umbral | 6c37b3d7cba096ed83d54a1c31ca265f79567e4b4b9339d1f07b18b5013182d3

Analysis

max time kernel
30s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Launcher.exe
Size

495KB
MD5

398b7fccfa2d8fd240a5032a20e57200
SHA1

2e9bb06c985765930abd4d8e4734d48fc9db476b
SHA256

6c37b3d7cba096ed83d54a1c31ca265f79567e4b4b9339d1f07b18b5013182d3
SHA512

aef4ca14b00598603aab35dbb3f02a264007d3f14533c59fc6e5040f138f19c2d414de6fa62860ea91e5b80d8e57e2297c30bbc837a0bf15490a758d80ba4c4c
SSDEEP

12288:9oZtL+EP8jM1jfVeGJCMFXSy3l7JDhA/Nfg:LI8w1jfVeGJCMFXSy3l9lA/Nfg

Score

10^/10

umbral execution spyware stealer

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/memory/2208-0-0x0000028D4EFC0000-0x0000028D4F042000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
224	powershell.exe

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	Launcher.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
27	discord.com
28	discord.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
7	ip-api.com

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
4972	wmic.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1008	PING.EXE

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2208	Launcher.exe
224	powershell.exe
224	powershell.exe
3108	powershell.exe
3108	powershell.exe
2168	powershell.exe
2168	powershell.exe
2348	powershell.exe
2348	powershell.exe
3684	powershell.exe
3684	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	Launcher.exe
Token: SeIncreaseQuotaPrivilege	4664	wmic.exe
Token: SeSecurityPrivilege	4664	wmic.exe
Token: SeTakeOwnershipPrivilege	4664	wmic.exe
Token: SeLoadDriverPrivilege	4664	wmic.exe
Token: SeSystemProfilePrivilege	4664	wmic.exe
Token: SeSystemtimePrivilege	4664	wmic.exe
Token: SeProfSingleProcessPrivilege	4664	wmic.exe
Token: SeIncBasePriorityPrivilege	4664	wmic.exe
Token: SeCreatePagefilePrivilege	4664	wmic.exe
Token: SeBackupPrivilege	4664	wmic.exe
Token: SeRestorePrivilege	4664	wmic.exe
Token: SeShutdownPrivilege	4664	wmic.exe
Token: SeDebugPrivilege	4664	wmic.exe
Token: SeSystemEnvironmentPrivilege	4664	wmic.exe
Token: SeRemoteShutdownPrivilege	4664	wmic.exe
Token: SeUndockPrivilege	4664	wmic.exe
Token: SeManageVolumePrivilege	4664	wmic.exe
Token: 33	4664	wmic.exe
Token: 34	4664	wmic.exe
Token: 35	4664	wmic.exe
Token: 36	4664	wmic.exe
Token: SeIncreaseQuotaPrivilege	4664	wmic.exe
Token: SeSecurityPrivilege	4664	wmic.exe
Token: SeTakeOwnershipPrivilege	4664	wmic.exe
Token: SeLoadDriverPrivilege	4664	wmic.exe
Token: SeSystemProfilePrivilege	4664	wmic.exe
Token: SeSystemtimePrivilege	4664	wmic.exe
Token: SeProfSingleProcessPrivilege	4664	wmic.exe
Token: SeIncBasePriorityPrivilege	4664	wmic.exe
Token: SeCreatePagefilePrivilege	4664	wmic.exe
Token: SeBackupPrivilege	4664	wmic.exe
Token: SeRestorePrivilege	4664	wmic.exe
Token: SeShutdownPrivilege	4664	wmic.exe
Token: SeDebugPrivilege	4664	wmic.exe
Token: SeSystemEnvironmentPrivilege	4664	wmic.exe
Token: SeRemoteShutdownPrivilege	4664	wmic.exe
Token: SeUndockPrivilege	4664	wmic.exe
Token: SeManageVolumePrivilege	4664	wmic.exe
Token: 33	4664	wmic.exe
Token: 34	4664	wmic.exe
Token: 35	4664	wmic.exe
Token: 36	4664	wmic.exe
Token: SeDebugPrivilege	224	powershell.exe
Token: SeDebugPrivilege	3108	powershell.exe
Token: SeDebugPrivilege	2168	powershell.exe
Token: SeDebugPrivilege	2348	powershell.exe
Token: SeIncreaseQuotaPrivilege	2140	wmic.exe
Token: SeSecurityPrivilege	2140	wmic.exe
Token: SeTakeOwnershipPrivilege	2140	wmic.exe
