lumma | de94a3e312de49229cfd088163fb38610b286c7399eb5dc15410e46a25fafb2e

Resubmissions

15-01-2025 12:58

250115-p7l3nstjdv 10

15-01-2025 12:56

250115-p6tq5atjcs 7

Analysis

max time kernel
132s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2025 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8WL@O7~XlRY.zip
Size

1.3MB
MD5

f2a2deb66220dec15632f27d91bbdb16
SHA1

8edd492215d95f2df5088a2626fb87664697790a
SHA256

de94a3e312de49229cfd088163fb38610b286c7399eb5dc15410e46a25fafb2e
SHA512

ee611e2b151627adb6ce2caa5a29091a0d8e202099de56fa99fdea022a3ca03b26b5da2747a340198f81d12f57a00b58e5c7169d1ee29a38fd84e4a51fc51fd5
SSDEEP

24576:mX8eLw0r9awIWR9DkplieZ2NOpo88EyV3zM1mOBACY+W8jBgGGOiFTQobTJq:m9r9FImB9fOpo443zMDBo+9WGziF0obw

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://uprootquincju.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Deletes itself 1 IoCs

pid	Process
2320	7zFM.exe

Executes dropped EXE 1 IoCs

pid	Process
2168	Bootstrapper.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "46"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	7zFM.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4660	NOTEPAD.EXE

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3156	7zFM.exe
2168	Bootstrapper.exe
2320	7zFM.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2320	7zFM.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	3156	7zFM.exe
Token: 35	3156	7zFM.exe
Token: SeSecurityPrivilege	3156	7zFM.exe
Token: SeSecurityPrivilege	3156	7zFM.exe
Token: SeRestorePrivilege	2320	7zFM.exe
Token: 35	2320	7zFM.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
3156	7zFM.exe
3156	7zFM.exe
3156	7zFM.exe
2320	7zFM.exe
2320	7zFM.exe
2320	7zFM.exe
2320	7zFM.exe
2320	7zFM.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3092	LogonUI.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 2168	3156	7zFM.exe	92
PID 3156 wrote to memory of 2168	3156	7zFM.exe	92
PID 3156 wrote to memory of 2168	3156	7zFM.exe	92
PID 3156 wrote to memory of 4660	3156	7zFM.exe	95
PID 3156 wrote to memory of 4660	3156	7zFM.exe	95

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\8WL@O7~XlRY.zip"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Users\Admin\AppData\Local\Temp\7zO45CE70A7\Bootstrapper.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO45CE70A7\Bootstrapper.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2168
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO45CE5648\README.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4660

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Deletes itself
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2320

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3944055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\$I0HU8NO

Filesize
120B

MD5
199b7e290931d3c58bede87667e4fc7c

SHA1
abd08a65d985990995de0c15877329331d4e9524

SHA256
c2db4f4b52f03f7b69edfd8206d6e49a3f05dbd3099c2f6964889d2a58674cd4

SHA512
5181197791db4e1e0f320573249dcc2a0eb95c28514be7f79377ce50ca2ad172ae5ea77763e467cb2054f2d768f44dae1195dc41d1541c13efef9f3972bd94f8

Download Submit
C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\$I39ZW3Z

Filesize
112B

MD5
4ec35bd5a9bb64173d35231427216074

SHA1
731c036efc92dfff1a706030f8f045d071231e3c

SHA256
ab15f5811674d9e33807e5d608e467426ca9a3e3e4621cdf8a8d15652e353b4a

SHA512
0b7d97e8ca8e73afdbe10bc21aebdbe1c6eff7c9538193232e4c98104c0ae7c27e683f4f0b2f0da7fc9df9030f0a30308e73500909da4899c5e122e451473882

Download Submit
C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\$IBADVF6

Filesize
104B

MD5
b4a9620f6b877b0a66a0f31c03998086

SHA1
8895b0b856d86328bb2df626dcd80fb40522a298

SHA256
cc3958fd6e6946a5fe1a88b153d2c4675cb447225db5f28a7bbb889290db3af7

SHA512
892cb57280debc6af8a752f08e4a88eef507238a9c0d022f13c890a6c4f993b53a21e0a02fb1c780903b517d3ccdd096b6f4a433b78ea37d3ef32aabe86aac51

