a5d0db73a83a7

SHA1
8b6a5e08f3ac6b91277b4bce46537bf87329717f

SHA256
dfe83c0d16bf58d894f65d24ae6f54b3ce62afd0f0245c76318db0c6205a4617

SHA512
ea8c6bec825946439c27ce7d8e594a1fe0c3654cb56320e9f55537e468be866a45ad4a68d10f86f9e8972bf6d4432c7e78b7645058e7e27d076a7f2d5e156849

Download Submit
C:\Users\Admin\Desktop\RegisterDisable.docx

Filesize
309KB

MD5
8705248c19e5ee1b32ebcf606966d8c9

SHA1
9dd1731ce1ce803e386d16f3fc513eb0e82b039f

SHA256
f87506719ad503481550ee959385eeb58645f65ca4e896406709c2bfab5747fc

SHA512
10661e2e64e555e655f387e87374569c636acf2b10692194d6fcdf1bebbab459e5c9297ae965abe409d814746beb62a338fe56b6e2f9d01495f8a2884e7ba75d

Download Submit
C:\Users\Admin\Desktop\RenameFind.3gpp

Filesize
472KB

MD5
2230e2d94b84bf19bdbdf7e035579284

SHA1
0959da4da10b32b5836851b28ca7e40f458588a2

SHA256
18f9d99ebfee07aa7a4624315c0071c68d875a80375a1e50ec9645d011a47f36

SHA512
9e99060f32682675518628a903d4d0cffb296b42e6ca59ed28af73f1fa1c25467d927320f5d36f84d38db0e264305eebd9bea1fbb78afa4622986adf0b5e8f68

Download Submit
C:\Users\Admin\Desktop\RepairWait.docx

Filesize
236KB

MD5
18b637fdb3f2f04b02b8a8f816303fa8

SHA1
bb17a93d3bb3499fd1a1737507f9fabb876e8e6e

SHA256
ecb68ab39daa82cb6554248b68aca2275ffdcf43fbb39346b1996c5f84ba99cd

SHA512
da969242f560944fccd6cfe8b0dd5a52c8880c9b3ad23cdc15f841e38ac267a03611858a94eade17dedb6b1eca6d27a37635339ce8a360d2669da715783540fa

Download Submit
C:\Users\Admin\Desktop\RequestConfirm.potx

Filesize
454KB

MD5
ca09308cfe1449b1e15cb7d453ac49a1

SHA1
72f5436a6463ab30048c2c5205dfb7b5ee413779

SHA256
70feb1916071b47c73dd8eb8cc2cbd984aa0493ee7931cdeb6cebc78559740de

SHA512
458950b97b244e8126b8fdffaadee769857d62e0b7ae90158920353e822d09e99afd39f8f9353860feafa2d022c24f6e2da47fad87f073dbc6b89ffbe45d8ee7

Download Submit
C:\Users\Admin\Desktop\ResumeSync.ex_

Filesize
926KB

MD5
6de782443bbfa0d5e52710379008a17e

SHA1
5b739f1c186df4eaa61c9092022766dd930d5d40

SHA256
af086d92c5e5e851087833de214aea0ec16d6a65ac466532965d810adca2a9f6

SHA512
0d77ccf23a1dc0e644ee3d05d2fc82d6e13b635133f01eb09fe8f93b8265146e6d710d12d130a8f64b1395255de47d3792832951065264ed5310477695007c72

Download Submit
C:\Users\Admin\Desktop\SaveGet.mov

Filesize
254KB

MD5
54606822efabc52ed1c9710c40c2ed11

SHA1
89da31d31e4ddded513f03d760d3f26e07e93a3b

SHA256
cb235bf0ed82f5a1c5ca861bd592eb2d8f013e4c66564a9d9bfedfbca66dce93

SHA512
3ce9773c3d0c98c9905e9436962fe06c70c69557ea1ae3d88ef1b6bdd94260098ab17b6c816aa2377b25bfd0e7590a2f7ce8736f4e1f5f2321f6708ff1d5fc11

Download Submit
C:\Users\Admin\Desktop\SearchUpdate.M2TS

Filesize
636KB

MD5
3104fbb13588358e48b66c7164fc3274

SHA1
2c941ce05098c4088f310b7d28d54cfd651da77b

SHA256
f565d38882ae06e6e71b9d86d4cc35b5d10dcb911f50636fd0d48e5f28083361

SHA512
0dab1ee9e54f97bc076767e309f6e4fe8d19634b38ecef0a7ebb9fbd09a7bc71d51cc2e55e160aeea1790a422e4694806259fea871ac2980e86aaa5cba789875

Download Submit
C:\Users\Admin\Desktop\SendUnprotect.odt

Filesize
418KB

MD5
d7a58d30de35e7419dd57c7b47723092

SHA1
a42277e37e0345d1c9fdff4dcceb2c3eb0fd4e27

SHA256
a683789addb60d2050d6d4c2c02a61621b5c16cfd7c097c33e3e95d2685422ea

SHA512
01d31b8130373828c2c9c6b450528304d2528a95de101a675b345b2be06c2b11fa2bf8bbfd68191d8adb0f707fde1afa1cc41573defd6c1b38a2bf2cc0fd480b