Token: SeLoadDriverPrivilege	2140	wmic.exe
Token: SeSystemProfilePrivilege	2140	wmic.exe
Token: SeSystemtimePrivilege	2140	wmic.exe
Token: SeProfSingleProcessPrivilege	2140	wmic.exe
Token: SeIncBasePriorityPrivilege	2140	wmic.exe
Token: SeCreatePagefilePrivilege	2140	wmic.exe
Token: SeBackupPrivilege	2140	wmic.exe
Token: SeRestorePrivilege	2140	wmic.exe
Token: SeShutdownPrivilege	2140	wmic.exe
Token: SeDebugPrivilege	2140	wmic.exe
Token: SeSystemEnvironmentPrivilege	2140	wmic.exe
Token: SeRemoteShutdownPrivilege	2140	wmic.exe
Token: SeUndockPrivilege	2140	wmic.exe
Token: SeManageVolumePrivilege	2140	wmic.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 4664	2208	Launcher.exe	82
PID 2208 wrote to memory of 4664	2208	Launcher.exe	82
PID 2208 wrote to memory of 3264	2208	Launcher.exe	85
PID 2208 wrote to memory of 3264	2208	Launcher.exe	85
PID 2208 wrote to memory of 224	2208	Launcher.exe	87
PID 2208 wrote to memory of 224	2208	Launcher.exe	87
PID 2208 wrote to memory of 3108	2208	Launcher.exe	89
PID 2208 wrote to memory of 3108	2208	Launcher.exe	89
PID 2208 wrote to memory of 2168	2208	Launcher.exe	91
PID 2208 wrote to memory of 2168	2208	Launcher.exe	91
PID 2208 wrote to memory of 2348	2208	Launcher.exe	93
PID 2208 wrote to memory of 2348	2208	Launcher.exe	93
PID 2208 wrote to memory of 2140	2208	Launcher.exe	96
PID 2208 wrote to memory of 2140	2208	Launcher.exe	96
PID 2208 wrote to memory of 4344	2208	Launcher.exe	98
PID 2208 wrote to memory of 4344	2208	Launcher.exe	98
PID 2208 wrote to memory of 3140	2208	Launcher.exe	100
PID 2208 wrote to memory of 3140	2208	Launcher.exe	100
PID 2208 wrote to memory of 3684	2208	Launcher.exe	102
PID 2208 wrote to memory of 3684	2208	Launcher.exe	102
PID 2208 wrote to memory of 4972	2208	Launcher.exe	104
PID 2208 wrote to memory of 4972	2208	Launcher.exe	104
PID 2208 wrote to memory of 1656	2208	Launcher.exe	106
PID 2208 wrote to memory of 1656	2208	Launcher.exe	106
PID 1656 wrote to memory of 1008	1656	cmd.exe	108
PID 1656 wrote to memory of 1008	1656	cmd.exe	108

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3264	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
1⤵
- Drops file in Drivers directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4664
- C:\Windows\SYSTEM32\attrib.exe
  "attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
  2⤵
  - Views/modifies file attributes
  PID:3264
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Launcher.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:224
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3108
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2168
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2348
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" os get Caption
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2140
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" computersystem get totalphysicalmemory
  2⤵
  PID:4344
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:3140
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Windows\System32\Wbem\wmic.exe
  "wmic" path win32_VideoController get name
  2⤵
  - Detects videocard installed
  PID:4972
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\Launcher.exe" && pause
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1656
- - C:\Windows\system32\PING.EXE
    ping localhost
    3⤵
    - Runs ping.exe
    PID:1008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
77d622bb1a5b250869a3238b9bc1402b