Download Submit
C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\$IBRZGEW

Filesize
174B

MD5
7088063cc0f4c617914562d8f3bbebb1

SHA1
8e63d055044da94a5d485bb29d40c597da2f5ac2

SHA256
bd99c2de1b35001639010c41842ce53428afabed56b28d328673c29cce3e0bfc

SHA512
cc668635580669145e166a10e8206ac173214b99698db4707c468f5938d3a00dfb61d6a21d5a813f3c3ca870c9a26a971a0e4799b6d85b41e87a38cd7982da2d

Download Submit
C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\$IEJ4BMO.40219

Filesize
224B

MD5
066776f57349dbc7a6360691d4e7fb75

SHA1
8e647cfdb86a2a8b28061f2dc521db13c6ad6e74

SHA256
a5dae607f05e0953fd0c9bd0bc0eacee06b993475f6549215327a19f0392292f

SHA512
b0f00b39ac16364a49d98cd6b1f403e41a7bb3b0e16627e2c07164923dc5fe6039f8cbe85882ef1549967cffe7d581a67e69a75ea07a7f279b5169eb0e6a5a00

Download Submit
C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\$IL0WRUO

Filesize
134B

MD5
0e5fcc9a8c759f03ae856fb8dfd67327

SHA1
91a1317c4ffee377df0407665c492f1c885d32bb

SHA256
40d35f384d2ef7c9732b005d10c5a70a9fc2c1fefba6dd73d814da0cd2c40575

SHA512
61313e0a1c353797d09fb7b0638e2789a54fb5cfe49a444afd995dcc48851d33918cc9dde8bbb99586efadc27d138da553569808ff1bf07f9cb030f9e91743a7

Download Submit
C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\$ISGZBOA

Filesize
130B

MD5
0415eb31fe7d86008a75e9c59e4d8092

SHA1
e4fa1f98815f75bb303511aec4e508bb14c62965

SHA256
873aba9878525568568793c9212de20b71645e976412ba809215819e16b08124

SHA512
c66028115f81005eb8591027bb541773736be7469194e2160637668d52ec053182e5d2039b739517131c216cf394c01c702bc27e1c9d6d059e093ec83211c8ee

Download Submit
C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\$ITFR055.40219

Filesize
224B

MD5
5d75a608d43786e6c4b0533a29523de7

SHA1
3aaa8a101b1769a0db85798e40a3d22dc192dee3

SHA256
144cceb4136c8351f63b87777a385af2daf7fcc94004b5ff7f99e82d34d1efcb

SHA512
d1c6d0c3e2d2060a5aad6ed77f90203b3d0e9a01fd63bbeacc43ba851d052575bcdb0dbaaca17230a96c9057d857e7b5576decef475252322e48e46f7bdb1808

Download Submit
C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\$ITURL0O

Filesize
104B

MD5
ef7082abd1face03c1a1607feb0f21d8

SHA1
71b8e95cc9e7cdbd0d8aa020055fb30ad022d665

SHA256
df4793bd02e4123fa9bc6dce1cb2ade3b841810ad21c9d195c431714b581f371

SHA512
e4947a6e243655ce09a8d01c0fbc1f0c9707e90515b2609a87530f31a0c53830ace25017ad66aa1db8aa74438f79b39f90a0aab9cc9ebb6b120fbc3441d9aa5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO45CE5648\README.txt

Filesize
124B

MD5
3b4bb14e17a60137e3e93c7adac41bcb

SHA1
de09ed28df13d9325e816d0c656582a929077876

SHA256
bde691c014e6a2527d5ef783d065edf14bcfe83b20c1ff97c22d280633b5287e

SHA512
ec76f39b6ab4c6f822a1777c78212d659d86760458da9f050fba48bef12cba054573f25fc96278b49cdb163bed41a157123c01d3897226584cd1b57a653dfb50

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO45CE70A7\Bootstrapper.exe

Filesize
2.2MB

MD5
8ad45fd72a78fb731a2ba19df0149cae

SHA1
a0614e43edaa61ee50f750c95e5a9361ee76fc3d

SHA256
5612aad58f43e1beb974deda0f1f678e1a4b5f74dbb07a94db5b9558f2814426

SHA512
f94c257a90526a86fb93f0d2fbae87fa4326a3c35aac62c0cc46ee2b2b5f94faefd8d6535594e2d0e317b4c3e4ee468bf3b2b0876ee59440f7a2270d45adacea

