lumma | 3fcf8ff7401f7871a6877ae7b8293bdf607030607e1b10d7930b56cf02eef4ca

Analysis

max time kernel
145s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20250217-es
resource tags

arch:x64arch:x86image:win10v2004-20250217-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
05/03/2025, 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebn banco.exe
Size

784.4MB
MD5

bdf2aa6823c193d8e1bc95f152cc28ab
SHA1

3f10e54411029ff7b4b32440cbd9414bbbd831c4
SHA256

79cfaf5728e4296f69963eb5fe954914323d86a81fe8bcabfd3b67b5a3fc1032
SHA512

76b37dbd007b2da721414e7a7facea65b910fd18277c2d34f9a5af44efa8c3ea989c567b03c09c486790dfacd5ca85293d8bc4fb0dd67a76d9bc4040f93cb0b8
SSDEEP

393216:iVAMZgKqBeEkPEgTPi1ps/zG73h/udI3Ke4tAqYft90SZd+cPO/oj:G33YptIAT4o

Score

10^/10

lumma discovery spyware stealer

Malware Config

Extracted

Family

lumma

https://theorxhysics.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000\Control Panel\International\Geo\Nation	ebn banco.exe

Executes dropped EXE 1 IoCs

pid	Process
5000	Equipped.com

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
1468	tasklist.exe
468	tasklist.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\CottagesFountain	ebn banco.exe
File opened for modification	C:\Windows\MandatoryThrow	ebn banco.exe
File opened for modification	C:\Windows\KathyConst	ebn banco.exe
File opened for modification	C:\Windows\MpegsExperiencing	ebn banco.exe
File opened for modification	C:\Windows\ChileSimulation	ebn banco.exe
File opened for modification	C:\Windows\ElectricitySoldiers	ebn banco.exe
File opened for modification	C:\Windows\MattressFlow	ebn banco.exe
File opened for modification	C:\Windows\DisclaimersLaughing	ebn banco.exe
File opened for modification	C:\Windows\SystematicWizard	ebn banco.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ebn banco.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Equipped.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5000	Equipped.com
5000	Equipped.com
5000	Equipped.com
5000	Equipped.com
5000	Equipped.com
5000	Equipped.com
5000	Equipped.com
5000	Equipped.com
5000	Equipped.com
5000	Equipped.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1468	tasklist.exe
Token: SeDebugPrivilege	468	tasklist.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
5000	Equipped.com
5000	Equipped.com
5000	Equipped.com

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5000	Equipped.com
5000	Equipped.com
5000	Equipped.com

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 880	2924	ebn banco.exe	89
PID 2924 wrote to memory of 880	2924	ebn banco.exe	89
PID 2924 wrote to memory of 880	2924	ebn banco.exe	89
PID 880 wrote to memory of 1928	880	cmd.exe	91
PID 880 wrote to memory of 1928	880	cmd.exe	91
PID 880 wrote to memory of 1928	880	cmd.exe	91
PID 880 wrote to memory of 1468	880	cmd.exe	93
PID 880 wrote to memory of 1468	880	cmd.exe	93
PID 880 wrote to memory of 1468	880	cmd.exe	93
PID 880 wrote to memory of 3328	880	cmd.exe	94
PID 880 wrote to memory of 3328	880	cmd.exe	94
PID 880 wrote to memory of 3328	880	cmd.exe	94
PID 880 wrote to memory of 468	880	cmd.exe	95
PID 880 wrote to memory of 468	880	cmd.exe	95
PID 880 wrote to memory of 468	880	cmd.exe	95
PID 880 wrote to memory of 3992	880	cmd.exe	96
PID 880 wrote to memory of 3992	880	cmd.exe	96
PID 880 wrote to memory of 3992	880	cmd.exe	96
PID 880 wrote to memory of 784	880	cmd.exe	97
PID 880 wrote to memory of 784	880	cmd.exe	97
PID 880 wrote to memory of 784	880	cmd.exe	97
PID 880 wrote to memory of 4912	880	cmd.exe	98
PID 880 wrote to memory of 4912	880	cmd.exe	98
PID 880 wrote to memory of 4912	880	cmd.exe	98
PID 880 wrote to memory of 756	880	cmd.exe	99
PID 880 wrote to memory of 756	880	cmd.exe	99
PID 880 wrote to memory of 756	880	cmd.exe	99
PID 880 wrote to memory of 4748	880	cmd.exe	100
PID 880 wrote to memory of 4748	880	cmd.exe	100
PID 880 wrote to memory of 4748	880	cmd.exe	100
PID 880 wrote to memory of 5108	880	cmd.exe	101
PID 880 wrote to memory of 5108	880	cmd.exe	101
PID 880 wrote to memory of 5108	880	cmd.exe	101
PID 880 wrote to memory of 5000	880	cmd.exe	102
PID 880 wrote to memory of 5000	880	cmd.exe	102
PID 880 wrote to memory of 5000	880	cmd.exe	102
PID 880 wrote to memory of 3620	880	cmd.exe	105
PID 880 wrote to memory of 3620	880	cmd.exe	105
PID 880 wrote to memory of 3620	880	cmd.exe	105