SHA1
d47f4003c2554b9dfc4c16f22460b331886b191b

SHA256
f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb

SHA512
d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
948B

MD5
966914e2e771de7a4a57a95b6ecfa8a9

SHA1
7a32282fd51dd032967ed4d9a40cc57e265aeff2

SHA256
98d3c70d7004fa807897317bd6cd3e977b9b6c72d4d2565aca0f9f8b1c315cba

SHA512
dc39c7124a9c7c8d4c7e8e16290c46360b8d9a8f4e43edaacbbeb09bdcf20159a53db54d2b322372001b6a3de52b2f88e9088b5fdbc7638816ae0d122bb015f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
276798eeb29a49dc6e199768bc9c2e71

SHA1
5fdc8ccb897ac2df7476fbb07517aca5b7a6205b

SHA256
cd0a1056e8f1b6cb5cb328532239d802f4e2aa8f8fcdc0fcb487684bd68e0dcc

SHA512
0d34fce64bbefc57d64fa6e03ca886952263d5f24df9c1c4cce6a1e8f5a47a9a21e9820f8d38caa7f7b43a52336ce00b738ea18419aaa7c788b72e04ce19e4f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
063fa26d779f114734bd9130125608c3

SHA1
3a1b8fb1a319f6c40a71b117d6b07106d2a53857

SHA256
e8f8cb3e295999c4b311836d5fe1213b4721d56ab14af3eacd1bcdd051b5a66b

SHA512
fbe868cad1196fa3630581f269e8c512af1ed7b1d1e5708c369ed28810d37e48301370f19260657f47a560165113d28437741db39b91aaff69776143598b4391

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dyr535uh.0fi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\AddBlock.temp

Filesize
142KB

MD5
487bda336f191b9b6d7144faaf234ff6

SHA1
558a5b2331c4535ab1151d8fb2270215b52f488a

SHA256
c1c60be5a206882881b9435f20347e3759cd81d06566a3c992a63b31f75582af

SHA512
4b5492e9b251c9dc7b0a65aeac9c5e47cdf0a8a1f029ecabf56b1c782f482edb95317d5118cfb55c8c0405fe22874bd757fde2c3370d20fbdb8bb6bb4dd13843

Download Submit
C:\Users\Admin\Desktop\AssertWait.clr

Filesize
293KB

MD5
3caf4d254a9392151933261ca0e2bca6

SHA1
75f67d85657d000c727caee9823ffea0ea9a4b8b

SHA256
756442a6ec888149a6f790207a8711647709cdd2f55b155fa15c2379a56a7025

SHA512
8e409c71bfa9ac85e882daf5615cf01087122c0236a8449d41595a4ae9a2db92e295c746fd6328cd15b70fab1f15536e9ee498e53b3bf6ee057d6916cb09e0fb

Download Submit
C:\Users\Admin\Desktop\CloseStart.easmx

Filesize
124KB

MD5
ee0dd5f771ea3540d8e7e29f3aefd252

SHA1
246135950ffd38c71f83bf51500f77eed7491560

SHA256
50c8966d2943029f4f10bbf701030d17b1d85ff7e5d52edfdd63b6e819d99d7a

SHA512
85d395d3c2965606a5aa5a635e8027ecb957281e3d1302d570b5fcdb37c9f86c5a1cde2826e431675e91c4f6565df8a24993b3c41939bdbf14f9ca73861bf7cb

Download Submit
C:\Users\Admin\Desktop\CompleteSubmit.vbe

Filesize
159KB

MD5
1f5e2976691a2d1596a5fab01a3655bb

SHA1
254e2d1fe67d6d140b74b1e38f6b5f7188e2ac71

SHA256
465dc53a5222b33c8936ddab9cf4462cebb7055192a567979dd78d6addbfb422

SHA512
f71a2dc4e0efa03ab5e982e60829910227a16fafeac854383b586104ac0b985aca7e5b8b93e0ad23776302ecaf182c80610b96ad3244a57fa1fdeabd5eab4fc0

