lumma | 768ee0a4a5e1919a82e432e605a8c525d4c82081b13595a8b1a612d38067d951

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Loader.exe
Size

268KB
MD5

21b8ad2326ac8257a348632169f913d0
SHA1

82f95a9388c43724c8f9c212bc760fb11e01a1b8
SHA256

768ee0a4a5e1919a82e432e605a8c525d4c82081b13595a8b1a612d38067d951
SHA512

32f87225250abe11d311609f75dc171b3acd1670f3a686de08f03bdf9672479dfe41adb1cbdba4f0d28d280cd4f61a9a39051fa02241ad9f5127a384c6785ba5
SSDEEP

6144:n4LNPX/wMMxO17+EcVDszbttfG69ckKmvxv0f/Nq:n4LJPwMMxa5cVDsP7fGLfWL

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://twilightsizp.shop/api

https://potentioallykeos.shop/api

https://interactiedovspm.shop/api

https://charecteristicdxp.shop/api

https://cagedwifedsozm.shop/api

https://deicedosmzj.shop/api

https://southedhiscuso.shop/api

https://consciousourwi.shop/api

https://tenntysjuxmz.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1304 set thread context of 2508	1304	Loader.exe	30

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	RegAsm.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	RegAsm.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	RegAsm.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 2508	1304	Loader.exe	30
PID 1304 wrote to memory of 2508	1304	Loader.exe	30
PID 1304 wrote to memory of 2508	1304	Loader.exe	30
PID 1304 wrote to memory of 2508	1304	Loader.exe	30
PID 1304 wrote to memory of 2508	1304	Loader.exe	30
PID 1304 wrote to memory of 2508	1304	Loader.exe	30
PID 1304 wrote to memory of 2508	1304	Loader.exe	30
PID 1304 wrote to memory of 2508	1304	Loader.exe	30
PID 1304 wrote to memory of 2508	1304	Loader.exe	30
PID 1304 wrote to memory of 2508	1304	Loader.exe	30
PID 1304 wrote to memory of 2508	1304	Loader.exe	30
PID 1304 wrote to memory of 2508	1304	Loader.exe	30
PID 1304 wrote to memory of 2508	1304	Loader.exe	30

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  PID:2508

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab3111.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3143.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Desktop\AddEdit.emf

Filesize
440KB

MD5
486b5388a6cd5597bb33aa8c9cd34850

SHA1
93986bfc63e312a9323c6199646b5d100a3f8388

SHA256
fa7b566ca14bd0b77b36876f48cfe53e04f2b601a00187f244c6fa723b95322d

SHA512
583f79de6b319997f94f34da7a5152315f23ee79227ebf73417cb72d8425a1f46c0c4a19f0129c59da83859c18586a8b8c2bf2f8d3a6b2cb8ce404624b9a659a

Download Submit
C:\Users\Admin\Desktop\AddExport.mpeg2

Filesize
277KB

MD5
d61b2e0025e024cf144b48e074158c67

SHA1
e21520e92b7628778d192195f370c34ef7882da8

SHA256
3e03e1864c8fa122aef4bfd9687aa4e2272b1038cbcd1a4691b282c6ca30fc49

SHA512
f086439db76b83381c67a0fc62f72a78c62192734e425b5c88356d9690ef91385fa05f762928623a624b857fdc03a64f325428370df398c17f8b73dfe5873c4b

Download Submit
C:\Users\Admin\Desktop\ConnectRestore.ppt

Filesize
386KB

MD5
3431b9ecbad4d6d1cede2efa4970dfe0

SHA1
969041abf6a9f4345143254e18aefdf509258242

SHA256
61758738c67a3acbaa676069840f5b2539005fb0ee7d845e9da7d61eec13b795

SHA512
ef049b64ac2fcdbc888ac28c00a658361d7e9cf471278607be4eaa0977ed5bcc519bfa86acf52016cbc65dcc84bf83946436a39fb8c68b6bdeabc42e24bdead7

