Overview

overview

10

Static

static

3

e24f69aa87...df.exe

windows7-x64

10

e24f69aa87...df.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    161s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 04:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e24f69aa8738d14b85ad76a1783d51120b8b6ba467190fe7d8f96ad2969c8fdf.exe

  • Size

    2.1MB

  • MD5

    ccede1200a6e8eff54a358fa1e6d119a

  • SHA1

    e62fbe82dc5c1efbdecfd94791e023002d3c178b

  • SHA256

    e24f69aa8738d14b85ad76a1783d51120b8b6ba467190fe7d8f96ad2969c8fdf

  • SHA512

    d4c7e45c2f509e43b521bfbcd67474ef271fa12088f7a57794ba866cdd41ddd3e9ee8fc776b31dd0a0811e62542b813e97c0f3404f4e416066c1338193f7f6c7

  • SSDEEP

    49152:Q6otv8NVQqr7XXpwM+DbhzFG13Dyz6fRG+A+85fbhl7zsPS0mc+8aun:QDB8XQqDXf+D9FG1dp9m5fb37zsf+yn

Score
10/10
avaddonevasionransomwaretrojan

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\FCcKFEK_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BCbeEEDeb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzk5LVlXWUhUditJNGpvVURxYnJ3YXducXc1Y0R3cGduUWU2R3NTRXN5SXd5ek1vRWhmaEg3d1lXL2V5aU5lTTlEMStQZ3YrSSt1b1g5cWp4cGlTdE56eWZsOXhybU1CZExHaTdoOGxiNG5QUTQrZjc2MDJ4UnF1MkVUazVvaEhma0JoOGsrb2ZBSkhEUk9TZkV2a09lek9La0hPWXI3SUFRdFU0MVdQWlM5dytRbEh1TWd4Uk5lZ2lOOHhVMWtTWDNOczRwWjI3RUJ6T2ZoNUZWRkNxMm50NktCZ09Ec0RQaHNwNXNtY28vUkU4VU9IaWg0ZXFMc1BLWnl2YjYwRjZBV2RSbU9uQ2NsU1U1TlgzelN2TnNmVkZXaVVyc3ZCYnNjd2E3K3FSZEtRTmFXZkJWOURQNEdsUFRML0ZiMVJqcTZrTTdZQUFxVUl3bTA2VkdqMmxtUHZ4TWxyamVjWlFJeXpVSnlQSmNyTWUrcVZCTlhLOHFQb28waCs0eENEempiOVFLMW02QnQ4TGtxRFhIY2Yvdm5FVS9NRTdhVHh5cmJoZWtlb1dTTDc0eVZFWlozbTRSQlA4d0puaGhLd3h1enVTL3BJekNIS25KZkxJWDlib0ZlemlIdUVtaHVzMGxIakg0TStLL2dUdjBhdXZRQmlSemt3QThXc0FWR2cyVCtlejFrcWR2K25UeXkxNFJJU3NiZnNQSmZVK01mbTZBb1oxMGFkdXgxdHlST1pYTzQ1eTVHcitMbkRpdEhWSmw2NkdGWFB3Y3V3dXV2allFblkwbHlIR3Y5dEw1VkdqbUZvcWF5bmt0aGFHRHhRSGxNMDFtVlo4S3JrZ2RWUWh3L0htdDJQM3pQU0JkMm1SbWw2UXlJODVhZHBZNERoYnNiczB2d3dsRm83K2t1TWJlYzI2TXBvT1V6ajI4OGtDNlR3Rlh0QUUzeWI1Z1RLK1docGhrRTFpWXZicng3RVM1Tlp1YWlDVXJ6UnlWWHV4M3dxQlRycCtHZW4rOURIb1JOdVMyM0x5TTJqcEtzWWVRWFVPTTdKRitRQVF2YTJPd29TOHoxcEp2c2VLd2FiaU9TUXpXQkV3V1NNbytMVHlsYy9SUXh3bmF3ZmJqNlE1UmdjakVzSFFjeWRiZENtTzhDcDJLMjNFaDhSUTMvR2VLbm1KZW9LemowYXlDNW5Lc1B0YVFWalQ5aXY3UFVaZ2FOUmdqcGdXdHk1QUlFbzQxOXdMRXM0WmJ0TDJkZ01sV0RrVE84OGNaVXhla2JHWXZKTEh6bUZrd2xwUDFIRlBzdmw2VkFZWUZETll2Y0ZtYlRob3VUTG51bGV6VzVLcmFzeGRwQStXbkFPV1Uya2ZFYmd4QVNoYkxOZkpyWFNhYjhBMjBJa3E2c2FzaXRqWDFoRDFIRVkrTkVIWHBLWGo2d25ieGY1TGtjRkowajVaU0ZYSVdYMnRSNmRqQ1ZMMFFlcHg3aUtZNnhScjhtZ2wrd3Fqa0E5bkRhREpRSXFMZlZNTmE2eVhxTjcwT20ya09zZ2ZISnZRdFhNN1A4d2hKY0QvN3NFN1ZmSWhmZXVNNUV1Q1hIUmVTSTVma28raFRnT1lwSWs5UjZHUVRaY2p5TlhobjJNS00vWFZXbjdSc1hDZHZsNWVSTFFrbmI2N0RwNW9UUVBPeHhGZjhPNHdxcUF3aGNaMTF6ZlVJS0lDeXByNUt6bHdua0E3dU00OHFzNHFIN3RrV3VmTTdDak9LanlLZUpqNHlBZWVWTHJwcTU1RjhKejltY1kwcnU5ZXVXWld1bHI2V2E1eUJjMldkYzZJY1p0cGQ2SzAwSnFrV0NHM3d2bHo0a2ZuU1VsamUrdGZhZS9rb0ZOa3VRS2FtUHlVbitKaEFBZTZKUHNWNG1XeG5rTGdoNkJLTWN1bEQrRWMxeVJTejROTEpkWFI1aVZNVnMzLytma0VnVkdJaFY0TFlpdld4cU5PLzBvWjlleTVqY3pBOTBFYVFlR09TY2ZPbXhIVzRJbjgxdHBEcm1KdkJNdGVkUTNvejA0TGV6c2JZSUJiYjdQeVFPTWJIVS9CR0pSYmluQVd6TFg1S3hjUkhTb1oxOEVBVlI2OFVyQVZyeDQrT0VOTG9QOVA5SWlCVGVTcW1ZRS9qZy9wZUlmYlhNT2ozRmYrK0lDNC9TZFloU1hjd0tVbWd0Q3p0RVB5RlMxUnN0QURNenovd2RH -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * qsj1YVb
