locky_lukitus | cefb526d4067694c034c8c578b38d3ce68fdb56f10025dfa30f39f0556286d15

Analysis

max time kernel
136s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe
Size

520KB
MD5

45021a1a159dea9952ad3494b8d49852
SHA1

9d410c919a965b80ce451b8565286d2f9de05b23
SHA256

cefb526d4067694c034c8c578b38d3ce68fdb56f10025dfa30f39f0556286d15
SHA512

c426327ba46ff80c2c943e41fe2417fb2dd2628f9a2431d1bcae390fe6b7fe53891f40436b3cdd8a661b5f954f7763bbc737225360bc29ca16da00fc1efdf83a
SSDEEP

12288:zVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:zVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

Score

10^/10

locky_lukitus ransomware

Malware Config

Signatures

Locky (Lukitus variant)
Variant of the Locky ransomware seen in the wild since late 2017.
ransomware locky_lukitus
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

2992 cmd.exe

pid	process
2992	cmd.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\lukitus.bmp"	45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

evasion

Processes:

45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\WallpaperStyle = "0"	45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\TileWallpaper = "0"	45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000978a8ba1b25e6c05a8e7b8a246a463e4bd12f78b7caf039867baa93e9e45ca12000000000e80000000020000200000004161993174914048c2da67324febafaabde370a4dcd63b842529fa1d3ce435892000000092b8cb684c5863e37c759b42c02a003d8fd67d4443ee7f2a5f7f7b0843e1ebea400000006fb054f34e3e839751a8ed2e563cf9f4b36e4fadcee1ce8417895842679321a13608b59df903e4d607659287f6fe8ebe854c3f90c3bebc3546020d90a9f5a479	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{223FBA21-1289-11EF-A34E-5E73522EB9B5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1058ddf695a6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000021ae3a53711ddd1b2433f33770645b889bb02486c203bfecf5313e209eb09ff1000000000e80000000020000200000009dc861410d139f08208e9d04e6f6bc990f4568d72e9a23093dbf7eeccc304ce4900000004bc6e967defe865c1e8724122a657bf4156e9872977403962908bbf066008d456da202eb9c295960cdf05f58afc697165e87ab04a123195f6fdcfecd1010ec4a5d253f3ed307acb1ade5d1e57061ea2252ecb6fc8176243ab2408071626a0ea03e775e8b30053eb99aff0ca3f5f27454eb31814cceafaf5d03fe96103667eec828705e338ea45b652e453790a22ab78440000000f9bfac527e465d3e17ac7d3290238f1918fc12f150d664de1af9dc8f12df5744da5ac531b3169859dc0d98c81d1b479e67aec56e011ebecb4d96591a39999d41	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exeDllHost.exe

pid process

2540 iexplore.exe
2640 DllHost.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2540 iexplore.exe
2540 iexplore.exe
2436 IEXPLORE.EXE
2436 IEXPLORE.EXE

pid	process
2540	iexplore.exe
2640	DllHost.exe

pid	process
2540	iexplore.exe
2540	iexplore.exe
2436	IEXPLORE.EXE
2436	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exeiexplore.exe

description	pid	process	target process
PID 2188 wrote to memory of 2540	2188	45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe	iexplore.exe
PID 2188 wrote to memory of 2540	2188	45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe	iexplore.exe
PID 2188 wrote to memory of 2540	2188	45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe	iexplore.exe
PID 2188 wrote to memory of 2540	2188	45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe	iexplore.exe
PID 2540 wrote to memory of 2436	2540	iexplore.exe	IEXPLORE.EXE
PID 2540 wrote to memory of 2436	2540	iexplore.exe	IEXPLORE.EXE
PID 2540 wrote to memory of 2436	2540	iexplore.exe	IEXPLORE.EXE
PID 2540 wrote to memory of 2436	2540	iexplore.exe	IEXPLORE.EXE
PID 2188 wrote to memory of 2992	2188	45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe	cmd.exe
PID 2188 wrote to memory of 2992	2188	45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe	cmd.exe
PID 2188 wrote to memory of 2992	2188	45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe	cmd.exe
PID 2188 wrote to memory of 2992	2188	45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe"
1⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2188

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lukitus.htm
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\45021a1a159dea9952ad3494b8d49852_JaffaCakes118.exe"
2⤵
- Deletes itself
PID:2992

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:2640

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f1b3581774620786021ce855dfe3d81d

SHA1
1ee55c460053de411ddbabd331e2989af43a6100

SHA256
5eb59a6e9c2e4fe4e4ef727556caa56e2144d147c822c3d0681faf97011f2010

SHA512
828ae3201f26db91bfbc6511b854b564d9bd2cc1f680ab6479a597c3a09a00c47959681ad3a94779642b6e942a64b34cc0eeaf7305a507663303d9922f35f272

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ae694bb731f9bc6cbd57f12771b32d5f

SHA1
1c5ae4f21b57ff7410aea7fc0705157b5f8416e9

SHA256
54cba2c5d2e6a9b8f2f9f32a2305aecb30c432d0dbce4b9ef44ba3cf316b4598

SHA512
daab7361658a07026f2afbb4cacdbdba6b9849c34e1410c810d86aeb4bff56a7ebd999a1fabe778149ebd3b3d4d40624826117e5d01d4a069126772ad23ed5ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8e06eb60a8eae1aa63486f840bf9d618

