Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-04-2024 10:08

General

  • Target

    cc95a8d100f70d0fbf4af14e852aa108bdb0e36db4054c3f60b3515818a71f46.exe

  • Size

    719KB

  • MD5

    275e4a63fc63c995b3e0d464919f211b

  • SHA1

    51d85210c2f621ca14d92a8375ee24d62f9d7f44

  • SHA256

    cc95a8d100f70d0fbf4af14e852aa108bdb0e36db4054c3f60b3515818a71f46

  • SHA512

    1723fb4a624859cb49f1d00100a44c5104a8a6ee4685b0e0988fa54f929dc7d70d171034577a17db2e6529d6c19b49d2ba023c4c98e9637f92981a3c1a5c9dac

  • SSDEEP

    12288:OR8hjUV679Aa4Auw3gveB17cOT1WHWEQTe0udkuHgCNU7SY/qgjjmJ/:quK679Aa4Auw3gveB1TGWEQSzXY/tjq/

Malware Config

Extracted

Path

C:\Users\Admin\Music\cbVK6_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .abaccBAaAd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LWtxWGRvOGNzdWRNWERTOGVkdHVsdWRGVVZtRlRnMDRpR20wRGt2OVNEWFRYS09SSVd1SWJCNk9VVTdhWVNwWjlLdzZSN0NLTm9mazVQRDdJZHhscWF1dDUxSFp6VFE0N05nUUxZdk8xRDhRSUhxZGtxSW9JRGtQbkR2UEh1cEhpZWRWNDhnMS9iUytWWTFPRE95RCtmeEdieU1DQVhOVlpXY3Qrc2Jic1RSYzQraWtPcmQ2Z0Y3bTlZYkpNbXd0aGcyamRRdjZMUnFIbnRqWGNZTVV6eVlBbFowWHNYZ0prTzVxR3hxSGN4VmdNcHlQZ1RTSXloNE1OM2hHTFVEK2FPUUlaQVgvMUUrbGo3Q1MyaSt5dkRwWmp2YWhvT0R4UjNZUXR5VXRlOE02ZS9DbjVhOWdpR1BSWnl2VjhXRmM1ZDlvVVBPeEFYUDY2czhKOXZmMk8wMGZwYVpaVDhpMVFDWUdwKys3R0NrMFVDUjdBeUx3RlVKMktISFliWXd1TEJUL0NPQXFmREJDalBVL0M1bUczL056dHhvVUhwdHpDSWFmdUhremcwQkV2STc3b3JpWDJtR010Y3h0aU1tRXlaYkJTY0pRUlFxeEVGcDI1NDY1M1ZpNU1JWmIxbnpsN25wOGxtNWYxMUhJUXBPR1BEajVWVnMrdmVBVlFsamQ4K1JZTlEwTzdFMWdNR2lGN2JvMHJldmFlYmNTdk1yWlFmMS95bGRqVitGTjIzWDdMTjJvN0ZmVzI3NG41NVAxeXpHcnV3Z1MrZmludmo1WjNCelRYRm0yVVR4cmM5LzFibVFpaWFlR00zYXoxRGg0UWIwUkFXYWI2T0JJR1BCS0YyR2wvSHFnbVNXcXRlVFBCMVhNdEZPcitEOVF2NHAveUY4cXVmYjNnemk2dzJ4S1I5aXpyeDRSbW44dExMSXVHLzBtOWdyMFpqMmZoK3RtU01jVncrenZ2SnJRMXZ3NSt1RThid3lXMERwZVN6MUtzeUdSRXUzaWErekd1cmw0ZlVRV3pxVXg1UEVaeDZnM04wUWVabHgweDM0NDJHcVQ3Z0paWFRrdjZDYjRBQWNucmtaNjcyY3dobHpVdGhodUxscHNkWG9hM2NiRFNDN0QxNW1RczdudjBUb2E4ejg0VzlVd1RHVEVqdmppZm5NUTh4N2RVKzZFZktrK1Z0NXFybUVUMDFhMEpTZjNpWWJNVTJXSFdqblVlWTF3ZnArMG1HWm9uV05sb0hsc3VsUDRkUDZsL1pYS3Z6eFY1OW85ZFZqeFk4UkF5L205VzRXbjBkUVQyRVp3cHIzZkJ1dGtKbmNTRHp2QzBORWs1ei96Ym5NK2tzQ2xsWklkM2sxdlYyNytlSzk4WDQrbE9QTlNqYWt2cEM4a1R4Yy9mbHRrZUZmNEg5UzhsNmYyWExXemlCSjU3ZnN2YVBvaFh3NC8vTE9LUXNUc3pHNUY2Z0QvZWVVVStZd0M4dEVCeHZtV0tEajZvaTJGbjg0SkNScmcyQmcrdmJ2K3E2Z21hY0FEbHFVZ09pcUNkVERBZXIybXd0WHZXWnZYYmN2b1hKWmVOdEpSa3FNVTVaQitPQzU4dC9vUWpqRkVzbDlpZUc1eE9aUlpVWUQrckJFVGh1czRRSXNUZXR3ZmM5S3FobmdQVWh4QSt6ejZOVXBwblg1NFhOMFpySVZxd1FCS1lxdGRlMS9wbHZEY05nck9qVWVEaXNXbFlRM0xrZlVkQkJaZDlDKzNXeE9zUGdNUWw0Z3EvUUhyU0t2eTBXTzdVOHVuUVB3Mzd6OTZrRFBpdG9IbXlZemFpQXdLalU5TUU1aTV0SWpvRk9xZnJCV2R6TWR3RTBBZEpHU01KcTIrL241WDBwbEZoNU9ucHZFSCtOSFNZZVc0WFBsdUtOc1lXMTVxcDFpWHdQN0ZsejVJaU5FRExNaDZQd0JPMURRS2h1aWFkL1hHbzIrVnpjczhMNGtydHc4Rk9oSm5lMDhzaFNaVGRodlJ3UjZHSGs3cWN1T1U5dmp0SmZIVElQMnhvekdaWjJ1VnNUTTY5eVU2eTIwK3UzL1Z2RXk2RWtFempSQ3NhdXhxNW1SeU16ZVJsVCt5bjkrbmtnazdmUkV2UGtnU1hpeFcxUFlOSjNpa28zeDZwRkhBekJRPT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * Byp
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Desktop\cbVK6_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .abaccBAaAd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LWtxWGRvOGNzdWRNWERTOGVkdHVsdWRGVVZtRlRnMDRpR20wRGt2OVNEWFRYS09SSVd1SWJCNk9VVTdhWVNwWjlLdzZSN0NLTm9mazVQRDdJZHhscWF1dDUxSFp6VFE0N05nUUxZdk8xRDhRSUhxZGtxSW9JRGtQbkR2UEh1cEhpZWRWNDhnMS9iUytWWTFPRE95RCtmeEdieU1DQVhOVlpXY3Qrc2Jic1RSYzQraWtPcmQ2Z0Y3bTlZYkpNbXd0aGcyamRRdjZMUnFIbnRqWGNZTVV6eVlBbFowWHNYZ0prTzVxR3hxSGN4VmdNcHlQZ1RTSXloNE1OM2hHTFVEK2FPUUlaQVgvMUUrbGo3Q1MyaSt5dkRwWmp2YWhvT0R4UjNZUXR5VXRlOE02ZS9DbjVhOWdpR1BSWnl2VjhXRmM1ZDlvVVBPeEFYUDY2czhKOXZmMk8wMGZwYVpaVDhpMVFDWUdwKys3R0NrMFVDUjdBeUx3RlVKMktISFliWXd1TEJUL0NPQXFmREJDalBVL0M1bUczL056dHhvVUhwdHpDSWFmdUhremcwQkV2STc3b3JpWDJtR010Y3h0aU1tRXlaYkJTY0pRUlFxeEVGcDI1NDY1M1ZpNU1JWmIxbnpsN25wOGxtNWYxMUhJUXBPR1BEajVWVnMrdmVBVlFsamQ4K1JZTlEwTzdFMWdNR2lGN2JvMHJldmFlYmNTdk1yWlFmMS95bGRqVitGTjIzWDdMTjJvN0ZmVzI3NG41NVAxeXpHcnV3Z1MrZmludmo1WjNCelRYRm0yVVR4cmM5LzFibVFpaWFlR00zYXoxRGg0UWIwUkFXYWI2T0JJR1BCS0YyR2wvSHFnbVNXcXRlVFBCMVhNdEZPcitEOVF2NHAveUY4cXVmYjNnemk2dzJ4S1I5aXpyeDRSbW44dExMSXVHLzBtOWdyMFpqMmZoK3RtU01jVncrenZ2SnJRMXZ3NSt1RThid3lXMERwZVN6MUtzeUdSRXUzaWErekd1cmw0ZlVRV3pxVXg1UEVaeDZnM04wUWVabHgweDM0NDJHcVQ3Z0paWFRrdjZDYjRBQWNucmtaNjcyY3dobHpVdGhodUxscHNkWG9hM2NiRFNDN0QxNW1RczdudjBUb2E4ejg0VzlVd1RHVEVqdmppZm5NUTh4N2RVKzZFZktrK1Z0NXFybUVUMDFhMEpTZjNpWWJNVTJXSFdqblVlWTF3ZnArMG1HWm9uV05sb0hsc3VsUDRkUDZsL1pYS3Z6eFY1OW85ZFZqeFk4UkF5L205VzRXbjBkUVQyRVp3cHIzZkJ1dGtKbmNTRHp2QzBORWs1ei96Ym5NK2tzQ2xsWklkM2sxdlYyNytlSzk4WDQrbE9QTlNqYWt2cEM4a1R4Yy9mbHRrZUZmNEg5UzhsNmYyWExXemlCSjU3ZnN2YVBvaFh3NC8vTE9LUXNUc3pHNUY2Z0QvZWVVVStZd0M4dEVCeHZtV0tEajZvaTJGbjg0SkNScmcyQmcrdmJ2K3E2Z21hY0FEbHFVZ09pcUNkVERBZXIybXd0WHZXWnZYYmN2b1hKWmVOdEpSa3FNVTVaQitPQzU4dC9vUWpqRkVzbDlpZUc1eE9aUlpVWUQrckJFVGh1czRRSXNUZXR3ZmM5S3FobmdQVWh4QSt6ejZOVXBwblg1NFhOMFpySVZxd1FCS1lxdGRlMS9wbHZEY05nck9qVWVEaXNXbFlRM0xrZlVkQkJaZDlDKzNXeE9zUGdNUWw0Z3EvUUhyU0t2eTBXTzdVOHVuUVB3Mzd6OTZrRFBpdG9IbXlZemFpQXdLalU5TUU1aTV0SWpvRk9xZnJCV2R6TWR3RTBBZEpHU01KcTIrL241WDBwbEZoNU9ucHZFSCtOSFNZZVc0WFBsdUtOc1lXMTVxcDFpWHdQN0ZsejVJaU5FRExNaDZQd0JPMURRS2h1aWFkL1hHbzIrVnpjczhMNGtydHc4Rk9oSm5lMDhzaFNaVGRodlJ3UjZHSGs3cWN1T1U5dmp0SmZIVElQMnhvekdaWjJ1VnNUTTY5eVU2eTIwK3UzL1Z2RXk2RWtFempSQ3NhdXhxNW1SeU16ZVJsVCt5bjkrbmtnazdmUkV2UGtnU1hpeFcxUFlOSjNpa28zeDZwRkhBekJRPT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * K
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Desktop\cbVK6_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .abaccBAaAd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LWtxWGRvOGNzdWRNWERTOGVkdHVsdWRGVVZtRlRnMDRpR20wRGt2OVNEWFRYS09SSVd1SWJCNk9VVTdhWVNwWjlLdzZSN0NLTm9mazVQRDdJZHhscWF1dDUxSFp6VFE0N05nUUxZdk8xRDhRSUhxZGtxSW9JRGtQbkR2UEh1cEhpZWRWNDhnMS9iUytWWTFPRE95RCtmeEdieU1DQVhOVlpXY3Qrc2Jic1RSYzQraWtPcmQ2Z0Y3bTlZYkpNbXd0aGcyamRRdjZMUnFIbnRqWGNZTVV6eVlBbFowWHNYZ0prTzVxR3hxSGN4VmdNcHlQZ1RTSXloNE1OM2hHTFVEK2FPUUlaQVgvMUUrbGo3Q1MyaSt5dkRwWmp2YWhvT0R4UjNZUXR5VXRlOE02ZS9DbjVhOWdpR1BSWnl2VjhXRmM1ZDlvVVBPeEFYUDY2czhKOXZmMk8wMGZwYVpaVDhpMVFDWUdwKys3R0NrMFVDUjdBeUx3RlVKMktISFliWXd1TEJUL0NPQXFmREJDalBVL0M1bUczL056dHhvVUhwdHpDSWFmdUhremcwQkV2STc3b3JpWDJtR010Y3h0aU1tRXlaYkJTY0pRUlFxeEVGcDI1NDY1M1ZpNU1JWmIxbnpsN25wOGxtNWYxMUhJUXBPR1BEajVWVnMrdmVBVlFsamQ4K1JZTlEwTzdFMWdNR2lGN2JvMHJldmFlYmNTdk1yWlFmMS95bGRqVitGTjIzWDdMTjJvN0ZmVzI3NG41NVAxeXpHcnV3Z1MrZmludmo1WjNCelRYRm0yVVR4cmM5LzFibVFpaWFlR00zYXoxRGg0UWIwUkFXYWI2T0JJR1BCS0YyR2wvSHFnbVNXcXRlVFBCMVhNdEZPcitEOVF2NHAveUY4cXVmYjNnemk2dzJ4S1I5aXpyeDRSbW44dExMSXVHLzBtOWdyMFpqMmZoK3RtU01jVncrenZ2SnJRMXZ3NSt1RThid3lXMERwZVN6MUtzeUdSRXUzaWErekd1cmw0ZlVRV3pxVXg1UEVaeDZnM04wUWVabHgweDM0NDJHcVQ3Z0paWFRrdjZDYjRBQWNucmtaNjcyY3dobHpVdGhodUxscHNkWG9hM2NiRFNDN0QxNW1RczdudjBUb2E4ejg0VzlVd1RHVEVqdmppZm5NUTh4N2RVKzZFZktrK1Z0NXFybUVUMDFhMEpTZjNpWWJNVTJXSFdqblVlWTF3ZnArMG1HWm9uV05sb0hsc3VsUDRkUDZsL1pYS3Z6eFY1OW85ZFZqeFk4UkF5L205VzRXbjBkUVQyRVp3cHIzZkJ1dGtKbmNTRHp2QzBORWs1ei96Ym5NK2tzQ2xsWklkM2sxdlYyNytlSzk4WDQrbE9QTlNqYWt2cEM4a1R4Yy9mbHRrZUZmNEg5UzhsNmYyWExXemlCSjU3ZnN2YVBvaFh3NC8vTE9LUXNUc3pHNUY2Z0QvZWVVVStZd0M4dEVCeHZtV0tEajZvaTJGbjg0SkNScmcyQmcrdmJ2K3E2Z21hY0FEbHFVZ09pcUNkVERBZXIybXd0WHZXWnZYYmN2b1hKWmVOdEpSa3FNVTVaQitPQzU4dC9vUWpqRkVzbDlpZUc1eE9aUlpVWUQrckJFVGh1czRRSXNUZXR3ZmM5S3FobmdQVWh4QSt6ejZOVXBwblg1NFhOMFpySVZxd1FCS1lxdGRlMS9wbHZEY05nck9qVWVEaXNXbFlRM0xrZlVkQkJaZDlDKzNXeE9zUGdNUWw0Z3EvUUhyU0t2eTBXTzdVOHVuUVB3Mzd6OTZrRFBpdG9IbXlZemFpQXdLalU5TUU1aTV0SWpvRk9xZnJCV2R6TWR3RTBBZEpHU01KcTIrL241WDBwbEZoNU9ucHZFSCtOSFNZZVc0WFBsdUtOc1lXMTVxcDFpWHdQN0ZsejVJaU5FRExNaDZQd0JPMURRS2h1aWFkL1hHbzIrVnpjczhMNGtydHc4Rk9oSm5lMDhzaFNaVGRodlJ3UjZHSGs3cWN1T1U5dmp0SmZIVElQMnhvekdaWjJ1VnNUTTY5eVU2eTIwK3UzL1Z2RXk2RWtFempSQ3NhdXhxNW1SeU16ZVJsVCt5bjkrbmtnazdmUkV2UGtnU1hpeFcxUFlOSjNpa28zeDZwRkhBekJRPT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * yD6hQVxBo32Xchy01PBpmVqgVJvhS
URLs