Download Submit
C:\Users\Admin\AppData\Local\Temp\8WL@O7~XlRY.zip

Filesize
1.3MB

MD5
f2a2deb66220dec15632f27d91bbdb16

SHA1
8edd492215d95f2df5088a2626fb87664697790a

SHA256
de94a3e312de49229cfd088163fb38610b286c7399eb5dc15410e46a25fafb2e

SHA512
ee611e2b151627adb6ce2caa5a29091a0d8e202099de56fa99fdea022a3ca03b26b5da2747a340198f81d12f57a00b58e5c7169d1ee29a38fd84e4a51fc51fd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\AdobeSFX.log

Filesize
1KB

MD5
5ee9b5ddf06bd1df9d98fbd25c2a3067

SHA1
15c8df0898c1a58ecaef015428b4f9beb4469078

SHA256
105f765aedf2cd40acbfa9a496b09f5821d4a611ae5b3f051c34da0a69f0863d

SHA512
af99e7e8d8130636dfe1b233d3695e8c7761728c58dbf187195556bfb0b3c915c6a673ffaa7464e7f23d4445d4d0ce1b87e9af08a676eb6ba90c18a089edcbc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\BITB391.tmp

Filesize
1.6MB

MD5
f34465b4e626bd45ce9b984b7233c655

SHA1
d31182f357a2dae0ab69b2e948ad6106ece228d8

SHA256
07f829c35f0fa4b2352b947ca0764093e0a06ebc8eb759dc912360ec69d5ee07

SHA512
d64cfc1181a98cad8ccc3feba7d024d3a78d2b1ea2f07402135eada82d7d4529cb636448779444a3b20991f4b71f7382bda1c14fd2a4eae1fbc39099153db06d

Download Submit
C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log

Filesize
13KB

MD5
e39c631e7947590af8a2e471cd34fbe3

SHA1
20f9ad3ed13928df7a955bdf28421c365fbc66cf

SHA256
59713539e8061a03a339cd37a3f59423167e2a965025dcac01e1ed8f44afbb7a

SHA512
834e6522f2548c179310bfb9c7caf867e7829bb15fdf69f8f7979e5ec969d5b8c1d675eeb895fa0af3b5664b587437f8f6e1897f1516dcc19864a8cc77942b30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20241007_091130781.html

Filesize
93KB

MD5
1201c1382aacbd4ee63cfedd3533556d

SHA1
361943f8566e28d8016e70dbba356210e6f10f59

SHA256
1db08bf34f330e68269272edf9effd4afdfe4f368cb2e3e74df699e204d1b9cb

SHA512
0685a24f8157aa82ab381390b61229222779856a7ec3a06fa65723a8955f47697fbcf64a5de9916638d2ebf798856c73194ffa0902bf781f0e2ddba0f9267057

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241007091210.log

Filesize
15KB

MD5
ef4506c86855b62873c776fe435d1952

SHA1
c0efa8e0d64d41426adce2820773b9a04e38425b

SHA256
ebb88c00cae2f06d2e4197cf50ff787c3d1db762799abd3c32f59c9e68b84ca5

SHA512
ec6ebb48c503e2a4c58e6d88aa03b0bf0d3dd6ea9703f87c4e4d6b4a5037564ccdcc5f50d0a50d00732a0cd1b7e15a96bea66567897621f289a530af84e0c7f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241007091210_000_dotnet_runtime_6.0.27_win_x64.msi.log

Filesize
551KB

MD5
f842f95dde3d59133bada8bcb621a414

SHA1
a4a5fd59ae7b114db4b7cdb64411ff53b20b2a7c

SHA256
3a7f3c7434f1057b0f23c841a4d099e23902c9a1dfe024f065fdb61527ca67d9

SHA512
a91c785d3d7ba0ba4e49e05b970839731adc6f34ddae512dea9efc7346bc6370fb46d88e256bc1e0a41128a0493b8e9236164d043703cce6e6f77c7f7c0e3a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241007091210_001_dotnet_hostfxr_6.0.27_win_x64.msi.log