Download Submit
C:\Users\Admin\Desktop\DisableAssert.wmx

Filesize
426KB

MD5
540bb49cc60774ba008b791caf1b439c

SHA1
f3a72bd006e9b3eb21d618c699d6f234915f0efb

SHA256
a4e6e3dd2429a01a6804d2978356114112e05a90a0c3c2f3ac013c633f794951

SHA512
19eee05af42a64ca2681224c2a1adb57b304f549e4f4fa88c78009637d76032653fc85ff056b16cca00f0cae6c3a59d6301fcfeaefb49fdb0e253aab181d08ef

Download Submit
C:\Users\Admin\Desktop\DisableDisconnect.sql

Filesize
250KB

MD5
4d128dd3cf17fed1aeab0e737a238280

SHA1
bc8a1749ecd46b5219f6e423a67001a94e102e5c

SHA256
1cb4361dc71f3520d76b710d4e0a82ab53d1163ce7cb28dbf16094c1edc1fdf8

SHA512
8045952ae2f3c0c9f7d59dc48335045d1141f0a48a398e0811abbe57777735330116fc7e0952bb69a7809c4b0adaa08e9a62a8928541050dd320ee8749eb54cc

Download Submit
C:\Users\Admin\Desktop\DisconnectUnprotect.pptm

Filesize
291KB

MD5
be054e821104e94fbc8acd707753f4c2

SHA1
f32fcec671c4c3ce522cd8af8eb4f86da778e50e

SHA256
6b084932ee5174879359a0d5127210949335e37a9a0fefdfebaa390325185ca8

SHA512
7dd1442d71033963db1e95f180dc7df22dfb705c6dffae40159f7750feb995818265d241c0fc0af4ef4133eb25a0088753299a53ca9bb242b31be306dc9b0e7c

Download Submit
C:\Users\Admin\Desktop\DismountRevoke.html

Filesize
318KB

MD5
6cf34588a20bd47cda72a2888bb75fdb

SHA1
2c6daa8f8127d580d2d19762b88d601160dd7198

SHA256
6520d7914bcc57bef36b83ca9fcf6b33bb5e7cc595cf37811e44d0e08bbc1cf7

SHA512
474c5fc6f07dd2101bf9c346be8815e2a66b77754318e179656b90af4f428562d4bdc2852e8fe6ca8ac436eed7194d9c7a6f27c9778eb633040c3a63e2f33c32

Download Submit
C:\Users\Admin\Desktop\EditSkip.xltm

Filesize
609KB

MD5
a46edb7f71de0d2f3bf8f71bcf61543f

SHA1
0f3fa0b71def377342ee992367ea281f68e5d0dd

SHA256
8b51e0fbaa97525185910c6f2a2e5a835b3e6707f81e34aecef9d774accc10bc

SHA512
58c1c77c505628b5b6daceb24d304db2a0a60916855d694c0ada34f0f77e0992a229889fd115be649c7b1f4fef73ff343132a1ee23ee7cfa45e7371d6607a855

Download Submit
C:\Users\Admin\Desktop\ExportFind.pot

Filesize
196KB

MD5
9b2c93669c27422cebfeb409b01272d4

SHA1
93b14f82f868e5e7460f543bfe069ed7ad8adcdd

SHA256
9c34184af444c4c010bd647d96062267853b79f877f4acaf997f94b12a7f9974

SHA512
af343d4aa4bca995a2c548665aea6d67d09cbfefa368feaf8d7be3c9d932b0c1920182a288de0fb34504b11bf3c024757d97903823b835e717d26d5f08d09623

Download Submit
C:\Users\Admin\Desktop\FormatAssert.m1v

Filesize
210KB

MD5
856d2f845f8c687f3ebf2ad0531af979

SHA1
dd65f9b1117c6e4d0a13cbfa050474a9d1fb1e5e

SHA256
86eb4a060b0942a4b279108e557fdc41b63846a204b8cb4668f6226bf7807c46

SHA512
d90b53c600836e18ee48c72118296e4cf149d4ebc7f8bbbc6e145ff1ac1118f9f0d3a1ee9c0a35a974ef8ab58253065309c2f55a6bfdb53b5622fc8a8ea180ae