Download Submit
C:\Users\Admin\Desktop\CompressRegister.wma

Filesize
222KB

MD5
4b8bfe525237daf380f8cf0ed6db589d

SHA1
347d0ff9aef45c538ecb443af394856618ad5d06

SHA256
c56e6d51cc91067b802d672ca344d326bcc502424a0d3d4926fd1fc712b6674e

SHA512
f01bfd965f616a17ac2fe98aa4b4ab683977327a1ebd6bc4cc74507509868fede7c04895dfd70ccf7650657babfc956315b230585680ac66afe6c9144a2f0277

Download Submit
C:\Users\Admin\Desktop\ConfirmSearch.mp3

Filesize
266KB

MD5
32fcd5503d559887734f7b5405bb7818

SHA1
cb9634ce49a9c637a1def7a2e567a64a4bca714f

SHA256
60311e8f0d71c46b41aae9427f8b9773beaef1d6988f67c72a05cab385360ce5

SHA512
8204dd6bf94fe1c7495ba65936978dd0afd51c06da224ea9ac9c29cda7c8297bad50fd27972644b429b017d55361a47fc0a721730771874035bba7e27b116477

Download Submit
C:\Users\Admin\Desktop\ConvertJoin.m3u

Filesize
115KB

MD5
66d96a727f71597b91a3efb63c260ccf

SHA1
132e6dd8cfe72c66ed117ed2297f80ad5b09e53e

SHA256
81023bd8566a95c5e85cd05ceed0630e654c843dd6c54d6824e2035b8c845ab0

SHA512
3f6df4cfd8e55cfe2107f53667484373d6c0adc0454d132e96b1f2f697383249233a4f8281282a0d012ddb9bc7d4e9f3fdded49028d2ee9ddb29bc5144e62c1f

Download Submit
C:\Users\Admin\Desktop\ExportBlock.7z

Filesize
177KB

MD5
8cb09678365e303c3b959836163e0cdd

SHA1
c1f75e28a722c3cd10edcad93c8e613a014515b5

SHA256
3fee90cda23e7415d18a3dc6a9eeb4cf6dbf7ae4ceed6e41d140f54d2a0fce07

SHA512
c93425576b95bb49f1466b832881a8511252456684ec0d052e2e52018f61e8b16b39cc93cb526c9da13672f3af5e673ecd6940df313ba31771d7d37a45651183

Download Submit
C:\Users\Admin\Desktop\ExportUnregister.temp

Filesize
275KB

MD5
6f2bcac532736d7923ea706d472463a2

SHA1
f9724ed751717be2ece922739388fd43702e61d2

SHA256
a57a08d9c1e5555647a06b52b290f05ffbc62b96ca72fade1a18fdde00910e3c

SHA512
8d3f75c2fa97a0da4b97bb2b8090424e3bdc9f067dc09559fc72e3c049fc4f6de29c52dcae381e2de44fa334f370ec083eb805e1e2200de8eaca3c535912af41

Download Submit
C:\Users\Admin\Desktop\FindWait.eps

Filesize
257KB

MD5
fe61b9df2d47976a8981870661a42358

SHA1
4add00c1839e709e9e23f0843a5cc9269b017957

SHA256
64cf57d773b44ee2fbac4675ed028941c686bdd7949ef754ec5b8772b412d643

SHA512
36de4f8098b70eb8405c11245ebbd71d4cb01d6b3c28b8c381bd4d5470979b0b7a8b0df8266d1642decc9675bea1c186ccdde7f943bf9a52de3391bf75575cc4

Download Submit
C:\Users\Admin\Desktop\InvokeGet.wmf

Filesize
186KB

MD5
284a0561abfa18d3a7def0e75f428760

SHA1
6baf812713b0e3fac979e93ed551e3f887999eb5

SHA256
d8aede97fefe9e2ac44a372ce2cc545ff3d4b400548415033bf74365d751f5e2

SHA512
ceef0ea6e26ea8c5664b9a2f547bbdb818903d029fb3d46a69177c8cf74739cf803cb9f9fb3c07d06b01ca34da6232581cf21ac983a257386b3135040634b453