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Documents\FCcKFEK_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BCbeEEDeb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzk5LVlXWUhUditJNGpvVURxYnJ3YXducXc1Y0R3cGduUWU2R3NTRXN5SXd5ek1vRWhmaEg3d1lXL2V5aU5lTTlEMStQZ3YrSSt1b1g5cWp4cGlTdE56eWZsOXhybU1CZExHaTdoOGxiNG5QUTQrZjc2MDJ4UnF1MkVUazVvaEhma0JoOGsrb2ZBSkhEUk9TZkV2a09lek9La0hPWXI3SUFRdFU0MVdQWlM5dytRbEh1TWd4Uk5lZ2lOOHhVMWtTWDNOczRwWjI3RUJ6T2ZoNUZWRkNxMm50NktCZ09Ec0RQaHNwNXNtY28vUkU4VU9IaWg0ZXFMc1BLWnl2YjYwRjZBV2RSbU9uQ2NsU1U1TlgzelN2TnNmVkZXaVVyc3ZCYnNjd2E3K3FSZEtRTmFXZkJWOURQNEdsUFRML0ZiMVJqcTZrTTdZQUFxVUl3bTA2VkdqMmxtUHZ4TWxyamVjWlFJeXpVSnlQSmNyTWUrcVZCTlhLOHFQb28waCs0eENEempiOVFLMW02QnQ4TGtxRFhIY2Yvdm5FVS9NRTdhVHh5cmJoZWtlb1dTTDc0eVZFWlozbTRSQlA4d0puaGhLd3h1enVTL3BJekNIS25KZkxJWDlib0ZlemlIdUVtaHVzMGxIakg0TStLL2dUdjBhdXZRQmlSemt3QThXc0FWR2cyVCtlejFrcWR2K25UeXkxNFJJU3NiZnNQSmZVK01mbTZBb1oxMGFkdXgxdHlST1pYTzQ1eTVHcitMbkRpdEhWSmw2NkdGWFB3Y3V3dXV2allFblkwbHlIR3Y5dEw1VkdqbUZvcWF5bmt0aGFHRHhRSGxNMDFtVlo4S3JrZ2RWUWh3L0htdDJQM3pQU0JkMm1SbWw2UXlJODVhZHBZNERoYnNiczB2d3dsRm83K2t1TWJlYzI2TXBvT1V6ajI4OGtDNlR3Rlh0QUUzeWI1Z1RLK1docGhrRTFpWXZicng3RVM1Tlp1YWlDVXJ6UnlWWHV4M3dxQlRycCtHZW4rOURIb1JOdVMyM0x5TTJqcEtzWWVRWFVPTTdKRitRQVF2YTJPd29TOHoxcEp2c2VLd2FiaU9TUXpXQkV3V1NNbytMVHlsYy9SUXh3bmF3ZmJqNlE1UmdjakVzSFFjeWRiZENtTzhDcDJLMjNFaDhSUTMvR2VLbm1KZW9LemowYXlDNW5Lc1B0YVFWalQ5aXY3UFVaZ2FOUmdqcGdXdHk1QUlFbzQxOXdMRXM0WmJ0TDJkZ01sV0RrVE84OGNaVXhla2JHWXZKTEh6bUZrd2xwUDFIRlBzdmw2VkFZWUZETll2Y0ZtYlRob3VUTG51bGV6VzVLcmFzeGRwQStXbkFPV1Uya2ZFYmd4QVNoYkxOZkpyWFNhYjhBMjBJa3E2c2FzaXRqWDFoRDFIRVkrTkVIWHBLWGo2d25ieGY1TGtjRkowajVaU0ZYSVdYMnRSNmRqQ1ZMMFFlcHg3aUtZNnhScjhtZ2wrd3Fqa0E5bkRhREpRSXFMZlZNTmE2eVhxTjcwT20ya09zZ2ZISnZRdFhNN1A4d2hKY0QvN3NFN1ZmSWhmZXVNNUV1Q1hIUmVTSTVma28raFRnT1lwSWs5UjZHUVRaY2p5TlhobjJNS00vWFZXbjdSc1hDZHZsNWVSTFFrbmI2N0RwNW9UUVBPeHhGZjhPNHdxcUF3aGNaMTF6ZlVJS0lDeXByNUt6bHdua0E3dU00OHFzNHFIN3RrV3VmTTdDak9LanlLZUpqNHlBZWVWTHJwcTU1RjhKejltY1kwcnU5ZXVXWld1bHI2V2E1eUJjMldkYzZJY1p0cGQ2SzAwSnFrV0NHM3d2bHo0a2ZuU1VsamUrdGZhZS9rb0ZOa3VRS2FtUHlVbitKaEFBZTZKUHNWNG1XeG5rTGdoNkJLTWN1bEQrRWMxeVJTejROTEpkWFI1aVZNVnMzLytma0VnVkdJaFY0TFlpdld4cU5PLzBvWjlleTVqY3pBOTBFYVFlR09TY2ZPbXhIVzRJbjgxdHBEcm1KdkJNdGVkUTNvejA0TGV6c2JZSUJiYjdQeVFPTWJIVS9CR0pSYmluQVd6TFg1S3hjUkhTb1oxOEVBVlI2OFVyQVZyeDQrT0VOTG9QOVA5SWlCVGVTcW1ZRS9qZy9wZUlmYlhNT2ozRmYrK0lDNC9TZFloU1hjd0tVbWd0Q3p0RVB5RlMxUnN0QURNenovd2RH -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * D0KstiOFFM
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Documents\FCcKFEK_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BCbeEEDeb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzk5LVlXWUhUditJNGpvVURxYnJ3YXducXc1Y0R3cGduUWU2R3NTRXN5SXd5ek1vRWhmaEg3d1lXL2V5aU5lTTlEMStQZ3YrSSt1b1g5cWp4cGlTdE56eWZsOXhybU1CZExHaTdoOGxiNG5QUTQrZjc2MDJ4UnF1MkVUazVvaEhma0JoOGsrb2ZBSkhEUk9TZkV2a09lek9La0hPWXI3SUFRdFU0MVdQWlM5dytRbEh1TWd4Uk5lZ2lOOHhVMWtTWDNOczRwWjI3RUJ6T2ZoNUZWRkNxMm50NktCZ09Ec0RQaHNwNXNtY28vUkU4VU9IaWg0ZXFMc1BLWnl2YjYwRjZBV2RSbU9uQ2NsU1U1TlgzelN2TnNmVkZXaVVyc3ZCYnNjd2E3K3FSZEtRTmFXZkJWOURQNEdsUFRML0ZiMVJqcTZrTTdZQUFxVUl3bTA2VkdqMmxtUHZ4TWxyamVjWlFJeXpVSnlQSmNyTWUrcVZCTlhLOHFQb28waCs0eENEempiOVFLMW02QnQ4TGtxRFhIY2Yvdm5FVS9NRTdhVHh5cmJoZWtlb1dTTDc0eVZFWlozbTRSQlA4d0puaGhLd3h1enVTL3BJekNIS25KZkxJWDlib0ZlemlIdUVtaHVzMGxIakg0TStLL2dUdjBhdXZRQmlSemt3QThXc0FWR2cyVCtlejFrcWR2K25UeXkxNFJJU3NiZnNQSmZVK01mbTZBb1oxMGFkdXgxdHlST1pYTzQ1eTVHcitMbkRpdEhWSmw2NkdGWFB3Y3V3dXV2allFblkwbHlIR3Y5dEw1VkdqbUZvcWF5bmt0aGFHRHhRSGxNMDFtVlo4S3JrZ2RWUWh3L0htdDJQM3pQU0JkMm1SbWw2UXlJODVhZHBZNERoYnNiczB2d3dsRm83K2t1TWJlYzI2TXBvT1V6ajI4OGtDNlR3Rlh0QUUzeWI1Z1RLK1docGhrRTFpWXZicng3RVM1Tlp1YWlDVXJ6UnlWWHV4M3dxQlRycCtHZW4rOURIb1JOdVMyM0x5TTJqcEtzWWVRWFVPTTdKRitRQVF2YTJPd29TOHoxcEp2c2VLd2FiaU9TUXpXQkV3V1NNbytMVHlsYy9SUXh3bmF3ZmJqNlE1UmdjakVzSFFjeWRiZENtTzhDcDJLMjNFaDhSUTMvR2VLbm1KZW9LemowYXlDNW5Lc1B0YVFWalQ5aXY3UFVaZ2FOUmdqcGdXdHk1QUlFbzQxOXdMRXM0WmJ0TDJkZ01sV0RrVE84OGNaVXhla2JHWXZKTEh6bUZrd2xwUDFIRlBzdmw2VkFZWUZETll2Y0ZtYlRob3VUTG51bGV6VzVLcmFzeGRwQStXbkFPV1Uya2ZFYmd