Download Submit
C:\Users\Admin\Desktop\GroupSelect.xlsx

Filesize
13KB

MD5
fe77d5e9d63e62097005251b63d064ad

SHA1
5a15302245997a9be12be8efda3a8db7fb0ec362

SHA256
c2141903801a3ef7e73fe12dcfa52f08b3f2bc8a40b8dbf4f90819b407650a6e

SHA512
584e3f9a7c3e96a6859cc877425806da57ddf13aa71f3c5283f43d20410f4172964673f33773be99237517f082c40dc8b218b7edb247326ae25006c4986a3781

Download Submit
C:\Users\Admin\Desktop\MountUpdate.sys

Filesize
359KB

MD5
dd36567effb83a05f9f36dbf2f96eb5e

SHA1
94fc3ed0a2d65b38518ac23f25d28f7c105a09ed

SHA256
d176171326a6f74fe6102d49a985c50d23c4b1e5631831476c0e8cf0bef683b1

SHA512
6a286319c187bbd4217a59c8b47a2322a58c53c135e2b28170aac1e1a49d08db8e480b6a05bae31d004c9ff58b6450187ab1fd372eefb4a7e2c490b2dbc77c2c

Download Submit
C:\Users\Admin\Desktop\OpenConfirm.M2V

Filesize
237KB

MD5
8084cf9707478d0c3ecdfccff7615450

SHA1
bd373223e01c41d9003997caf56ff8fd64fdcbd7

SHA256
048da591109368d68cf901a61be2cbbe147ae60f1828dcc98e88b25121b3addc

SHA512
da36456a173b621c3e8cedebd9760a6bc9866f2e8c2a4eb4f104a5ecf89dc9c9e2bc5ae19be5addd95e25cbbe0a335bd8f0839d04d93bfbf5a90f7bc8fb26e19

Download Submit
C:\Users\Admin\Desktop\PingUndo.xml

Filesize
331KB

MD5
7b20c34d458bba96d2ac0bb8f950dc8b

SHA1
6ffdfd9f49abf71c14d288936dc2d7a9b75aa1a0

SHA256
b1890fea244a1528aeac38ff2873c4787dff1b8f91e0fac23ab515b264dadd0d

SHA512
10c4f89365d7ffc4265ff5314c14a6b75f1a7c20d7f0997d2ba819c8a1170d3b32b89ea8adad3f0861dc4b690b82c82f7562843cabdc1b2d25ef99eb3459de3d

Download Submit
C:\Users\Admin\Desktop\PublishEnter.vbe

Filesize
155KB

MD5
62c4ed234a1c5a22b44e98a00710537d

SHA1
a4fa831f98031d8716794fca97e27e1d744e5dd5

SHA256
479c9e073fbb7020ee2a32168718946677e366307c58b497ef6f704c75073bb3

SHA512
d87110624b00b3919b5677e9a20d691dced57f776052cf1d83229197ecc7d3b7e677ac385ebf25bad771a70990c1253b9b0255a3107dee9b190af3caf256abec

Download Submit
C:\Users\Admin\Desktop\PushUse.mp4v

Filesize
264KB

MD5
1e8b58ae0500c9c6b72d7ba8e6524a02

SHA1
949c7c2b043d4b0b4dddc454b414ab94cdb87260

SHA256
7ada3a9ca14fed07d69fb01d60a3bceec719fe04cf23cf74f4a749dc35cba7bb

SHA512
385891011fc619bc29b3f77b27beade1883164054e7201b4a8598fc910dd00c1c416e319f9f26e86c383a7a84ffcec17b5dd35aad3854d8ddf21d7fb71d749d3

Download Submit
C:\Users\Admin\Desktop\ReadOpen.docx

Filesize
17KB

MD5
0ab7cf5e42454c0b3099f35c3fa25abc

SHA1
fedb1fd1816477faaf376e1d628dbdddbe2c1710

SHA256
e9a1f0c8c995470bb96db8ddb7f8bcc4e0a3040af2b199d1d436cab3fb0671ab

SHA512
336af30017c7bff176aff5a5b5b9af80bf48e0494148f22687610d6d1db5f7a0317c32bc85a6fac28f99b4f59f929885c5376b23d5c5dc4fd190d46cdf483c2b