Download Submit
C:\Users\Admin\Desktop\InvokePop.cr2

Filesize
231KB

MD5
9ce3230699d6ff6b444b9a09d0e73e0b

SHA1
a1ad628ca07a7cba9ca3ebc41a68cb5a7176852d

SHA256
55d8e9fd9ecd5e4435b55a53b4af36fcc8a947b362a5c3b60da1daa3c02f8260

SHA512
735b8e509e965ce87722394f35c4338b6868d2181aa7797c61a881b84802c2473f9aed3f02f2a9d72b335d0a8a08926a98e6d9c6a5eb0acc242fe7d73bd76b2a

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
ccc9ef4179c717b0d381064f07ae8b43

SHA1
071c743bc00d36b035b6ff4f4112617e179faa4e

SHA256
7badd0e5b98770cb1a7c1426c199fb356e177c9eb0dcce63bd153245ab2c6717

SHA512
00df112330fc52c70105513ae5119cfc99b4e45088532423b029352956189798ec4af35a40c7c82c7d14a47c10d830914412bab3687bc1323adccf0cd30cb97e

Download Submit
C:\Users\Admin\Desktop\OptimizeDisable.asx

Filesize
417KB

MD5
87441ca65c174a0718399cd69b72d5f2

SHA1
220bc1e65fdebf4b1213233eb4ef05c742b34744

SHA256
3cb052f46b1839e8a334b208ec0215fb57a91394c89b183010c329f96de1548e

SHA512
546810d178c9b644a438d09312bbda92517a0c9500d08bd0f547d3fd13ed708e6cd51e60198e2d4ef5b94ecd341e08e061a24cc4fa7ab9c2d4f00535fa7f3dba

Download Submit
C:\Users\Admin\Desktop\OutConvert.M2TS

Filesize
302KB

MD5
cf55e516e2f6514ca1ccb1b371e8c530

SHA1
eccf8b07e4387882c1cb33313129d3a410e650ff

SHA256
6e357ec3b9561aa30e489344dc70c011445bd2f5d3619bfbf8b2aa37f9d65e40

SHA512
73ed39c134e51d670549cab3ff739acd85b0ce227fa45646829c2e8dc4afb67272f6337330e5be2d48ae93b194e59cc208b8849c38ee1719e9059776a4741357

Download Submit
C:\Users\Admin\Desktop\ProtectMeasure.reg

Filesize
151KB

MD5
f784887ef52e3c3a179b0dc43f91321f

SHA1
b8089a6eaf71074dbb1178a3777ef1d5a8fe11e8

SHA256
c9538eb1f16810267be9f95c9b234c43421d21735706909de3d2df3d42d1efc1

SHA512
dca93886ac6fa3cffdf6011541b991b5b5b69fed73c45561b16c00bd2f8d0ef17105c468b2ca098032ae9474a109bb6f9ca06f6e564b9427b51fa4c92d88347d

Download Submit
C:\Users\Admin\Desktop\ReceiveFormat.DVR

Filesize
133KB

MD5
ed6fb0d4f350a1fed044cc105b566173

SHA1
1b8a1887d1ffe5104c64e1cad5d7b9345e79d3d8

SHA256
1f4bd57118686b2010b632c75e0b5eded1cf7b491c72991476381b45e8e47145

SHA512
f47274ea15ed67de2d73bac15bb4123a38840d5cfb9675747f55f698c2a4464e492f57b9997a85e7de4504077c4cc685b3bdd6093d55b0cbbf7355ad5a6a047b

Download Submit
C:\Users\Admin\Desktop\RemoveStart.php

Filesize
284KB

MD5
3bf0f7f4af5e66562cc5125f1bf5eb18

SHA1
56b812afab0c657ae51c911d07a028145b474493

SHA256
98e2144b580567edd8481e77b2c1631829a75eb64dc54c45a5c490099d266aab

SHA512
23e8e7c54a158b6b11329818f68591457d1a174b09336d89a768e46b56b8a31f961e1a744163d04641f9060542d67c748d91a03d2ee3dfa6648b10d7dedbe626