Filesize
95KB

MD5
95e9b5bf8e83327654976121a264b154

SHA1
bd029d9ced8e5db7b5fbb062aa20dd09bc3de2f5

SHA256
f70cb8da0206545e7babaf09ac2adb2d50ca211d14398e89cd5277857e71cce4

SHA512
a2160161b145c0033116b5439aaf612b595ea93a3c69c5f57ea6d043baa2e509239ef4540bfd6347fda9281eb5f73fcd32a609a45cc86e69a47ffea1136d0c16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241007091210_002_dotnet_host_6.0.27_win_x64.msi.log

Filesize
105KB

MD5
a0d7204ab73b425affe68398dd81e8a0

SHA1
803f27589dda92a2d7e4c76a5be4e137fb9045d4

SHA256
8a6d754daa6288e5cf229a9f4a7cce63309127f05dfa181f1c49091e82543d7a

SHA512
d5b8da8d10d879d649b4c9ec176ccb6b4a6adc0b2ca9423fb22ab7f7a1149a36a149f637b43996ed5f61a99615a3a38456ab1071a519d22eded904a73ae48892

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241007091210_003_windowsdesktop_runtime_6.0.27_win_x64.msi.log

Filesize
847KB

MD5
4f2295faefdc8f9e4415360f980013c9

SHA1
57ae30a1de806964db2e92f96ad4d922ce18c0dd

SHA256
c30ccc813360c0c10d2c70e5db92dd1e5ea7d925ae6660b90b313e2787182b62

SHA512
4358083c973d413d53a064d89ed5ab2655d6bbb9f26455e7c34decbb6c2851c4a2d0a6aa11dd0a6b0e656e6cd471f1ad2bc360350a50418f23216a07dc82e363

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241007091250.log

Filesize
15KB

MD5
84e37d7e3dffaf58b171868c098d37fe

SHA1
901e07aae490eb13c7b19f6e9a5bf584137265f8

SHA256
957c2938d87f10370ca745a31d5eba110b9e91ac532118822ba2756e1ff144c7

SHA512
872283c9f5765c1dbe26169070328f1eb2ce4e790d9cc56cf18ae3199edc1d620e912486593e5d2f60b05e70e002beaa319d73b690e7a46c83bdf2ee867b73ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241007091250_000_dotnet_runtime_7.0.16_win_x64.msi.log

Filesize
470KB

MD5
57204580b3aa0f920d6e1379cc54fa6e

SHA1
c7c7e1914bc9b6b1b65ccbc7ea8479934e905a23

SHA256
32848344151f2356f8bef6aa9072e1f3958f7022ee510a1e391f926da701eb75

SHA512
ba79a716d5628cc171d3249bfccd19398d4e806e358db9c4766b83860256f864307e7a09ce3abb254f9aa9e90349ee53a17ba51ef35a87466286fcc8b979216b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241007091250_001_dotnet_hostfxr_7.0.16_win_x64.msi.log

Filesize
95KB

MD5
6be73104f84a8212e4bdbb0d8ee85232

SHA1
941db52fca59de13df9a9104445b1832d35995c0

SHA256
773558745ad737e44d5eb5a78eb9ebbbc8770f1694ba1f2c464d361cf2affb1d

SHA512
2cf35452018a839eebeed075344069506c79674d1052ff654f5ace171a3dc35f48078175a0cc8728e7beec6606721ef30c996824be6503e78ddac67f1a4c9274

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241007091250_002_dotnet_host_7.0.16_win_x64.msi.log

Filesize
109KB

MD5
744a395db6f792d43e420eb94eb68c6b

SHA1
b3e40430e2f2bc42b48282e45987dd1b18b95c98

SHA256
69f4152784be09607e78e19afc4bb0884f7ed5171189dfda101e6e1ab954cd54

SHA512
e0f15a09b40af1efd7b5ecd2f9291870bccda61afb4df374b8478f457f97c1e386bae69588d371754a32f33ac72e9824927a9237249f975ad269847751e17574

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241007091250_003_windowsdesktop_runtime_7.0.16_win_x64.msi.log