Download Submit
C:\Users\Admin\Desktop\SkipUndo.xls

Filesize
272KB

MD5
c0137c07ff248f3a4eb7da298c7aa69e

SHA1
3cf6363133ebfaff5640c12c6b6448027ae82924

SHA256
824447dffc875af05b1a4daa67818387e9ada2aaae65c6a41ccbee414d7f177c

SHA512
8755845534c34d2e3152e13aa607a9405c4f22f1c3786a0e80e32d98646f3fb603e5968f7c56ae771f3566e8d79a3e160f855990977349f5d4686f1d8882a07d

Download Submit
C:\Users\Admin\Desktop\SplitConnect.vssx

Filesize
581KB

MD5
01a52460c60b675ac25bb9b2a38539c0

SHA1
b30970a1cd46752202297bf344ccf1bd805894de

SHA256
0eacbb16530b20dbacc31d6dc5d897bcf5d330e06b9f07851e66970c519f1d65

SHA512
71f4d6716b93d25876800e4622f7e0e0141b4b1b35948cf1446f15a64bb5e78e9df80309ca0dcfe7c4489b4892baaac9ce976b146243f0d9b505c26989b35bbc

Download Submit
C:\Users\Admin\Desktop\StopConvertTo.xml

Filesize
327KB

MD5
738100091dc7a7243c8d8655e7440334

SHA1
f5ca6ca1d502a8f75426ef7fbfe54dd45c4f77ed

SHA256
e0e1104dcbb86ad12baaab11b3a5ee6b8193ba77a49e786b1f6b7541b7816d67

SHA512
02722f44352830401cc73b98956a5667b2526cffc47e69116d766bd222e970309788c61220878aac57866d0e7769c6b7929ff0c04310fdad9e12868ee7e5d5cf

Download Submit
C:\Users\Admin\Desktop\UnblockPing.M2T

Filesize
599KB

MD5
68cd906f452d781dda7eb3e87394df77

SHA1
e678becf7480672c509350faa998f4d465ce1d52

SHA256
5154f34d05d1c49490e27347f8d11665246c222f138a20d080c36f2cd2bf9e9f

SHA512
13be4d90fb2e3a02c9be3f03a5f9d7140dfa4210e0da9f2b21c90d409e2dee39e26abb82b73cfa88a80b4dda7618dc1e6bedcf92fd4b57445da683619db3c3db

Download Submit
C:\Users\Admin\Desktop\UnprotectSubmit.tif

Filesize
490KB

MD5
ba9b03dd7e149277095c90c7b614c90b

SHA1
03bbc83dd685fa4eb44c5d5a771c0f3951a82e64

SHA256
5c9a60c19477375287fb1811e198a7ec162d778af3841ff6974082f3bf4b3903

SHA512
272c8186139a086b1ba9beb9260809b9424ee1312d51e2ff749b1b75b8be6b9e275fe66b88b85cf338a21243136f3e7537cd254c075da8f1feb2c45454e6bb96

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
96dec898c55c96edbf23782e2ccf218d

SHA1
e34cb76a073d804641eb73a7a3366ce1b6b31cfa

SHA256
ebc1dfd509982fea0e53332be343f0266ce7c2964a06f743be9049f74f56ebef

SHA512
5a2d6375f04d03d26b385bd839c945b8fa27d50873bf05f2fe11723883f18a09fad8eba7bc21173b8bea33b2df298e366429c5b2716aa6870a699a4c7dbe7baa

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
931B

MD5
7c703d451282eb9b7ce36ee19e72dbe8

SHA1
7f25a12d7070305990852085dc1ca854d9c8b97d

SHA256
a7a4a58b5887eee1d0febd38749f7cb3372b50bf1f2097fd9396b08384efe064

SHA512
adbcbd63ec5a1b421eab1ce4801be08dc0b8eefa3eabd410cfe831224128cda2bd00210bed0f645f564c4beae0c2ee76bad9fe583712a501f097590d4fb764b8

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
3d59cd392c290bec1da078d7a2a59a3e

SHA1
1c3f99dedc01cc0020813b00bd22ac0696180358

SHA256
7f1ea43c2966d5a81e2fa7b3e0ae07bb199b706ebfb52fc1c9dda7d72b5a16cc

SHA512
ddba0774e2cc631d247432aa0f806f992c019d0c5b82f236a11245d6a76897577ae71e51014462c0a00e7638ce6dc2c180d922085a2f0db216a556fe955b0cdc

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
6c1fcf1e42c7752177bbec8aca2832fa

SHA1
1678ab0ac899c63b5ff6293c9b1c23b388ee81e4

SHA256
93ca2636530462b949a64e2b89a87f046d38dc5c3a25488ec85045a4e33163ce

SHA512
aab98434272bfe53d3b2a0afab7d468f4f3c2ea1e8f88a48c9dbfe5333a18107022ac6c29d9afbd6e1cd7cb55ce79bcf212cb0fc14a3a076205eedeb8b48e3ce

Download Submit
memory/932-45-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/1688-46-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2392-40-0x0000000001D30000-0x0000000001D40000-memory.dmp

Filesize
64KB

Download