Download Submit
C:\Users\Admin\Desktop\RequestPing.rle

Filesize
239KB

MD5
973dc8a2b79e122ae97527ae6befcfd3

SHA1
698d0529d648053d57e001d425ed5cc962eee46a

SHA256
80ca374b5296678855f5071dcaee098d93038654b49511758f966a5ee4938f3b

SHA512
60f47d26e3770683d749c0853c6387d1927a76a2931572efcfe54d124d571beb676fa4b637021392e7fa2fe7ffeb092c6c9e2f1484fdfe39c27d63f9a5458d44

Download Submit
C:\Users\Admin\Desktop\ResizeOpen.mp3

Filesize
168KB

MD5
8c56c07d550180a8a2b3fcdaaa418481

SHA1
5e335ab316965d37209077ffbdad804e6d02fc21

SHA256
ed604df44d266c961d77015d89e411b5b01055aa44777e60bd34e6d8e5b02d17

SHA512
06d55e360953d00838fea1a32f2f4d519c2e398a9779086917919e5a95f4e05e729babd674c9ac092548fd82c536d02b3e25977c8c17e5f7c511ce9adea2fb69

Download Submit
C:\Users\Admin\Desktop\RevokeConvertTo.mpv2

Filesize
195KB

MD5
fc286f5ab830ab56cd44829dbe947c94

SHA1
5020fbccc7f6a9c08a39f1dd91197e4111ac4db4

SHA256
a36f126636d53a55d34b6f8be02d802a8a981f23532568e596b80aac23df1b05

SHA512
7f08be645d65247fbff580fa5e210d74385f2c368a2b8d7394963d4660df1e2c0090e06d33ad6428acd25c09e97fb10ba1a9256e74bb8951d9503c91ff973e0b

Download Submit
C:\Users\Admin\Desktop\SendCompare.mid

Filesize
213KB

MD5
199bf52a2e3b0d402b1e1c39f67afe23

SHA1
c8db31af730a206ba856eef38080fc9041a49b57

SHA256
016520e0f30f353a601347c506a494e0ad7c1f0808ab60b7aef56e614fac0943

SHA512
f8533cc914f9df2e3735bfa28a8ce0261ff6604df331611570e104259f7462bd49eb6b97226dafa884aa2f2bd583ac77d3fc19b71db2996f9b6aab020ba59a94

Download Submit
C:\Users\Admin\Desktop\ShowPing.aif

Filesize
106KB

MD5
10c0bc43f297d6198570e56ae4ed2f95

SHA1
a5706087985f0e7d422a6e30b0d63556256a620d

SHA256
f62e8a73ed64aac501f65d6c70e1db0fcaa0dd38b0783ede4616bc259c3ea51d

SHA512
dcaeddff50a09b0a17d2e5f1a98327eeb46f049f8e47db9c5a142d026f018c07039fdabd9081c807e9c1a93ae0a61f712ab46ae25051cd838ab84ba490c99730

Download Submit
C:\Users\Admin\Desktop\UnlockFind.pub

Filesize
248KB

MD5
205ac5fdf49a5a684ea8e8f713f3c5f3

SHA1
5e2d218d1fe12b880bdf333650795d93f3a823d8

SHA256
f02a9b077d5ee9bec4ddb9e46dfc2e42fca5e5f7d5ebcea5c454352072d4da99

SHA512
15598cac9d8725e4342ab37edcaf9e83e4c0538ff728909170b57eb79a6dacf463b67cd9b007a8c69503d5fae7cea77829b727f5d8cee9db178f49e040bab30a

Download Submit
C:\Users\Admin\Desktop\UseRepair.ogg

Filesize
204KB

MD5
b9faba26b92b4ce0310ed33478ddf0b0

SHA1
d659cfaa57d97cfb84258ccaf55a9504db12502c

SHA256
3376b67f26954cb3ff07338ddf6d7f904368ed7ebc4395d06811aa71fea4cbc9

SHA512
4c10f1a7040cdbd598179291e65b2164d9132284ec1ea1e7a2abde660bd79ad8f22192c6f03f32089dc0466ad8256a2cf830c68e620b0032a38b737e27e09a63

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
cd2e601ec2f44b0211fae65422446e0e