C:\Users\Admin\AppData\Local\Temp\ebn banco.exe
"C:\Users\Admin\AppData\Local\Temp\ebn banco.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c expand For.aifc For.aifc.bat & For.aifc.bat
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:880
- - C:\Windows\SysWOW64\expand.exe
    expand For.aifc For.aifc.bat
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1928
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:1468
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3328
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:468
- - C:\Windows\SysWOW64\findstr.exe
    findstr "bdservicehost AvastUI AVGUI nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3992
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 427903
    3⤵
    - System Location Discovery: System Language Discovery
    PID:784
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Slovenia.aifc
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4912
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "EIGHT" Menus
    3⤵
    - System Location Discovery: System Language Discovery
    PID:756
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 427903\Equipped.com + Restricted + Sas + Std + Lan + Phil + Inkjet + Council + Buffalo + Improved + Ink 427903\Equipped.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4748
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Russell.aifc + ..\Geographical.aifc + ..\Mainland.aifc + ..\Packaging.aifc + ..\Editorial.aifc + ..\Mode.aifc + ..\Harley.aifc + ..\Secret.aifc m
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5108
- - C:\Users\Admin\AppData\Local\Temp\427903\Equipped.com
    Equipped.com m
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5000
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\427903\Equipped.com

Filesize
65KB

MD5
7bc93196724d41709fadba28faf0953b

SHA1
a087cb4033692e0aca0c7363b5706e10d5827167

SHA256
0a11c06eb1334fe27c5caaf5db1a57f5085dc600a281468a6ac4353221558123

SHA512
a7ae04d1ab27bd091cdd7e54656095dd69b7e6399cfca6a6609008329fe0d8feb01609a660343d4a5764e9657c343d853af2d69c6e379258d483aed18bd44f00

Download Submit
C:\Users\Admin\AppData\Local\Temp\427903\Equipped.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Temp\427903\m

Filesize
508KB

MD5
e54580063d19f560cd22047e5aa08c56

SHA1
4fafe383fb386e907c0d7208c4173d8b85fe2d37

SHA256
8e51f7509f539fa5604644c872f4ed1840e8d307b2c45557015697c60fda4034

SHA512
45de45e34b798f96166536e4b16d299f92e4db9a72991166af5e52501d5494e0c2c93925d6adf98cf5f739385e66f3af8a2696cd3e7d6a0a5678bcf650523921