Filesize
852KB

MD5
55355b8d53439cdc9c25ccba97155336

SHA1
2d3a96f70cceb244fb399ae166c1c4c18e9d7ee7

SHA256
8c1d64bb2609496f0e38d1af6a87d600f132fd842fc14fe94cad6b020241dc41

SHA512
dd7e0b2cb5f03f05f1787a33ec5bbaccdc4330a592795cff3e26b9b39a497da0757761ded45c87d0b84b86625a3cbd66c1b1d8e588fbb7a173881447aff74e2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241007091315.log

Filesize
15KB

MD5
7bff72ecf080445d4e9c89145c26cd01

SHA1
a222ed03fe115d562992f0a32f442f8e163a96b3

SHA256
90bbfee80790a0e2315a13674219c98f13b00d5e1c9977d5ab41bfa98692f161

SHA512
c0ab40dbc7b8193656c73c63f614af383b8de8e949ffba0f5ffec01d7cb07f1dc0f3699396608b199b15b298dd91c8ffaeaa96a99d03fa904986d534e5c42c4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241007091315_000_dotnet_runtime_8.0.2_win_x64.msi.log

Filesize
469KB

MD5
3a55f3289385ad9b6908e4850c3bf5ab

SHA1
c578218d05c93bea6cbe9e49e210913d4153e3ee

SHA256
459211eb7284e59a0805130b0674da8eab614c03af8d82e1652d2826e610166d

SHA512
d0ec3d95d6df88369d75f5efc75c6130d98dcc0262cd07ef3da35864f46ee9a3fcd00743b8749060461e1fe0d568c448a9047620fc7c9879d4d3a36342200da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241007091315_001_dotnet_hostfxr_8.0.2_win_x64.msi.log

Filesize
95KB

MD5
baf20b0ec4bdc37fbe52b26f8413f48f

SHA1
ae7f910d954d496f3792763b0625fee59fb0565b

SHA256
444115bba6b4234b0bf310349ff0e14b78169b7977ec30539b1587874a305ed0

SHA512
668addedb896dbb597aba54f6f9e8481f8a9e07c6a5e3588f0d02b1d3600ec782ad1f20cee79f682d0deb6f806d19035a696d7784f2ee6685c7ed3cbd775550c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241007091315_002_dotnet_host_8.0.2_win_x64.msi.log

Filesize
109KB

MD5
99efe5350d065aec57686ba29ffcac78

SHA1
dfd628ca686cd3ad9644bcc8979555f7fe267903

SHA256
54a54950e536740a8fb09866c394e7b361904e1b7aa6d6752cc9a483e0af8f4b

SHA512
70b4a7bfe48c45421bca36d7c180a0b1f4f8874d268ade4498ddc1464b87937966097e4db1b2074ce079b0f5952c54b136a194c066915d45f02aa99fccbb6bb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241007091315_003_windowsdesktop_runtime_8.0.2_win_x64.msi.log

Filesize
846KB

MD5
13ee3257848c32360456e01c9db4a0f7

SHA1
7750e6571ecfcf643e2a1730cfea3b47faf413fc

SHA256
9c79109704fbc3d2a53b098fcd5d2780b7be8e46b946f4d76224dcdee1c1221d

SHA512
59142e85b4ee0b751d6af2137050ec948a6836129879484c05ab583f3b0944419509b7bb4f981b6629566e09067b78c5100bee8db7f5000fd7b8976aceffbb5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\OZMCVSQS-20241007-0916.log

Filesize
57KB

MD5
287c5dd73bda9d7890154432109b4dbf

SHA1
91a0eda4071f22e666e04a587a14ce4d67d7f746

SHA256
1c63d1f5bf8b7d18f5765b4cd612138b43f545fabd9d0ec673dcfe90c669d0ca

SHA512
f71246ea1797d0a6cfedf5a95e26f7a2042a8ca110309486b218bc987c8704f872da27b7a0b7a3c42feb6fbd2b5839a508575ea127b31caeea583c3c7e7d0026

Download Submit
C:\Users\Admin\AppData\Local\Temp\OZMCVSQS-20241007-0917.log

Filesize
181KB

MD5
5100f38ebd8d268da16f8004de41b9c4

SHA1
265fc79b124cb41cd90e4e29cc305d99638d5399

SHA256
511aabb3623b7c295df9cbb8c961e64da1c6fd3cc9ebddebae25a8b9d6471d42

SHA512
2700f07feadff1474f8c6541612bc8f2fb0f1be8cf36db01c3b63032e00645df74e3cda00e8155d77d8a9eaecd04c53e99e42af34b3ac52c79fd6188ce04e473