SHA1
b2ab43d71e0cfd537c1a4fb17d04b82f7201b6e8

SHA256
2b83847fdc0f0e3eb695aa504d2a332c5197a07eb25b37b0e184e0e5411caa14

SHA512
c0ef50cf3f82c3ed49d23c39b69513f84c0aa94059f618a4dcf7b628ee8e67d83998e59b6c1f23b11cbca4aba5b8d46ea741dd77967ff757d5b8fb10b1da0fae

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
61ac1e815d81f4a2f93ba70bdb7f84a4

SHA1
0531d3d2953f72dd89a16cdafcad0a2a010b3a32

SHA256
844d651080ce9319d36dcfa225504b6e77a36f00fe17693f2d9df081bdef81bc

SHA512
ad015c9f9724b6fa71defde43ace702955ed0564a873d82716f97fef8f56d2a75879c7d1ae373ae879089ed1fab853d4f08dfbcedd2cf81fd8eec69c2a11b0b1

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
b912c7424324879493c771def40a45e5

SHA1
914f55b098e0d79a5285bae6d00e8a6b3f2574c0

SHA256
2db04f2f0b7deace03e50618c8b1ee26be81fba29c3c8885b41dc6898cf6509c

SHA512
2822f6ca58037a55acd4d7d4ffd22afb88084bbc192c5f98b4d454e2693027fd07e163cf908d5924950dd5fb24a26994a3e82e2c755745be523c68d4a7557b11

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
36867f540d444fb05ba7469f61198517

SHA1
26e3ec466b5392d8bc47c49937b11bdfe30e8bea

SHA256
b0e200ab7b8320378557a7a5d4f14d9d3f7b8fdaae9541fdecab0c16f63e9f95

SHA512
d6637fa169b65dfb8f36c24c8eee3b944ea09185ccb1ac1d7197028ef04a6d0ac613e0ec4728a8cf756623bb227b0e6c108194f741636f958488ff4c595c6f99

Download Submit
memory/224-19-0x00007FF8E4850000-0x00007FF8E5311000-memory.dmp

Filesize
10.8MB

Download
memory/224-9-0x0000029154930000-0x0000029154952000-memory.dmp

Filesize
136KB

Download
memory/224-10-0x00007FF8E4850000-0x00007FF8E5311000-memory.dmp

Filesize
10.8MB

Download
memory/224-14-0x00007FF8E4850000-0x00007FF8E5311000-memory.dmp

Filesize
10.8MB

Download
memory/224-15-0x00007FF8E4850000-0x00007FF8E5311000-memory.dmp

Filesize
10.8MB

Download
memory/224-18-0x000002916CEA0000-0x000002916D0BC000-memory.dmp

Filesize
2.1MB

Download
memory/2208-2-0x00007FF8E4850000-0x00007FF8E5311000-memory.dmp

Filesize
10.8MB

Download
memory/2208-0-0x0000028D4EFC0000-0x0000028D4F042000-memory.dmp

Filesize
520KB

Download
memory/2208-93-0x00007FF8E4850000-0x00007FF8E5311000-memory.dmp

Filesize
10.8MB

Download
memory/2208-35-0x0000028D69790000-0x0000028D69806000-memory.dmp

Filesize
472KB

Download
memory/2208-36-0x0000028D69710000-0x0000028D69760000-memory.dmp

Filesize
320KB

Download
memory/2208-1-0x00007FF8E4853000-0x00007FF8E4855000-memory.dmp

Filesize
8KB

Download
memory/2208-37-0x0000028D69760000-0x0000028D6977E000-memory.dmp

Filesize
120KB

Download
memory/2208-74-0x0000028D695D0000-0x0000028D695DA000-memory.dmp

Filesize
40KB

Download
memory/2208-75-0x0000028D69810000-0x0000028D69822000-memory.dmp

Filesize
72KB

Download
memory/2348-72-0x0000022E37CB0000-0x0000022E37ECC000-memory.dmp

Filesize
2.1MB

Download
memory/3108-32-0x0000024DF9C90000-0x0000024DF9EAC000-memory.dmp

Filesize
2.1MB

Download