Download Submit
C:\Users\Admin\AppData\Local\Temp\Buffalo

Filesize
112KB

MD5
dfa250062f0ce2e09471374d93e95e96

SHA1
5525240c677ee7913fd4ae59396e3e9dbb87b0e5

SHA256
902ca558a5f0a6c4a39c91633b7f6240a78131a15dc8eda475fe89ce4c9ae092

SHA512
d428c999b5902824558edb287126d7f7638a24f1271ebdfaa4ecb93a5352416b926854f8e6580112b35dee532e03dbe98728499d481767c18dd7faf681607671

Download Submit
C:\Users\Admin\AppData\Local\Temp\Council

Filesize
68KB

MD5
74b24c7e42a88c69b3b2c3bada09c8d0

SHA1
41b56be458e0f2195bd3e79ef58757811fee5e26

SHA256
deab8d09a29a17121864283b458f135e6ca38047d482d3d0db59771aed7f25ff

SHA512
c74b2dca0cf95f9fa047ee4a35776c411b10ee81cb86890b22a801eb952e470078cd3a847c95d6ad95fe14511bf62a0c112a63919c84edb918f75ed0b116ff07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Editorial.aifc

Filesize
63KB

MD5
39b559e25f155c21a1dda3e2ce7aef47

SHA1
ad76058df2abb8c3af5ac941b25b2d990eac90d1

SHA256
294de29decadaa6b149cc9a9a7573720c85b23ce787dfffaa763fd95e90192a6

SHA512
14db9809c0a6728903c1f7e2adb17ca15ee31462276479be67d124b9a622d38f6ed8a3a8d9ace28bc2f330d3894e061dcecb676b804c8d528e59938f7468a2d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Geographical.aifc

Filesize
53KB

MD5
c09fd85c0f1494648de575888c0b416c

SHA1
de5856df2b595d090adc99d508ca3923ad59ba84

SHA256
e76aa81e7a0e6489be5f41a4e0875823e3b423e4a94ec3ce6cc0468d9920ff2a

SHA512
86761849fbb2ec9e125e676606354b72dfb37a759a38408b2417bc0abaf57d7b9795d845a3bdd260e7af0507b06cb001e2b31a3bbb676e7a81248cbd453ed99e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Harley.aifc

Filesize
71KB

MD5
4ef9034d8a51107026fdc6cf91860b08

SHA1
c3c31e22b2f9f4e61949708ea56e2f3dcb4df732

SHA256
7b37a1816372d5b5e5af682e1787dac172f71ba48db848b146ef26bb025bacab

SHA512
76d506c448e3158184ec5d36993681ee6fcdefdb139b0bf76059cb3c7a173141002408162381c79230b122f751f7d6c262390ebffe872e28d36a01c79ca5a6ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Improved

Filesize
68KB

MD5
2fc2e8e862e1699ec831c3d0fd11da4d

SHA1
0561405c34b3a82a5e5a25602fb07584562839ae

SHA256
0fe5c49798e1be760617e8036913482886930b0be9bdad00b8f2fd6937b18faf

SHA512
bddd753b15e99d57bc2025a9bdeda27ba658ea9e89a6b306afd5292f0a78c50f42aa75e754690b96459fbe06b433024ba905ae8fe33c85fb01fca1e5246102a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ink

Filesize
28KB

MD5
3f739de0764c927931072d2f73218701

SHA1
da903d6af9ff7ab91f3e276bbd9a14f11b2f51e9

SHA256
57167168be441e5cdeda541460dc7b66cbd4b29e6b3b042d9c690d611fff0e8f

SHA512
e9ddd7acb259acc5de71f9d56f0c98e4022a3ffcecd8300638a786709de12b420429d05f1a88e5b35c104f929d149046caa756ae34c4135657c0fc65af488ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Inkjet

Filesize
132KB

MD5
9655d5239986a90acbab6c53da2d0354

SHA1
ec095293034330bffdcb33ab855319050c16316e

SHA256
ecbdd86f514b4f38c50ebcf3961fa00bdb8de6d30537ea7b06c4e2d502207b23

SHA512
26375aa0e759a56b3bc50fdd6565b040229f5b683959a349d000e95380312a9c46eade543ca1a5ee4400a0d554db9afa136e9101137f327c87e820c2ac326ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Lan