Download Submit
C:\Users\Admin\AppData\Local\Temp\aria-debug-4060.log

Filesize
470B

MD5
38732a41c3f4d615767aebf796db4f0f

SHA1
db999ecd1ec00436a2019912a9fd6e8371c98724

SHA256
4b9680b89a0d8b0f3d845bf46ca07a6acfbd956bf0158536437dc2b94df60c47

SHA512
95f3305169f0a8449b1e1aa2828793191489675397b5d4dae9ee4c658b0bfc045006ea86e66f710e3e84a9c4cee93b92f0b29012d1b68b0b9f921a8224eeb9f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
6KB

MD5
343f49cb23b8058f91b85a6efdbdc17e

SHA1
a5c165a04af960c73ac716d42e86937e18ceabec

SHA256
f571cc9a1d76ad164d569c9dfc8ef00f217b2f7abae2417dc182edc42d551526

SHA512
3851dc525931b835d87dcfd86d324e90ca3c4bbbdca78c16de6fbe1876edb49d720b9c245f70eaeea7e508c3d4558d43f7c7eaf6d947bf41cb0cdbb6e6258f99

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

Filesize
1KB

MD5
5bca0bbafddd6451be71d63e9905dd40

SHA1
9ff68bf6591297febd1466e9fdcaf2fe564532b7

SHA256
83a6a57b1f871d6db13cc8b3b5bd3fb70470751c8db0e69a28c08573316b1a41

SHA512
34fbedf47491fe241b5afa36115cd78badcd759acda7d57918dfedeb533841ec1df1a8f05cc12d37a2cca3b4092480f063acee78160d42e461c98ae871a14012

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI33A2.txt

Filesize
425KB

MD5
4c05fd5fa1f6a05f88ed91fea900dece

SHA1
6dd2b7a9584bf46033f7431926c48fd0582b22cf

SHA256
5edcee74663f1df3adb0aa1dcd0fb43678235c2232d195ff1af8360f2507d56f

SHA512
2048da8fc7256804756447a6f19724eb66f9dc1b6aca166806cb9d5fde611d0e2b038102a516d77006e1e2d4380144a67640501046680ac86c94757249e05875

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI33C5.txt

Filesize
413KB

MD5
3cf3cc7e008d33316e3da1710ec07e6c

SHA1
d4e349d95cec3bf45a60b9a26ef9ed1b133bbdd1

SHA256
f3ffe69bd7cb444e25ed4fdd8a3dbe31ba00b1379b618144cc145f79edd2be1e

SHA512
3d07add65c5a82f924ad444f29187e32c973bda56aed628b8c1661f17f86e2c64f44786fb7950fb74f42d6639ef74bd8ea6a0a9d4a1cb2ad9ac0c939283d6474

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI33A2.txt

Filesize
11KB

MD5
5df3e9633114539281686aa2ca08a9ad

SHA1
7c2a94d0accc285b2db35e35372f06b213807376

SHA256
7d5045a57d8ad5a38846f377e6ed2c74040c50f44179995b36bd20fe59d4e4cd

SHA512
4f69a8932006c48feed8a3944e52cf64c11f1e338e2c1b6419a754eca6eaee625b7b42f806b2b8453df4acf6aa03d44a49fa480c80cc4135afc548d903f5bc76

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI33C5.txt

Filesize
11KB

MD5
d09b1492c3fe562f3b7af66f5997005c

SHA1
889206472eae64f9dcc155228e0300fda11aaa3a

SHA256
daa0b086aa5d5c3b170ffad331d8415ce2f4f569ebd006c63e4716cf2692d716

SHA512
99d408bd4a5c464096aa6a781c3b29628991ee862936c811bc561a10a4fcde76d28afa50a218f375f0667440e1c2e8d06bf079e660642b6de5147df7781b2d7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\jawshtml.html