Download Submit
C:\Users\Admin\Desktop\RegisterTrace.xsl

Filesize
223KB

MD5
68020564e1cf466fb452b1bde26fc3fb

SHA1
02fce39c992111486356c085721c60081e3658eb

SHA256
9598cc54aa2188ad42919e74012873423ad54c8d4bd3cea27215ec810bc3a7a2

SHA512
b7936da7df764f1da1c3847a717b958b1f7a722f8d426c94f60da16ef931a6cd53d13306cfc230c50d7285f3e73ba9d93cdb4ee6f498bf2e368bfb6ca881ad6b

Download Submit
C:\Users\Admin\Desktop\RenameDeny.mpe

Filesize
169KB

MD5
0e6a1fe359d0e94dffc8910714079f03

SHA1
6f839b2cd418441ba3be04a4f7b5ef7796164684

SHA256
bd099068aef1c1da7c4d0822f4ea42fc4b0b338bab78d94b52a27dc37a35328c

SHA512
e47a85a4d042858011566ade23cd9a0130dfa3bc80e47d3f705d01c9ba1f8a9698493759fc2614497cfa43e0778f3c55cf967c7653cc444f430b8e5540786928

Download Submit
C:\Users\Admin\Desktop\RenameMount.xlsx

Filesize
9KB

MD5
5ddcb1bfad35b516d8906948f2a67257

SHA1
284d7abb51bf6dd1a00ff7e4f83d8e9067b286cf

SHA256
c8002fd2d0a525449d28998f045d860dc3819e80c508b739595b9b94b9506f9d

SHA512
fe09379170c37ba5e32623eb5dc903badecdc80e824cd9fd30d088c5baa4afaf1e375defebbf5b913229361e874fe4ef36bc8c8a261668c501ee0dc364c3485a

Download Submit
C:\Users\Admin\Desktop\RenameRevoke.3gpp

Filesize
413KB

MD5
ed9f24dbf732bd1b14eea0f015b7a7d0

SHA1
747a135b059fca8e9bf6370c5aca7e1480a4966e

SHA256
f40ade2f3d705997d6a047f458fae8d1de7c942060db8c48f6d3111b316d9124

SHA512
97d848b60be1c06757bf722ebd0d5ec7d7da764941245c686c9c50bb6f2260ad301c946f27af54da72885ecccdbdcb37df9b087383bbfb7b7561c10fa2baf671

Download Submit
C:\Users\Admin\Desktop\ResetRestore.png

Filesize
399KB

MD5
fb78f57bafbf854d0956243aa69cb0f6

SHA1
939f2d833f93daac063b7fcdec42872ec1af0f2a

SHA256
f29580593641062b9d4782929c0573a3a8e6cf453852319ac043b2d98ce4daed

SHA512
11ec553b9527a30d7ba537885b4b92efa5464dc3b13c8b31995085239e0b5bcf06787cf81578d533c56e9833b8e4388b21b3f40dc2fd1c22874fcd426c0b8ec1

Download Submit
C:\Users\Admin\Desktop\ResolveRestart.aiff

Filesize
345KB

MD5
d26c52f65dde418873458a81aa7ec9f7

SHA1
e60a921815af764f3d8bccd814e3d10ae932fe41

SHA256
1318e3cdde89493bb893c5de3e79eb6718209856578644bafca2c454759bcd5b

SHA512
2d14c96cf7b33e204d1eb8efdc5af4372616a358563131256b9cb31d8e46ac6edd508882206e88eb6e68af2996d1dfdd7990be6789bbbf73da5a7e75eb86cf9f

Download Submit
C:\Users\Admin\Desktop\StepSuspend.otf

Filesize
182KB

MD5
30b8c87b1e62a565a1b4caa3431b99ae

SHA1
ff751db2be4616c746ac30ea945757d22b8058dc

SHA256
926280f74efbcd84d019198830b523a9f7bf507a6d86241f098088d6d0b3bc7c

SHA512
ecd1a9cf16c0d79a729d6f073d453bad5fd78d56ecd52130690b8ab2c15482f4196407117902de7aa343813d4f1668968216b11109d4bcb7b8d117881d2b40e2