Filesize
87KB

MD5
1c792f8a690fc011231c550b2e450465

SHA1
5392a6fec3160be6dabc3065ef29d0ebfa466149

SHA256
42363e264f6000cae647b81ecf809e9d02848d78a5bc3d61fa2c70dd9c64c179

SHA512
69190daeed543febe5f39b94fef6c21c5fad3645f3d1947e64bbf81b7400d39dcb06308d7a94abae849b43867302f2423e1e1fa78932b0e7f4e4f356aa82bedb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mainland.aifc

Filesize
61KB

MD5
43a1955a6b1ff8a14c92cf23fffb3747

SHA1
f7e120ec8d29635b432d66bc253341105133c96d

SHA256
b868f10899bdd912d739a3b5fc4f2e2a35f7e2a109e18652947fb6cb37035677

SHA512
ffdbbf98311b02c4710e73dbbced205b69108f31d88cf7ac31b6c62ed3fed5be88c9918bb77ed3cd713a7c679b59baa308edd3de086ed19d22e72e77a6ad6ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Menus

Filesize
1KB

MD5
614d37e2852a0c74c323ad8bffa91905

SHA1
29f07aaae0359707c815646a77f27a809d0efec3

SHA256
61cd800b752157fb1fb4eea78a9bd426d0c39529472f4adbd6edae8334f50788

SHA512
5a9c4e57c50c976effb4a683cc1aa1ee6b323dbf30082a47bdd8055f72a51d14043679efec68dd7a0fea340c7b226d2b0f6799f7ef42f060777501ca6b9c3a59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mode.aifc

Filesize
65KB

MD5
29368646fe8b286d28a4848125ed7da1

SHA1
5219b7a0587c8d2745cec27b40c28249339b77b5

SHA256
d3d98583f8b9e6b9281820b2cf196e3b7a9e4d8e04569bc77fd878443184498b

SHA512
5a306f36e76300e932f2eed760f5bdfc8eae0232d48410b00abe6cc71359e5dc99ada843ce4a3225bd5a6871e8cab2dc9cd4db818b548c303b2600551f5d6302

Download Submit
C:\Users\Admin\AppData\Local\Temp\Packaging.aifc

Filesize
88KB

MD5
69ffeabf678830de7946b6ad83fe3274

SHA1
be6ca90c25f37269d45417ad3800c2daf08f412e

SHA256
d739d88881ae2be71cbe876b8e60f671ac3f9fed0bdf35c2a78b4154155c9858

SHA512
f11a02af27c161baa9cbec8caa0d86df0d160e92210f7527b60bc06e385556f1eeabf9ec239651957bdfb4df3452087ea0fa7a38f3dce459f7e9b2a64839019a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Phil

Filesize
79KB

MD5
37ca0e0d5d8513a7f80215d650d297dd

SHA1
b8bebc4526d5a5d7661beff77e14c4641857852a

SHA256
b0f5895279759536faa57b9c9e1635b350c4950e0963493f7234dee239f4c4fd

SHA512
4ea3b94def91ebf5752413c1a48f8f8d2222b1ee17fcdcd15a5ca9f1b4d191bff3b0195c5f733910b259072f59bd2eed87ffab8fbc8e776627ae07395ba03d42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Restricted

Filesize
122KB

MD5
eabbdf1c36f6b33992066137f31406fd

SHA1
2f1dc6a3db706e6679e3d91ec7b16c2868350108

SHA256
ddff4e1752a425617b15ee5d19cbabada079cc94a61531d862c8ffa21f008bcf

SHA512
47267a0e89aa9f7dd351c99f0e5b771304d6fd767de4bb252b3116ac3520eed2a65504fe6e046a48990ebabdd08967a24d20c64882bdaca306448986fa65d8e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Russell.aifc