Filesize
13B

MD5
b2a4bc176e9f29b0c439ef9a53a62a1a

SHA1
1ae520cbbf7e14af867232784194366b3d1c3f34

SHA256
7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73

SHA512
e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
163KB

MD5
521ef8aa8443058125963c0f4f3ed379

SHA1
0baff68e773dc3fe8ed4d1e9ae3dbda93a379c8c

SHA256
52e778b97cf6ac986e563b5649752251ccff73b47811069e35fac7213e63fe69

SHA512
ac8e7c34a0a98c14334c12db40767d2e34d78410a9625169b80a601cb3bcc744d4a700885165baa4774f179a15de4655ae593c22941e98437f3721985b54f978

Download Submit
C:\Users\Admin\AppData\Local\Temp\mapping.csv

Filesize
120KB

MD5
d3186aada63877a1fe1c2ed4b2e2b77d

SHA1
f66d9307be6cbbb22941c724d2cf6954b41d7bb0

SHA256
2684d360ec473113d922a2738c5c6f6702975e6ac7ee4023258a12ed26c9fefe

SHA512
c94e8aa368a44f1df9f0318ca266f5a6a9140945d55a579dee2fd10aff3d4704a72a216718b35e44429012d68c2bb30a92d5179fbc9fb4b222456a017d8981c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\msedge_installer.log

Filesize
3KB

MD5
b60ae3733804e7a4ce870ca0139bbf9d

SHA1
3a81e954b749bcdef465be956f3da6b48dbbff2c

SHA256
c59be950f4b5b63e650db9e5d1a526f28bb63d6aeb777c466ab5f62e511165bf

SHA512
7b229340c8479d83c389cdd878107ec0d2c46621ebc23740c1f52a0c3a84ddc8ad83d71674ac3ad243ca1fa74103ae69821640dd138041a8d9bcabebd0b162e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\wct1FE.tmp

Filesize
63KB

MD5
e516a60bc980095e8d156b1a99ab5eee

SHA1
238e243ffc12d4e012fd020c9822703109b987f6

SHA256
543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7

SHA512
9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\wctCB2F.tmp

Filesize
40.2MB

MD5
fb4aa59c92c9b3263eb07e07b91568b5

SHA1
6071a3e3c4338b90d892a8416b6a92fbfe25bb67

SHA256
e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9

SHA512
60aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
697B

MD5
2ec296d4a17cec745ba7f70b985fbc66

SHA1
1405969855042c7c68a41ef2d4900650621464c7

SHA256
8a84185e45a2bd96b911873e441629169ba8614d56b8697d6e35d91fef6f5137

SHA512
6bf238d63aa326cfc949c39802b7c7e25b3d2313eebf339d0a2d330a8bc8be44aae60eaae650094b3d1ba9e23b35d0b514286b7a75f8933644efa3b1ad2cf3b5

Download Submit
C:\Users\Admin\Desktop\EditWrite.docx

Filesize
12KB

MD5
3e78c4812d5acb36d0a20379daa8487b

SHA1
68ec461882f23767fc000d47806a4b980cc84d70

SHA256
00bb0f21d6eb13c85bd024ede7357f38bf3cbace7d0fa06e71c974bd8f84f93f

SHA512
2ec8456b356d88b8c26da7dbb8b1171c483db58159f29cd3acae76b07b037aa45fed5c928fb5fa5b7b0a30dc38e99b306b881db672b361af000d7d7c564f5791

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
c15af8e436d04bb72a7d7a9187a73080

SHA1
3ea0b4613779245befedae543afa050102e4dde4

SHA256
0bec71cd66731ada6fad8cbe744874e1558c5c440247938bd3c07e9c1d07e83e

SHA512
3f12c8cf5b95e3eb7863f6e1a16bc0ba50dcb2d1d87ceeaf7b24049e07ab64e019a743d10624262fbb9472f38c15b4455c219a44f3d007992eeaa8d0ae8cb9a3

Download Submit
C:\Users\Admin\Desktop\UninstallGroup.pot

Filesize
958KB

MD5
0a247b8b66771d4d44f1040e6a222cd8

SHA1
abb690bf17020c53cdb4da0bd70ec10d22268bc1

SHA256
eb6ffbd0e0a74b1f65c95046b7223fa719f1664adec4789bc8e36777164c7217

SHA512
0f1539a8263af4b54f72c1c7826899e36c6159eba334c64e923e04412aa9f9840bd91bbb30e22620b7f0926942263fc3703cc7ecd8d26eaebbcbe34d05482442