Download Submit
C:\Users\Admin\Desktop\SwitchUnprotect.htm

Filesize
372KB

MD5
aafebc7b3840e99f1d642b0a0d7fc3f2

SHA1
db45efe93803754edde3d7792b53302cfdef6a3c

SHA256
095f625df30bcd01429d85d9e431b47c0b8a83ab91cd1de486f0d62da999ea99

SHA512
26814250de674b4ce35e78a937e67fc894a52ef35d68c0301c2ba2bc8588842b0f1c031c4be6b6baeb6716993da61f24e2bbd59ca3d197272c6382cdcf725a63

Download Submit
C:\Users\Admin\Desktop\UnblockMeasure.xlsx

Filesize
11KB

MD5
1f430e6eae3c16aa7e390279d015d292

SHA1
989b3a6ea1765548f20f4959f8a90d0cdffd0783

SHA256
99374a666f2c9c4bf671d24b3229b0f8b8126be791d8c7ac4b42751b2c04d718

SHA512
5d007081ced5c0975d80ed993180cdfe7fadcc8a25971ddb820dcf6320ca33e2c2f42c0ea15d3cfd15d726e3e6afe15b01872ddd7f41235ceb18ba5ec728ce03

Download Submit
C:\Users\Admin\Desktop\UseBlock.vb

Filesize
304KB

MD5
2906445791202675cd4255a2abc2ba21

SHA1
e2a9192b868cdc28b1a27157ca8247b26475cdcf

SHA256
3f584b788751e7f854b3a8d67987611660f9df65a4e83fa115e50525992a9360

SHA512
c598671423dfd098d2110a04045bd5ee17ff53df08d8534594f2cc0403aa1258cadbcfa70ebe3b07a10efba4dbfb8774e7d24c77c209bcef75f27c1c6a7c4884

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
f7833a6b4d0d3c6252c5bae72ce4ffbe

SHA1
3eb6826cc838d14053c9136e3cd5d2c82c8582b9

SHA256
2c5f9ff9573aa5522f947629e208b0501a3a526fde950a5a715914b1a68c4d2a

SHA512
bbb7fe2d40bdaf68d0dbd7178949eda11569843c435449d6ed2180d37607f2d97fd3e547aabde8fdc2186ae906d747de56bc29d24f076d346ea772e716bf8081

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
931B

MD5
c7a442b0cc33249f397470b1846890a5

SHA1
fe68d996c69127b3a8c521fbba06b740ea707db8

SHA256
e4662963a01dc464d7157011460a227fd4136a8c5593762584657aee3d4134a3

SHA512
b549f82a1142a78e6666cbc55aaccccedfa8b99fdd510e249708b330539fe75ab7f7f010a748478e2a234a4d1ef2316e5706bfd7c3e05f42a6838aad6936f916

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
b1fb1da90e3920c93556f2f85dfca9b7

SHA1
3008eae1f155928ef7477c44154624c314a15e97

SHA256
7cbaa0e3aba25ff5230928503699abaac70268810d6b8f7259242604a143315b

SHA512
3235df04640552d64e74fd43030e03e88fba7a7145935503c9a30cffda5ee02207303fad5dbbb2060f5371acbccb9b0fdc5e96972c25cb63d249cfdd1a11deca

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
51389fc9204a2c44a09cc6573a58d44e

SHA1
38b86b7e193aa034d11d5fd657230b6e51a05101

SHA256
49a096a737f387c490c495b0e26eb0e32777e26073256e21cc50854e78cea6ed

SHA512
0697313dc31a053a0ddc7c90b5e9ef45652bda929770406d7ade3187ecafeef33e906d3a9f2468b8e9ad722692f7bfef087851c5970068df7eeebe3a75fa00e4

Download Submit
memory/1304-0-0x000000007469E000-0x000000007469F000-memory.dmp

Filesize
4KB

Download
memory/1304-1-0x0000000000890000-0x00000000008DA000-memory.dmp

Filesize
296KB

Download
memory/1304-15-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/2508-5-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2508-7-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2508-8-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2508-9-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2508-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2508-12-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2508-16-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2508-14-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2508-3-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2508-17-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download