4QVNoYkxOZkpyWFNhYjhBMjBJa3E2c2FzaXRqWDFoRDFIRVkrTkVIWHBLWGo2d25ieGY1TGtjRkowajVaU0ZYSVdYMnRSNmRqQ1ZMMFFlcHg3aUtZNnhScjhtZ2wrd3Fqa0E5bkRhREpRSXFMZlZNTmE2eVhxTjcwT20ya09zZ2ZISnZRdFhNN1A4d2hKY0QvN3NFN1ZmSWhmZXVNNUV1Q1hIUmVTSTVma28raFRnT1lwSWs5UjZHUVRaY2p5TlhobjJNS00vWFZXbjdSc1hDZHZsNWVSTFFrbmI2N0RwNW9UUVBPeHhGZjhPNHdxcUF3aGNaMTF6ZlVJS0lDeXByNUt6bHdua0E3dU00OHFzNHFIN3RrV3VmTTdDak9LanlLZUpqNHlBZWVWTHJwcTU1RjhKejltY1kwcnU5ZXVXWld1bHI2V2E1eUJjMldkYzZJY1p0cGQ2SzAwSnFrV0NHM3d2bHo0a2ZuU1VsamUrdGZhZS9rb0ZOa3VRS2FtUHlVbitKaEFBZTZKUHNWNG1XeG5rTGdoNkJLTWN1bEQrRWMxeVJTejROTEpkWFI1aVZNVnMzLytma0VnVkdJaFY0TFlpdld4cU5PLzBvWjlleTVqY3pBOTBFYVFlR09TY2ZPbXhIVzRJbjgxdHBEcm1KdkJNdGVkUTNvejA0TGV6c2JZSUJiYjdQeVFPTWJIVS9CR0pSYmluQVd6TFg1S3hjUkhTb1oxOEVBVlI2OFVyQVZyeDQrT0VOTG9QOVA5SWlCVGVTcW1ZRS9qZy9wZUlmYlhNT2ozRmYrK0lDNC9TZFloU1hjd0tVbWd0Q3p0RVB5RlMxUnN0QURNenovd2RH -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * 3cvFEuAZ4z4m4
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Downloads\FCcKFEK_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BCbeEEDeb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzk5LVlXWUhUditJNGpvVURxYnJ3YXducXc1Y0R3cGduUWU2R3NTRXN5SXd5ek1vRWhmaEg3d1lXL2V5aU5lTTlEMStQZ3YrSSt1b1g5cWp4cGlTdE56eWZsOXhybU1CZExHaTdoOGxiNG5QUTQrZjc2MDJ4UnF1MkVUazVvaEhma0JoOGsrb2ZBSkhEUk9TZkV2a09lek9La0hPWXI3SUFRdFU0MVdQWlM5dytRbEh1TWd4Uk5lZ2lOOHhVMWtTWDNOczRwWjI3RUJ6T2ZoNUZWRkNxMm50NktCZ09Ec0RQaHNwNXNtY28vUkU4VU9IaWg0ZXFMc1BLWnl2YjYwRjZBV2RSbU9uQ2NsU1U1TlgzelN2TnNmVkZXaVVyc3ZCYnNjd2E3K3FSZEtRTmFXZkJWOURQNEdsUFRML0ZiMVJqcTZrTTdZQUFxVUl3bTA2VkdqMmxtUHZ4TWxyamVjWlFJeXpVSnlQSmNyTWUrcVZCTlhLOHFQb28waCs0eENEempiOVFLMW02QnQ4TGtxRFhIY2Yvdm5FVS9NRTdhVHh5cmJoZWtlb1dTTDc0eVZFWlozbTRSQlA4d0puaGhLd3h1enVTL3BJekNIS25KZkxJWDlib0ZlemlIdUVtaHVzMGxIakg0TStLL2dUdjBhdXZRQmlSemt3QThXc0FWR2cyVCtlejFrcWR2K25UeXkxNFJJU3NiZnNQSmZVK01mbTZBb1oxMGFkdXgxdHlST1pYTzQ1eTVHcitMbkRpdEhWSmw2NkdGWFB3Y3V3dXV2allFblkwbHlIR3Y5dEw1VkdqbUZvcWF5bmt0aGFHRHhRSGxNMDFtVlo4S3JrZ2RWUWh3L0htdDJQM3pQU0JkMm1SbWw2UXlJODVhZHBZNERoYnNiczB2d3dsRm83K2t1TWJlYzI2TXBvT1V6ajI4OGtDNlR3Rlh0QUUzeWI1Z1RLK1docGhrRTFpWXZicng3RVM1Tlp1YWlDVXJ6UnlWWHV4M3dxQlRycCtHZW4rOURIb1JOdVMyM0x5TTJqcEtzWWVRWFVPTTdKRitRQVF2YTJPd29TOHoxcEp2c2VLd2FiaU9TUXpXQkV3V1NNbytMVHlsYy9SUXh3bmF3ZmJqNlE1UmdjakVzSFFjeWRiZENtTzhDcDJLMjNFaDhSUTMvR2VLbm1KZW9LemowYXlDNW5Lc1B0YVFWalQ5aXY3UFVaZ2FOUmdqcGdXdHk1QUlFbzQxOXdMRXM0WmJ0TDJkZ01sV0RrVE84OGNaVXhla2JHWXZKTEh6bUZrd2xwUDFIRlBzdmw2VkFZWUZETll2Y0ZtYlRob3VUTG51bGV6VzVLcmFzeGRwQStXbkFPV1Uya2ZFYmd4QVNoYkxOZkpyWFNhYjhBMjBJa3E2c2FzaXRqWDFoRDFIRVkrTkVIWHBLWGo2d25ieGY1TGtjRkowajVaU0ZYSVdYMnRSNmRqQ1ZMMFFlcHg3aUtZNnhScjhtZ2wrd3Fqa0E5bkRhREpRSXFMZlZNTmE2eVhxTjcwT20ya09zZ2ZISnZRdFhNN1A4d2hKY0QvN3NFN1ZmSWhmZXVNNUV1Q1hIUmVTSTVma28raFRnT1lwSWs5UjZHUVRaY2p5TlhobjJNS00vWFZXbjdSc1hDZHZsNWVSTFFrbmI2N0RwNW9UUVBPeHhGZjhPNHdxcUF3aGNaMTF6ZlVJS0lDeXByNUt6bHdua0E3dU00OHFzNHFIN3RrV3VmTTdDak9LanlLZUpqNHlBZWVWTHJwcTU1RjhKejltY1kwcnU5ZXVXWld1bHI2V2E1eUJjMldkYzZJY1p0cGQ2SzAwSnFrV0NHM3d2bHo0a2ZuU1VsamUrdGZhZS9rb0ZOa3VRS2FtUHlVbitKaEFBZTZKUHNWNG1XeG5rTGdoNkJLTWN1bEQrRWMxeVJTejROTEpkWFI1aVZNVnMzLytma0VnVkdJaFY0TFlpdld4cU5PLzBvWjlleTVqY3pBOTBFYVFlR09TY2ZPbXhIVzRJbjgxdHBEcm1KdkJNdGVkUTNvejA0TGV6c2JZSUJiYjdQeVFPTWJIVS9CR0pSYmluQVd6TFg1S3hjUkhTb1oxOEVBVlI2OFVyQVZyeDQrT0VOTG9QOVA5SWlCVGVTcW1ZRS9qZy9wZUlmYlhNT2ozRmYrK0lDNC9TZFloU1hjd0tVbWd0Q3p0RVB5RlMxUnN0QURNenovd2RH -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * QE2b27xMubmrweOO