Download Submit
C:\Users\Admin\Desktop\UnprotectFind.vsx

Filesize
853KB

MD5
ef976d9845c6d85c06776d9736e4c96a

SHA1
16d7ddcfc0b25423aebaa02f909eba4a6fc53716

SHA256
ad5ea322a81d45cbb41acca0b6ff2874358c6caf1a8fa2e461da83f365028901

SHA512
f1fe4d64902090da07368e5422d0104a427471a19f6ce157957d48b4dc3a0d9f4852fd2fff3be52f84c8adb247fa70144bad3d0f4f73c3e8333a5965cdae9070

Download Submit
C:\Users\Admin\Desktop\UnregisterComplete.xlsb

Filesize
435KB

MD5
bd7dbd8e6ae0f2c4e28756aa0d8f7566

SHA1
8509c2f37f355d0430f74ad15a25ab76c0f3b1b0

SHA256
9d4075d74dcc30df77b1443fdde3a89626377bccc1c9c05f2e9c3ace4bb25699

SHA512
a947b6dd3a96bcc322fbb7447352b0e469517e76e342c583196641fcf10eb5a05a566043e6eb356139ffc898aeedec5d6206a2e9fd33002d547b33d9697a4aa9

Download Submit
C:\Users\Admin\Desktop\UpdateAdd.crw

Filesize
609KB

MD5
55fb8706f8ae5d7522df7217840c67ea

SHA1
fe2d115c48fa7fa77986aa04f26018d786d2fc4a

SHA256
826cafcb4bc882d38b69dfe13d68c2a8eb17492ba92d47618edaac73f72601e2

SHA512
a9b84c2097977c7151bbe08d0f8bdd230ef3dff9cacd554748b0f004b9ba7c3d725ef3969408ac817d17b4eaac3abb0c60e3bb7e8acd9811e0ec08070821ad05

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
ff8b991fdf07823a5b92fc31ddf9e195

SHA1
8965c71ba789e9097230310dc488c6a328c58f7b

SHA256
3ad6c4c62539ef85ff51fbe27c30161d7cd20e6c65ef6a353b752ba2db55786c

SHA512
43f79c5299b15cbf69e58e28a18f6ecfd43f1b102c9f7e8635b90740c866b8c640f2a3ccf048008cb0fe20c1b8b234dec16e5b339e41d648fa0302e0de4fc267

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
75874af35973494e12283d356e366fd6

SHA1
2b8e9a62ee0c588d7d78c1c00340b585f1375f7d

SHA256
dc51ff5a00b40fa27fde7054cefbc4ee791edcf7a364d1e51ed676dc4ce36390

SHA512
a70cb20df71b21d02c83b089239e0f12d2a65530ffce4cfb396b481349f4501ccbb8fbe6f5a14f3ab1005e2be81d088b8f12f6c39e685c24b0a08dc80ff2d3a1

Download Submit
memory/2168-24-0x0000000000940000-0x0000000000998000-memory.dmp

Filesize
352KB

Download
memory/2168-16-0x0000000000E00000-0x0000000000EF9000-memory.dmp

Filesize
996KB

Download
memory/2168-18-0x0000000002EE0000-0x0000000002FD8000-memory.dmp

Filesize
992KB

Download
memory/2168-17-0x0000000002EE0000-0x0000000002FD8000-memory.dmp

Filesize
992KB

Download
memory/2168-19-0x00000000005F0000-0x0000000000822000-memory.dmp

Filesize
2.2MB

Download
memory/2168-26-0x0000000000940000-0x0000000000998000-memory.dmp

Filesize
352KB

Download
memory/2168-25-0x0000000000940000-0x0000000000998000-memory.dmp

Filesize
352KB

Download
memory/2168-23-0x0000000000940000-0x0000000000998000-memory.dmp

Filesize
352KB

Download
memory/2168-29-0x00000000005F0000-0x0000000000822000-memory.dmp

Filesize
2.2MB

Download
memory/2168-22-0x0000000000940000-0x0000000000998000-memory.dmp

Filesize
352KB

Download
memory/2168-27-0x0000000002EE0000-0x0000000002FD8000-memory.dmp

Filesize
992KB

Download