Filesize
72KB

MD5
2ad72e604586b246cea8b8ba605c2c56

SHA1
63eb732fb0288f3afd8c01246f82e02e0e662324

SHA256
07a379e77188d7fa16781afafec48db50506feb05d64a3c52a80fe6ba0a82ec3

SHA512
444f3d53cb48572ccd53c0cd04fee7e6b131e8ddb1a639933a0eb6803451663ea6b99090daf8fb8435da2809bf2cfd8e371e49bef101fab7e20d7b00661bdc0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sas

Filesize
149KB

MD5
41f1de9f82f1846025de6647e97cc7c1

SHA1
74d3c0f0231609ddef2caa46ac89028901d3adf4

SHA256
60636d24e5642c330585cbbfec4598cbdc9042463cbd2d1b6ce9dfe775985d83

SHA512
ccaabc9e0f14ba4236b4f04016f82d678c0e1e092b9b987ea10a587df2f2c7531de81e413a473f61c137f2a47113549c2a2af59821fa687b8d1050465b887739

Download Submit
C:\Users\Admin\AppData\Local\Temp\Secret.aifc

Filesize
35KB

MD5
16632706947982e014526cacc154ad08

SHA1
ea0461ce3a024c95985caf29975fd8652e2994ea

SHA256
dbe2636e667cc5072049ce770e62152c209f58ec2c56b2ff610ea079c02c981a

SHA512
64daeac1b6be2b4d7c81b56f2eac8bff02173e0061b1b968aea8575b20e1c545e55f367059174c7ccd7d06c2486664acbc353f312eead518401a8bf426f20e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Slovenia.aifc

Filesize
476KB

MD5
5734c06ef55e35bffb7fe9554c33253c

SHA1
4cf54cde840894caf37a4ca088cc9fb25676d5c1

SHA256
acdbfd622b919fe5c19c1d13467f8dfee80d6fa03887c8536aad23fcc317d2e7

SHA512
68ddeb22f62353b924c3d0b44f0fdfa837ee0bb8d0de7e3db403677624db6b571c51cf5af763744b7c02926bb8487853954354ded5297e1ee4cd9858584940c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Std

Filesize
78KB

MD5
9670ed071e15d7bf7b4ce811c08f05d8

SHA1
217cfb10e4a0cf753808505b053f44cd82cb8022

SHA256
99b050b45465c8e07dac1a2edc40bdcce3c9ed2f38b0ba370377e90a577ca01c

SHA512
f63ab9c4ab2504370da17fbb9c763a5e147921f6bd94f87a8e665b0d334f892dab5acc4c8c514b363e3aa87e2a111aaa9c8a3c5541ca2797a05348075ae0819a

Download Submit
C:\Users\Admin\AppData\Local\Temp\for.aifc

Filesize
14KB

MD5
7329a2bd9c459ae97d5f3c963a0c37d5

SHA1
772a88194b251124dacdf6a0e15b5c3cc6a3957a

SHA256
296f7a5c22123ccfa5a54c4690af498abd08fdd70fccbc5b34da3bd21e3c1116

SHA512
d8fc61cef700b120ab3bc18edf0f4360011c12fd1b4d2840ac5f866073aa50d73341b4b1fa2ed40485b723d66c446fdc4e8310c6c192d310e8e597ed90a05212

Download Submit
memory/5000-74-0x0000000000390000-0x00000000003F3000-memory.dmp

Filesize
396KB

Download
memory/5000-76-0x0000000000390000-0x00000000003F3000-memory.dmp

Filesize
396KB

Download
memory/5000-75-0x0000000000390000-0x00000000003F3000-memory.dmp

Filesize
396KB

Download
memory/5000-78-0x0000000000390000-0x00000000003F3000-memory.dmp

Filesize
396KB

Download
memory/5000-77-0x0000000000390000-0x00000000003F3000-memory.dmp

Filesize
396KB

Download