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Downloads\FCcKFEK_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BCbeEEDeb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzk5LVlXWUhUditJNGpvVURxYnJ3YXducXc1Y0R3cGduUWU2R3NTRXN5SXd5ek1vRWhmaEg3d1lXL2V5aU5lTTlEMStQZ3YrSSt1b1g5cWp4cGlTdE56eWZsOXhybU1CZExHaTdoOGxiNG5QUTQrZjc2MDJ4UnF1MkVUazVvaEhma0JoOGsrb2ZBSkhEUk9TZkV2a09lek9La0hPWXI3SUFRdFU0MVdQWlM5dytRbEh1TWd4Uk5lZ2lOOHhVMWtTWDNOczRwWjI3RUJ6T2ZoNUZWRkNxMm50NktCZ09Ec0RQaHNwNXNtY28vUkU4VU9IaWg0ZXFMc1BLWnl2YjYwRjZBV2RSbU9uQ2NsU1U1TlgzelN2TnNmVkZXaVVyc3ZCYnNjd2E3K3FSZEtRTmFXZkJWOURQNEdsUFRML0ZiMVJqcTZrTTdZQUFxVUl3bTA2VkdqMmxtUHZ4TWxyamVjWlFJeXpVSnlQSmNyTWUrcVZCTlhLOHFQb28waCs0eENEempiOVFLMW02QnQ4TGtxRFhIY2Yvdm5FVS9NRTdhVHh5cmJoZWtlb1dTTDc0eVZFWlozbTRSQlA4d0puaGhLd3h1enVTL3BJekNIS25KZkxJWDlib0ZlemlIdUVtaHVzMGxIakg0TStLL2dUdjBhdXZRQmlSemt3QThXc0FWR2cyVCtlejFrcWR2K25UeXkxNFJJU3NiZnNQSmZVK01mbTZBb1oxMGFkdXgxdHlST1pYTzQ1eTVHcitMbkRpdEhWSmw2NkdGWFB3Y3V3dXV2allFblkwbHlIR3Y5dEw1VkdqbUZvcWF5bmt0aGFHRHhRSGxNMDFtVlo4S3JrZ2RWUWh3L0htdDJQM3pQU0JkMm1SbWw2UXlJODVhZHBZNERoYnNiczB2d3dsRm83K2t1TWJlYzI2TXBvT1V6ajI4OGtDNlR3Rlh0QUUzeWI1Z1RLK1docGhrRTFpWXZicng3RVM1Tlp1YWlDVXJ6UnlWWHV4M3dxQlRycCtHZW4rOURIb1JOdVMyM0x5TTJqcEtzWWVRWFVPTTdKRitRQVF2YTJPd29TOHoxcEp2c2VLd2FiaU9TUXpXQkV3V1NNbytMVHlsYy9SUXh3bmF3ZmJqNlE1UmdjakVzSFFjeWRiZENtTzhDcDJLMjNFaDhSUTMvR2VLbm1KZW9LemowYXlDNW5Lc1B0YVFWalQ5aXY3UFVaZ2FOUmdqcGdXdHk1QUlFbzQxOXdMRXM0WmJ0TDJkZ01sV0RrVE84OGNaVXhla2JHWXZKTEh6bUZrd2xwUDFIRlBzdmw2VkFZWUZETll2Y0ZtYlRob3VUTG51bGV6VzVLcmFzeGRwQStXbkFPV1Uya2ZFYmd4QVNoYkxOZkpyWFNhYjhBMjBJa3E2c2FzaXRqWDFoRDFIRVkrTkVIWHBLWGo2d25ieGY1TGtjRkowajVaU0ZYSVdYMnRSNmRqQ1ZMMFFlcHg3aUtZNnhScjhtZ2wrd3Fqa0E5bkRhREpRSXFMZlZNTmE2eVhxTjcwT20ya09zZ2ZISnZRdFhNN1A4d2hKY0QvN3NFN1ZmSWhmZXVNNUV1Q1hIUmVTSTVma28raFRnT1lwSWs5UjZHUVRaY2p5TlhobjJNS00vWFZXbjdSc1hDZHZsNWVSTFFrbmI2N0RwNW9UUVBPeHhGZjhPNHdxcUF3aGNaMTF6ZlVJS0lDeXByNUt6bHdua0E3dU00OHFzNHFIN3RrV3VmTTdDak9LanlLZUpqNHlBZWVWTHJwcTU1RjhKejltY1kwcnU5ZXVXWld1bHI2V2E1eUJjMldkYzZJY1p0cGQ2SzAwSnFrV0NHM3d2bHo0a2ZuU1VsamUrdGZhZS9rb0ZOa3VRS2FtUHlVbitKaEFBZTZKUHNWNG1XeG5rTGdoNkJLTWN1bEQrRWMxeVJTejROTEpkWFI1aVZNVnMzLytma0VnVkdJaFY0TFlpdld4cU5PLzBvWjlleTVqY3pBOTBFYVFlR09TY2ZPbXhIVzRJbjgxdHBEcm1KdkJNdGVkUTNvejA0TGV6c2JZSUJiYjdQeVFPTWJIVS9CR0pSYmluQVd6TFg1S3hjUkhTb1oxOEVBVlI2OFVyQVZyeDQrT0VOTG9QOVA5SWlCVGVTcW1ZRS9qZy9wZUlmYlhNT2ozRmYrK0lDNC9TZFloU1hjd0tVbWd0Q3p0RVB5RlMxUnN0QURNenovd2RH -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * mNeyNJkgkDUQJa2QaWqi
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Favorites\MSN Websites\FCcKFEK_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BCbeEEDeb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzk5LVlXWUhUditJNGpvVURxYnJ3YXducXc1Y0R3cGduUWU2R3NTRXN5SXd5ek1vRWhmaEg3d1lXL2V5aU5lTTlEMStQZ3YrSSt1b1g5cWp4cGlTdE56eWZsOXhybU1CZExHaTdoOGxiNG5QUTQrZjc2MDJ4UnF1MkVUazVvaEhma0JoOGsrb2ZBSkhEUk9TZkV2a09lek9La0hPWXI3SUFRdFU0MVdQWlM5dytRbEh1TWd4Uk5lZ2lOOHhVMWtTWDNOczRwWjI3RUJ6T2ZoNUZWRkNxMm50NktCZ09Ec0RQaHNwNXNtY28vUkU4VU9IaWg0ZXFMc1BLWnl2YjYwRjZBV2RSbU9uQ2NsU1U1TlgzelN2TnNmVkZXaVVyc3ZCYnNjd2E3K3FSZEtRTmFXZkJWOURQNEdsUFRML0ZiMVJqcTZrTTdZQUFxVUl3bTA2VkdqMmxtUHZ4TWxyamVjWlFJeXpVSnlQSmNyTWUrcVZCTlhLOHFQb28waCs0eENEempiOVFLMW02QnQ4TGtxRFhIY2Yvdm5FVS9NRTdhVHh5cmJoZWtlb1dTTDc0eVZFWlozbTRSQlA4d0puaGhLd3h1enVTL3BJekNIS25KZkxJWDlib0ZlemlIdUVtaHVzMGxIakg0TStLL2dUdjBhdXZRQmlSemt3QThXc0FWR2cyVCtlejFrcWR2K25UeXkxNFJJU3NiZnNQSmZVK01mbTZBb1oxMGFkdXgxdHlST1pYTzQ1eTVHcitMbkRpdEhWSmw2NkdGWFB3Y3V3dXV2allFblkwbHlIR3Y5dEw1VkdqbUZvcWF5bmt0aGFHRHhRSGxNMDFtVlo4S3JrZ2RWUWh3L0htdDJQM3pQU0JkMm1SbWw2UXlJODVhZHBZNERoYnNiczB2d3dsRm83K2t1TWJlYzI2TXBvT1V6ajI4OGtDNlR3Rlh0QUUzeWI1Z1RLK1docGhrRTFpWXZicng3RVM1Tlp1YWlDVXJ6UnlWWHV4M3dxQlRycCtHZW4rOURIb1JOdVMyM0x5TTJqcEtzWWVRWFVPTTdKRitRQVF2YTJPd29TOHoxcEp2c2VLd2FiaU9TUXpXQkV3V1NNbytMVHlsYy9SUXh3bmF3ZmJqNlE1UmdjakVzSFFjeWRiZENtTzhDcDJLMjNFaDhSUTMvR2VLbm1KZW9LemowYXlDNW5Lc1B0YVFWalQ5aXY3UFVaZ2FOUmdqcGdXdHk1QUlFbzQxOXdMRXM0WmJ0TDJkZ01sV0RrVE84OGNaVXhla2JHWXZKTEh6bUZrd2xwUDFIRlBzdmw2VkFZWUZETll2Y0ZtYlRob3VUTG51bGV6VzVLcmFzeGRwQStXbkFPV1Uya2ZFYmd4QVNoYkxOZkpyWFNhYjhBMjBJa3E2c2FzaXRqWDFoRDFIRVkrTkVIWHBLWGo2d25ieGY1TGtjRkowajVaU0ZYSVdYMnRSNmRqQ1ZMMFFlcHg3aUtZNnhScjhtZ2wrd3Fqa0E5bkRhREpRSXFMZlZNTmE2eVhxTjcwT20ya09zZ2ZISnZRdFhNN1A4d2hKY0QvN3NFN1ZmSWhmZXVNNUV1Q1hIUmVTSTVma28raFRnT1lwSWs5UjZHUVRaY2p5TlhobjJNS00vWFZXbjdSc1hDZHZsNWVSTFFrbmI2N0RwNW9UUVBPeHhGZjhPNHdxcUF3aGNaMTF6ZlVJS0lDeXByNUt6bHdua0E3dU00OHFzNHFIN3RrV3VmTTdDak9LanlLZUpqNHlBZWVWTHJwcTU1RjhKejltY1kwcnU5ZXVXWld1bHI2V2E1eUJjMldkYzZJY1p0cGQ2SzAwSnFrV0NHM3d2bHo0a2ZuU1VsamUrdGZhZS9rb0ZOa3VRS2FtUHlVbitKaEFBZTZKUHNWNG1XeG5rTGdoNkJLTWN1bEQrRWMxeVJTejROTEpkWFI1aVZNVnMzLytma0VnVkdJaFY0TFlpdld4cU5PLzBvWjlleTVqY3pBOTBFYVFlR09TY2ZPbXhIVzRJbjgxdHBEcm1KdkJNdGVkUTNvejA0TGV6c2JZSUJiYjdQeVFPTWJIVS9CR0pSYmluQVd6TFg1S3hjUkhTb1oxOEVBVlI2OFVyQVZyeDQrT0VOTG9QOVA5SWlCVGVTcW1ZRS9qZy9wZUlmYlhNT2ozRmYrK0lDNC9TZFloU1hjd0tVbWd0Q3p0RVB5RlMxUnN0QURNenovd2RH -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * czFoiWXU6pCzB0ASG2kqy8X
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Pictures\FCcKFEK_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BCbeEEDeb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzk5LVlXWUhUditJNGpvVURxYnJ3YXducXc1Y0R3cGduUWU2R3NTRXN5SXd5ek1vRWhmaEg3d1lXL2V5aU5lTTlEMStQZ3YrSSt1b1g5cWp4cGlTdE56eWZsOXhybU1CZExHaTdoOGxiNG5QUTQrZjc2MDJ4UnF1MkVUazVvaEhma0JoOGsrb2ZBSkhEUk9TZkV2a09lek9La0hPWXI3SUFRdFU0MVdQWlM5dytRbEh1TWd4Uk5lZ2lOOHhVMWtTWDNOczRwWjI3RUJ6T2ZoNUZWRkNxMm50NktCZ09Ec0RQaHNwNXNtY28vUkU4VU9IaWg0ZXFMc1BLWnl2YjYwRjZBV2RSbU9uQ2NsU1U1TlgzelN2TnNmVkZXaVVyc3ZCYnNjd2E3K3FSZEtRTmFXZkJWOURQNEdsUFRML0ZiMVJqcTZrTTdZQUFxVUl3bTA2VkdqMmxtUHZ4TWxyamVjWlFJeXpVSnlQSmNyTWUrcVZCTlhLOHFQb28waCs0eENEempiOVFLMW02QnQ4TGtxRFhIY2Yvdm5FVS9NRTdhVHh5cmJoZWtlb1dTTDc0eVZFWlozbTRSQlA4d0puaGhLd3h1enVTL3BJekNIS25KZkxJWDlib0ZlemlIdUVtaHVzMGxIakg0TStLL2dUdjBhdXZRQmlSemt3QThXc0FWR2cyVCtlejFrcWR2K25UeXkxNFJJU3NiZnNQSmZVK01mbTZBb1oxMGFkdXgxdHlST1pYTzQ1eTVHcitMbkRpdEhWSmw2NkdGWFB3Y3V3dXV2allFblkwbHlIR3Y5dEw1VkdqbUZvcWF5bmt0aGFHRHhRSGxNMDFtVlo4S3JrZ2RWUWh3L0htdDJQM3pQU0JkMm1SbWw2UXlJODVhZHBZNERoYnNiczB2d3dsRm83K2t1TWJlYzI2TXBvT1V6ajI4OGtDNlR3Rlh0QUUzeWI1Z1RLK1docGhrRTFpWXZicng3RVM1Tlp1YWlDVXJ6UnlWWHV4M3dxQlRycCtHZW4rOURIb1JOdVMyM0x5TTJqcEtzWWVRWFVPTTdKRitRQVF2YTJPd29TOHoxcEp2c2VLd2FiaU9TUXpXQkV3V1NNbytMVHlsYy9SUXh3bmF3ZmJqNlE1UmdjakVzSFFjeWRiZENtTzhDcDJLMjNFaDhSUTMvR2VLbm1KZW9LemowYXlDNW5Lc1B0YVFWalQ5aXY3UFVaZ2FOUmdqcGdXdHk1QUlFbzQxOXdMRXM0WmJ0TDJkZ01sV0RrVE84OGNaVXhla2JHWXZKTEh6bUZrd2xwUDFIRlBzdmw2VkFZWUZETll2Y0ZtYlRob3VUTG51bGV6VzVLcmFzeGRwQStXbkFPV1Uya2ZFYmd4QVNoYkxOZkpyWFNhYjhBMjBJa3E2c2FzaXRqWDFoRDFIRVkrTkVIWHBLWGo2d25ieGY1TGtjRkowajVaU0ZYSVdYMnRSNmRqQ1ZMMFFlcHg3aUtZNnhScjhtZ2wrd3Fqa0E5bkRhREpRSXFMZlZNTmE2eVhxTjcwT20ya09zZ2ZISnZRdFhNN1A4d2hKY0QvN3NFN1ZmSWhmZXVNNUV1Q1hIUmVTSTVma28raFRnT1lwSWs5UjZHUVRaY2p5TlhobjJNS00vWFZXbjdSc1hDZHZsNWVSTFFrbmI2N0RwNW9UUVBPeHhGZjhPNHdxcUF3aGNaMTF6ZlVJS0lDeXByNUt6bHdua0E3dU00OHFzNHFIN3RrV3VmTTdDak9LanlLZUpqNHlBZWVWTHJwcTU1RjhKejltY1kwcnU5ZXVXWld1bHI2V2E1eUJjMldkYzZJY1p0cGQ2SzAwSnFrV0NHM3d2bHo0a2ZuU1VsamUrdGZhZS9rb0ZOa3VRS2FtUHlVbitKaEFBZTZKUHNWNG1XeG5rTGdoNkJLTWN1bEQrRWMxeVJTejROTEpkWFI1aVZNVnMzLytma0VnVkdJaFY0TFlpdld4cU5PLzBvWjlleTVqY3pBOTBFYVFlR09TY2ZPbXhIVzRJbjgxdHBEcm1KdkJNdGVkUTNvejA0TGV6c2JZSUJiYjdQeVFPTWJIVS9CR0pSYmluQVd6TFg1S3hjUkhTb1oxOEVBVlI2OFVyQVZyeDQrT0VOTG9QOVA5SWlCVGVTcW1ZRS9qZy9wZUlmYlhNT2ozRmYrK0lDNC9TZFloU1hjd0tVbWd0Q3p0RVB5RlMxUnN0QURNenovd2RH -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * z7qB3CJnwRu3XQIURZfx9I9IMq