SHA1
dcf571112a66e1ebe33262b7b8749d7a3b62cb92

SHA256
f2cbc026188d02a7ca09b3ee1fa8a0e7a7b564e154b2376346f22da485418785

SHA512
998c1021d7e41b0854f1f4b02bc1e9cbead81ca2845109983c46cc1220e43325335b7d7f48195c648c9df687a25a9bfe5b90db49981162ebe534ca6c8ec4bb18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d54502d2ef8527b0b40faa1ca760d24e

SHA1
47f3bdb8b13b6b471bb146c2894cfbf76497818c

SHA256
32593e7c05b82b6fa3dcd213e7df07b55e50b1a8277d8d4cac3610de7c6691b1

SHA512
8df05977a8b32130d30700a3c34dd6f71d005300fa0ad255002fd3de0927ce8b695a22846f76b6175132c834ded93efc724b576f5dad51b2bfc15c43d782d566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
554a45ef7cbd76257d10435b430d8e89

SHA1
db9016253a80c091944b47457a34657d88fa8b3f

SHA256
d61c02c0cf063982a758a07dba0aa268df10c050f5adf182471266bebf34f5d6

SHA512
cc793139fd4c841ac5e42a9c981204d3e3b2016d9857f0813ab4113b5fb0a3a578671739f5e3a6e4384ded51855ef06ab45b99d4284d0fdf0a9d9680d731c1d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
940fba64983e0dbd4243a8ba0f8b3418

SHA1
926b5c668da8998770ea7ca07d5d0e3471962b84

SHA256
e738dcd7c345b07ddd72e713e0c69f542f380aff1cc38492cb9f40b4e9b763f2

SHA512
9a6439e627861e82d35a4c2c972d061a1b860ad2638215407e0cc809c3008ebf61fe21802af2292159940861c9e1099d307e636c5a66ec1078caf545e5cf10db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ada71169b2cb4fe9b9d8a1d310453bd3

SHA1
a0a6b28f7350de43f351788aa89a7fee1bf879f3

SHA256
49adceb6022cac20ac9b25a1fbcaa2d157ef9e54535fb2eccb8b0f0887abfdee

SHA512
1bd15ea07bafaa27dd2bf43a175ff0be77fb0bf1502c4d0b0c6f30e3ab1277cd2846a5bbff252c9971c024254a53d79c542e1e5710a3d4390748eda1684a049a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
58b79c3a32a67ef09bceebfc985e9a56

SHA1
65c6043b3b336396750b8ca18a87a1ded9e149b2

SHA256
e6b6764703d56e857c3c9393a83c748955950bcd32561908e0649e05f413e0d1

SHA512
2fcb18e89983f2367db2092916631efefc7b77f2261a0f06c93a112e15625eb5c57d3b85f057002e712a6446ec3e5e224ab46c4eedc381967fa7fa5d194358a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4d5736c89c805b808465ad5741af704b

SHA1
c061a7368c1d6aba960464a0f587968bd8dbee32

SHA256
7edd93165f92d3b337871ef1753c19410187ddb28a5e7365ca3055628a07bad9

SHA512
c8a7db6a2a650800bfe3d86e6cb775c41c6e4f3f5cb905817b3cfff2912c287323403f8cde47e2a3bf8639aa9d9216ffd21a49acf372db2a6375ae304595328d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e94385677bb8935868d3bcfb8b917fc7

SHA1
7a64b4d0456be16098f75cb8bb9516316536f01d

SHA256
86233303406d0c57f145f71dd03887d41818b20108a49f73bc5d9a79e44c7f09

SHA512
e7dd93375cbe5df03ab2e14f7fe6028bd2935b197898e0bd4d160bb30a74271632b5d703a3b86a682d6d373e7a49ff177646145138ab83ec92435bec602ad2ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDFD5.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE0B8.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\Desktop\lukitus.bmp
Filesize
3.5MB

MD5
07b04f400b9ab0e43706e91af322ee19

SHA1
413c844010dbc1458c9bdb4fcc3d6097c91a1d7b

SHA256
2fa6f8e77bb411bc6d158ec4fc245ee9c77bc8303892fc2a05e7105f8df1e9ea

SHA512
2c0ba9e1bc2a0bbb62a4257506d2fe4bbf96ae6d51f59b0c1af5fe284ae18a386c74fa2227325cdfe5995a5afc72019f5ede7283f91ebbafabf4537056d7ae83

Download Submit
C:\Users\Admin\Desktop\lukitus.htm
Filesize
7KB

MD5
e012338b68c6829487aa4b2ba9f518fb

SHA1
87accd3c13620cfd9f31a6a3552c26b0e4988313

SHA256
64f8868cef077514dc3f3af05b2bbbc8e4ec8ec63ca1e5b2f0912c4e239729c0

SHA512
e4af737ceafd66e2d8a0a8d6a84bbdde4fc589ba495df476107e156a3788c43cea7d51035a8a110cf6219b68dc1f1bf654352caac603a9c3df59434aeb5d2c5f

Download Submit
memory/2188-279-0x00000000002B0000-0x00000000002B2000-memory.dmp

Filesize
8KB

Download
memory/2640-280-0x0000000000160000-0x0000000000162000-memory.dmp

Filesize
8KB

Download
memory/2640-282-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2640-758-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download