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Pictures\FCcKFEK_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BCbeEEDeb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzk5LVlXWUhUditJNGpvVURxYnJ3YXducXc1Y0R3cGduUWU2R3NTRXN5SXd5ek1vRWhmaEg3d1lXL2V5aU5lTTlEMStQZ3YrSSt1b1g5cWp4cGlTdE56eWZsOXhybU1CZExHaTdoOGxiNG5QUTQrZjc2MDJ4UnF1MkVUazVvaEhma0JoOGsrb2ZBSkhEUk9TZkV2a09lek9La0hPWXI3SUFRdFU0MVdQWlM5dytRbEh1TWd4Uk5lZ2lOOHhVMWtTWDNOczRwWjI3RUJ6T2ZoNUZWRkNxMm50NktCZ09Ec0RQaHNwNXNtY28vUkU4VU9IaWg0ZXFMc1BLWnl2YjYwRjZBV2RSbU9uQ2NsU1U1TlgzelN2TnNmVkZXaVVyc3ZCYnNjd2E3K3FSZEtRTmFXZkJWOURQNEdsUFRML0ZiMVJqcTZrTTdZQUFxVUl3bTA2VkdqMmxtUHZ4TWxyamVjWlFJeXpVSnlQSmNyTWUrcVZCTlhLOHFQb28waCs0eENEempiOVFLMW02QnQ4TGtxRFhIY2Yvdm5FVS9NRTdhVHh5cmJoZWtlb1dTTDc0eVZFWlozbTRSQlA4d0puaGhLd3h1enVTL3BJekNIS25KZkxJWDlib0ZlemlIdUVtaHVzMGxIakg0TStLL2dUdjBhdXZRQmlSemt3QThXc0FWR2cyVCtlejFrcWR2K25UeXkxNFJJU3NiZnNQSmZVK01mbTZBb1oxMGFkdXgxdHlST1pYTzQ1eTVHcitMbkRpdEhWSmw2NkdGWFB3Y3V3dXV2allFblkwbHlIR3Y5dEw1VkdqbUZvcWF5bmt0aGFHRHhRSGxNMDFtVlo4S3JrZ2RWUWh3L0htdDJQM3pQU0JkMm1SbWw2UXlJODVhZHBZNERoYnNiczB2d3dsRm83K2t1TWJlYzI2TXBvT1V6ajI4OGtDNlR3Rlh0QUUzeWI1Z1RLK1docGhrRTFpWXZicng3RVM1Tlp1YWlDVXJ6UnlWWHV4M3dxQlRycCtHZW4rOURIb1JOdVMyM0x5TTJqcEtzWWVRWFVPTTdKRitRQVF2YTJPd29TOHoxcEp2c2VLd2FiaU9TUXpXQkV3V1NNbytMVHlsYy9SUXh3bmF3ZmJqNlE1UmdjakVzSFFjeWRiZENtTzhDcDJLMjNFaDhSUTMvR2VLbm1KZW9LemowYXlDNW5Lc1B0YVFWalQ5aXY3UFVaZ2FOUmdqcGdXdHk1QUlFbzQxOXdMRXM0WmJ0TDJkZ01sV0RrVE84OGNaVXhla2JHWXZKTEh6bUZrd2xwUDFIRlBzdmw2VkFZWUZETll2Y0ZtYlRob3VUTG51bGV6VzVLcmFzeGRwQStXbkFPV1Uya2ZFYmd4QVNoYkxOZkpyWFNhYjhBMjBJa3E2c2FzaXRqWDFoRDFIRVkrTkVIWHBLWGo2d25ieGY1TGtjRkowajVaU0ZYSVdYMnRSNmRqQ1ZMMFFlcHg3aUtZNnhScjhtZ2wrd3Fqa0E5bkRhREpRSXFMZlZNTmE2eVhxTjcwT20ya09zZ2ZISnZRdFhNN1A4d2hKY0QvN3NFN1ZmSWhmZXVNNUV1Q1hIUmVTSTVma28raFRnT1lwSWs5UjZHUVRaY2p5TlhobjJNS00vWFZXbjdSc1hDZHZsNWVSTFFrbmI2N0RwNW9UUVBPeHhGZjhPNHdxcUF3aGNaMTF6ZlVJS0lDeXByNUt6bHdua0E3dU00OHFzNHFIN3RrV3VmTTdDak9LanlLZUpqNHlBZWVWTHJwcTU1RjhKejltY1kwcnU5ZXVXWld1bHI2V2E1eUJjMldkYzZJY1p0cGQ2SzAwSnFrV0NHM3d2bHo0a2ZuU1VsamUrdGZhZS9rb0ZOa3VRS2FtUHlVbitKaEFBZTZKUHNWNG1XeG5rTGdoNkJLTWN1bEQrRWMxeVJTejROTEpkWFI1aVZNVnMzLytma0VnVkdJaFY0TFlpdld4cU5PLzBvWjlleTVqY3pBOTBFYVFlR09TY2ZPbXhIVzRJbjgxdHBEcm1KdkJNdGVkUTNvejA0TGV6c2JZSUJiYjdQeVFPTWJIVS9CR0pSYmluQVd6TFg1S3hjUkhTb1oxOEVBVlI2OFVyQVZyeDQrT0VOTG9QOVA5SWlCVGVTcW1ZRS9qZy9wZUlmYlhNT2ozRmYrK0lDNC9TZFloU1hjd0tVbWd0Q3p0RVB5RlMxUnN0QURNenovd2RH -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * LjyXNO6bm3ccQMw2666ZqxIJD0E0x
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Default\FCcKFEK_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BCbeEEDeb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzk5LVlXWUhUditJNGpvVURxYnJ3YXducXc1Y0R3cGduUWU2R3NTRXN5SXd5ek1vRWhmaEg3d1lXL2V5aU5lTTlEMStQZ3YrSSt1b1g5cWp4cGlTdE56eWZsOXhybU1CZExHaTdoOGxiNG5QUTQrZjc2MDJ4UnF1MkVUazVvaEhma0JoOGsrb2ZBSkhEUk9TZkV2a09lek9La0hPWXI3SUFRdFU0MVdQWlM5dytRbEh1TWd4Uk5lZ2lOOHhVMWtTWDNOczRwWjI3RUJ6T2ZoNUZWRkNxMm50NktCZ09Ec0RQaHNwNXNtY28vUkU4VU9IaWg0ZXFMc1BLWnl2YjYwRjZBV2RSbU9uQ2NsU1U1TlgzelN2TnNmVkZXaVVyc3ZCYnNjd2E3K3FSZEtRTmFXZkJWOURQNEdsUFRML0ZiMVJqcTZrTTdZQUFxVUl3bTA2VkdqMmxtUHZ4TWxyamVjWlFJeXpVSnlQSmNyTWUrcVZCTlhLOHFQb28waCs0eENEempiOVFLMW02QnQ4TGtxRFhIY2Yvdm5FVS9NRTdhVHh5cmJoZWtlb1dTTDc0eVZFWlozbTRSQlA4d0puaGhLd3h1enVTL3BJekNIS25KZkxJWDlib0ZlemlIdUVtaHVzMGxIakg0TStLL2dUdjBhdXZRQmlSemt3QThXc0FWR2cyVCtlejFrcWR2K25UeXkxNFJJU3NiZnNQSmZVK01mbTZBb1oxMGFkdXgxdHlST1pYTzQ1eTVHcitMbkRpdEhWSmw2NkdGWFB3Y3V3dXV2allFblkwbHlIR3Y5dEw1VkdqbUZvcWF5bmt0aGFHRHhRSGxNMDFtVlo4S3JrZ2RWUWh3L0htdDJQM3pQU0JkMm1SbWw2UXlJODVhZHBZNERoYnNiczB2d3dsRm83K2t1TWJlYzI2TXBvT1V6ajI4OGtDNlR3Rlh0QUUzeWI1Z1RLK1docGhrRTFpWXZicng3RVM1Tlp1YWlDVXJ6UnlWWHV4M3dxQlRycCtHZW4rOURIb1JOdVMyM0x5TTJqcEtzWWVRWFVPTTdKRitRQVF2YTJPd29TOHoxcEp2c2VLd2FiaU9TUXpXQkV3V1NNbytMVHlsYy9SUXh3bmF3ZmJqNlE1UmdjakVzSFFjeWRiZENtTzhDcDJLMjNFaDhSUTMvR2VLbm1KZW9LemowYXlDNW5Lc1B0YVFWalQ5aXY3UFVaZ2FOUmdqcGdXdHk1QUlFbzQxOXdMRXM0WmJ0TDJkZ01sV0RrVE84OGNaVXhla2JHWXZKTEh6bUZrd2xwUDFIRlBzdmw2VkFZWUZETll2Y0ZtYlRob3VUTG51bGV6VzVLcmFzeGRwQStXbkFPV1Uya2ZFYmd4QVNoYkxOZkpyWFNhYjhBMjBJa3E2c2FzaXRqWDFoRDFIRVkrTkVIWHBLWGo2d25ieGY1TGtjRkowajVaU0ZYSVdYMnRSNmRqQ1ZMMFFlcHg3aUtZNnhScjhtZ2wrd3Fqa0E5bkRhREpRSXFMZlZNTmE2eVhxTjcwT20ya09zZ2ZISnZRdFhNN1A4d2hKY0QvN3NFN1ZmSWhmZXVNNUV1Q1hIUmVTSTVma28raFRnT1lwSWs5UjZHUVRaY2p5TlhobjJNS00vWFZXbjdSc1hDZHZsNWVSTFFrbmI2N0RwNW9UUVBPeHhGZjhPNHdxcUF3aGNaMTF6ZlVJS0lDeXByNUt6bHdua0E3dU00OHFzNHFIN3RrV3VmTTdDak9LanlLZUpqNHlBZWVWTHJwcTU1RjhKejltY1kwcnU5ZXVXWld1bHI2V2E1eUJjMldkYzZJY1p0cGQ2SzAwSnFrV0NHM3d2bHo0a2ZuU1VsamUrdGZhZS9rb0ZOa3VRS2FtUHlVbitKaEFBZTZKUHNWNG1XeG5rTGdoNkJLTWN1bEQrRWMxeVJTejROTEpkWFI1aVZNVnMzLytma0VnVkdJaFY0TFlpdld4cU5PLzBvWjlleTVqY3pBOTBFYVFlR09TY2ZPbXhIVzRJbjgxdHBEcm1KdkJNdGVkUTNvejA0TGV6c2JZSUJiYjdQeVFPTWJIVS9CR0pSYmluQVd6TFg1S3hjUkhTb1oxOEVBVlI2OFVyQVZyeDQrT0VOTG9QOVA5SWlCVGVTcW1ZRS9qZy9wZUlmYlhNT2ozRmYrK0lDNC9TZFloU1hjd0tVbWd0Q3p0RVB5RlMxUnN0QURNenovd2RH -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * C
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Public\Pictures\Sample Pictures\FCcKFEK_readme.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .BCbeEEDeb You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzk5LVlXWUhUditJNGpvVURxYnJ3YXducXc1Y0R3cGduUWU2R3NTRXN5SXd5ek1vRWhmaEg3d1lXL2V5aU5lTTlEMStQZ3YrSSt1b1g5cWp4cGlTdE56eWZsOXhybU1CZExHaTdoOGxiNG5QUTQrZjc2MDJ4UnF1MkVUazVvaEhma0JoOGsrb2ZBSkhEUk9TZkV2a09lek9La0hPWXI3SUFRdFU0MVdQWlM5dytRbEh1TWd4Uk5lZ2lOOHhVMWtTWDNOczRwWjI3RUJ6T2ZoNUZWRkNxMm50NktCZ09Ec0RQaHNwNXNtY28vUkU4VU9IaWg0ZXFMc1BLWnl2YjYwRjZBV2RSbU9uQ2NsU1U1TlgzelN2TnNmVkZXaVVyc3ZCYnNjd2E3K3FSZEtRTmFXZkJWOURQNEdsUFRML0ZiMVJqcTZrTTdZQUFxVUl3bTA2VkdqMmxtUHZ4TWxyamVjWlFJeXpVSnlQSmNyTWUrcVZCTlhLOHFQb28waCs0eENEempiOVFLMW02QnQ4TGtxRFhIY2Yvdm5FVS9NRTdhVHh5cmJoZWtlb1dTTDc0eVZFWlozbTRSQlA4d0puaGhLd3h1enVTL3BJekNIS25KZkxJWDlib0ZlemlIdUVtaHVzMGxIakg0TStLL2dUdjBhdXZRQmlSemt3QThXc0FWR2cyVCtlejFrcWR2K25UeXkxNFJJU3NiZnNQSmZVK01mbTZBb1oxMGFkdXgxdHlST1pYTzQ1eTVHcitMbkRpdEhWSmw2NkdGWFB3Y3V3dXV2allFblkwbHlIR3Y5dEw1VkdqbUZvcWF5bmt0aGFHRHhRSGxNMDFtVlo4S3JrZ2RWUWh3L0htdDJQM3pQU0JkMm1SbWw2UXlJODVhZHBZNERoYnNiczB2d3dsRm83K2t1TWJlYzI2TXBvT1V6ajI4OGtDNlR3Rlh0QUUzeWI1Z1RLK1docGhrRTFpWXZicng3RVM1Tlp1YWlDVXJ6UnlWWHV4M3dxQlRycCtHZW4rOURIb1JOdVMyM0x5TTJqcEtzWWVRWFVPTTdKRitRQVF2YTJPd29TOHoxcEp2c2VLd2FiaU9TUXpXQkV3V1NNbytMVHlsYy9SUXh3bmF3ZmJqNlE1UmdjakVzSFFjeWRiZENtTzhDcDJLMjNFaDhSUTMvR2VLbm1KZW9LemowYXlDNW5Lc1B0YVFWalQ5aXY3UFVaZ2FOUmdqcGdXdHk1QUlFbzQxOXdMRXM0WmJ0TDJkZ01sV0RrVE84OGNaVXhla2JHWXZKTEh6bUZrd2xwUDFIRlBzdmw2VkFZWUZETll2Y0ZtYlRob3VUTG51bGV6VzVLcmFzeGRwQStXbkFPV1Uya2ZFYmd4QVNoYkxOZkpyWFNhYjhBMjBJa3E2c2FzaXRqWDFoRDFIRVkrTkVIWHBLWGo2d25ieGY1TGtjRkowajVaU0ZYSVdYMnRSNmRqQ1ZMMFFlcHg3aUtZNnhScjhtZ2wrd3Fqa0E5bkRhREpRSXFMZlZNTmE2eVhxTjcwT20ya09zZ2ZISnZRdFhNN1A4d2hKY0QvN3NFN1ZmSWhmZXVNNUV1Q1hIUmVTSTVma28raFRnT1lwSWs5UjZHUVRaY2p5TlhobjJNS00vWFZXbjdSc1hDZHZsNWVSTFFrbmI2N0RwNW9UUVBPeHhGZjhPNHdxcUF3aGNaMTF6ZlVJS0lDeXByNUt6bHdua0E3dU00OHFzNHFIN3RrV3VmTTdDak9LanlLZUpqNHlBZWVWTHJwcTU1RjhKejltY1kwcnU5ZXVXWld1bHI2V2E1eUJjMldkYzZJY1p0cGQ2SzAwSnFrV0NHM3d2bHo0a2ZuU1VsamUrdGZhZS9rb0ZOa3VRS2FtUHlVbitKaEFBZTZKUHNWNG1XeG5rTGdoNkJLTWN1bEQrRWMxeVJTejROTEpkWFI1aVZNVnMzLytma0VnVkdJaFY0TFlpdld4cU5PLzBvWjlleTVqY3pBOTBFYVFlR09TY2ZPbXhIVzRJbjgxdHBEcm1KdkJNdGVkUTNvejA0TGV6c2JZSUJiYjdQeVFPTWJIVS9CR0pSYmluQVd6TFg1S3hjUkhTb1oxOEVBVlI2OFVyQVZyeDQrT0VOTG9QOVA5SWlCVGVTcW1ZRS9qZy9wZUlmYlhNT2ozRmYrK0lDNC9TZFloU1hjd0tVbWd0Q3p0RVB5RlMxUnN0QURNenovd2RH -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * YTAl
URLs

http://avaddonbotrxmuyl.onion

Signatures

  • Avaddon

    Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.

    ransomwareavaddon
  • Avaddon payload 17 IoCs
  • UAC bypass 3 TTPs 2 IoCs
    evasiontrojan
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Renames multiple (192) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Interacts with shadow copies 2 TTPs 3 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 63 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • System policy modification 1 TTPs 3 IoCs
    evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\e24f69aa8738d14b85ad76a1783d51120b8b6ba467190fe7d8f96ad2969c8fdf.exe
    "C:\Users\Admin\AppData\Local\Temp\e24f69aa8738d14b85ad76a1783d51120b8b6ba467190fe7d8f96ad2969c8fdf.exe"
    1⤵
    • UAC bypass
    • Checks whether UAC is enabled
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2680
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1540
    • C:\Windows\SysWOW64\vssadmin.exe
      vssadmin.exe Delete Shadows /All /Quiet
      2⤵
      • Interacts with shadow copies
      PID:556
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2796
    • C:\Windows\SysWOW64\vssadmin.exe
      vssadmin.exe Delete Shadows /All /Quiet
      2⤵
      • Interacts with shadow copies
      PID:1204
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2140
    • C:\Windows\SysWOW64\vssadmin.exe
      vssadmin.exe Delete Shadows /All /Quiet
      2⤵
      • Interacts with shadow copies
      PID:2244
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1508

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          67KB

          MD5

          753df6889fd7410a2e9fe333da83a429

          SHA1

          3c425f16e8267186061dd48ac1c77c122962456e

          SHA256

          b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

          SHA512

          9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab16DD.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar1DD6.tmp
          Filesize

          175KB

          MD5

          dd73cead4b93366cf3465c8cd32e2796

          SHA1

          74546226dfe9ceb8184651e920d1dbfb432b314e

          SHA256

          a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

          SHA512

          ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

          Download Submit

        • C:\Users\Admin\Desktop\FCcKFEK_readme.txt
          Filesize

          3KB

          MD5

          52eb08de80957c67b8e1bcc9d5f9cfcb

          SHA1

          6820f0a884c9b9c8db7efb471effa564abc05ed9

          SHA256

          7abe6100d18b57c5572e52736b53b08ffdb5e691a3afe024b847bae6f928bffb

          SHA512

          5dfb3c6e28d2e83a8d02ee6d5ec7b0207f15e5bc3cad170ecca52627fe09daeb37b076125d37e7ff99b0f7f648b5f15c618346e2239bb21d06bb46af2b718f4c

          Download Submit

        • C:\Users\Admin\Documents\FCcKFEK_readme.txt
          Filesize

          3KB

          MD5

          7d0d611afe349b7974a9c88325614e2a

          SHA1

          eccc87cbd6300a8bf08ceeef83df1ad4f22fe939

          SHA256

          1f2ae8e1e374247f11a22fb45a9efc37f25b56efe00ebc4259ba09f31e5ddf54

          SHA512

          65019561e92ff09200e52730deec3af99d6d7051c58b16248a26c801cc6b850012608d5d7d40544e0c4909efa3f8eb05b7b1ce0438b5aeb6d6be353c9474fc58

          Download Submit

        • C:\Users\Admin\Documents\FCcKFEK_readme.txt
          Filesize

          3KB

          MD5

          9ebe359a266f17224296d54d3021feea

          SHA1

          1f4fb60e57fecf72bf2dbd410f57c0e903fa0e3a

          SHA256

          616c0cc839e40399e9ecb832852e915c57c9794ed3bcbd03695369920f7b0bea

          SHA512

          57fe4fd1c2972e32bf6429df94b0f199e9f13dcf931f7ca6dcc6720214c6de98ab112d9b41eb3f505bb497e1ca3e4cdaf39680516a928da7cf20dfbc18931163

          Download Submit

        • C:\Users\Admin\Downloads\FCcKFEK_readme.txt
          Filesize

          3KB

          MD5

          9331e309d4c9d052990a49d96facad4c

          SHA1

          2bc01215e902c952e174c1b59f737acab996e7c4

          SHA256

          5258fec31b258641d814b951db58ace0b09c955a26bf0d663bb1e3d51615d25e

          SHA512

          8afc6345bb74e6236e30a3a46e3bc231339b2d2e6eaa6a3f1bd677198d291572bc722ac4e109561e96bc417f055ae14d66ed45fd24d93d016f68a73ec5713f98

          Download Submit

        • C:\Users\Admin\Downloads\FCcKFEK_readme.txt
          Filesize

          3KB

          MD5

          69aa4d6ab10974e431c8a3e5a21d3c46

          SHA1

          e8818ee38a9ce81c5265cecb9cebef571c034a15

          SHA256

          de9e5a0cb33b742d67e18a078f15647e9ab9891656129ac4f03ddffd9085c45f

          SHA512

          9f00788e7974740cde26fb588c9e81d5b02851a3b84a811a5eda9412b88782e76d8d2abb6ba8fb67b5d255076decc6428b37b64edf2d6c96d80af809375ec904

          Download Submit

        • C:\Users\Admin\Favorites\MSN Websites\FCcKFEK_readme.txt
          Filesize

          3KB

          MD5

          70efbc8c010205f62e19d8630453d82c

          SHA1

          ff498e79951bc253f63ce2277f64cc73c21603a6

          SHA256

          c7f94597aea00ada795fd4941ed1202d99f8ef1096c2c989845e75e665ff30c8

          SHA512

          49fe74d91bcc53a49d6f140f215c93b09b2454c0e1519087cf49c618c1bbb12e1de54281777801b2e8d16306e09b4db7b61ed6955a976d90fcbe61682c1939fe

          Download Submit

        • C:\Users\Admin\Pictures\FCcKFEK_readme.txt
          Filesize

          3KB

          MD5

          c6f610d7b7a8f409d5ad5b1d49f7012f

          SHA1

          e140404d9400ab1d3411ca34c705ec7d7544bdf3

          SHA256

          12615aeb59c0570693b3802a1379f97377d5747d43f56ddad78db7af058e41bf

          SHA512

          9ae72159a19638a718a20aafdbc307deff65c7d75db9192d3c044c6c7792a9853505f7cf268d427824dfc82acd310487f435e4dc551d0aed2b913e2e88fc773e

          Download Submit

        • C:\Users\Admin\Pictures\FCcKFEK_readme.txt
          Filesize

          3KB

          MD5

          1968c078d5f506e16dd02a01f2f4b0f2

          SHA1

          eef007e5461c101fdee593a9661645859cdcb910

          SHA256

          094f381a52417988783722de58910889162e6ac990a1b7a1e3b71190f09ec243

          SHA512

          532c6af9bdef95225ea33712df28cd75927cbe17f1b931556512321a85eb42683a968f851aca6156fd4872ea56b8fb5c488d151fd504076fe7f4644fb954b51a

          Download Submit

        • C:\Users\Default\FCcKFEK_readme.txt
          Filesize

          3KB

          MD5

          80aa1d19761ad6e5430f026a8c717ae4

          SHA1

          6ca0a4ebba377498f5eb1b284a8e81a991b1a494

          SHA256

          e6eda8802c80359eff79a7916b16ee58634f016e532cabbe503b3ac63635d807

          SHA512

          13f7d3693152a3117febe5e7e8b906cd11e18f61f3a064edc010d4aa9a96e5fb3cfc1f9853925670d83dd59be31659ef19ee5427a0dc675d7ef34a6bc7bbc83f

          Download Submit

        • C:\Users\Public\Pictures\Sample Pictures\FCcKFEK_readme.txt
          Filesize

          3KB

          MD5

          6d750ecbcf94a2fa9f906ed234435504

          SHA1

          4336bd062a31540c262ae0e6f11d3dd88c554680

          SHA256

          a5853b7f64e2c539f46dc83cfd6846ba3477c3096f63204601066b86e3b2efa0

          SHA512

          0efe8ecf96d75b30941a916c3131bfa6a9b0b24c33e697f614349632924a6d2921b727c9e5d38acac85f392c8ac5ac0cd8cc16d8cb72b8b8db5b5759fc091cba

          Download Submit

        • memory/2680-2-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-652-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-1-0x0000000002C10000-0x0000000002D36000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2680-0-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-15-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-516-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-20-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-23-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-70-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-27-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-653-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-654-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-655-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-656-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-658-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-659-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-660-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-661-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download

        • memory/2680-662-0x0000000000400000-0x00000000009C4000-memory.dmp

          Filesize

          5.8MB

          Download