http://avaddonbotrxmuyl.onion

Signatures

  • Avaddon

    Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.

  • UAC bypass 3 TTPs 2 IoCs
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

  • Renames multiple (188) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Interacts with shadow copies 2 TTPs 3 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 63 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • System policy modification 1 TTPs 3 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc95a8d100f70d0fbf4af14e852aa108bdb0e36db4054c3f60b3515818a71f46.exe
    "C:\Users\Admin\AppData\Local\Temp\cc95a8d100f70d0fbf4af14e852aa108bdb0e36db4054c3f60b3515818a71f46.exe"
    1⤵
    • UAC bypass
    • Checks whether UAC is enabled
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2224
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2516
    • C:\Windows\SysWOW64\vssadmin.exe
      vssadmin.exe Delete Shadows /All /Quiet
      2⤵
      • Interacts with shadow copies
      PID:2972
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2484
    • C:\Windows\SysWOW64\vssadmin.exe
      vssadmin.exe Delete Shadows /All /Quiet
      2⤵
      • Interacts with shadow copies
      PID:2948
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:528
    • C:\Windows\SysWOW64\vssadmin.exe
      vssadmin.exe Delete Shadows /All /Quiet
      2⤵
      • Interacts with shadow copies
      PID:2768
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2464

Network

MITRE ATT&CK Matrix ATT&CK v13

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Impact

Inhibit System Recovery

2
T1490

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\cbVK6_readme_.txt
    Filesize

    3KB

    MD5

    4634bd7ec6218551fc899a8275a77f09

    SHA1

    c348ecbca7a25903ab6a2e4f537201bde1d15a6f

    SHA256

    031c90634ae78942b49156325757ddcbd2753ab1d621e9e3dfafc12598c6de60

    SHA512

    04e3613e9431644b6d2d6050470d880400c6cb11ad813213d0452cbd7d86c72714049f4a4adce75090d99ce708da4698321b58f4d7f4626c3d7f097d48ee5f0d

  • C:\Users\Admin\Desktop\cbVK6_readme_.txt
    Filesize

    3KB

    MD5

    c0d5c9ad5c8ec584e96b2ba8e957229c

    SHA1

    ea7f40cc34f94b899773bb25451f9d4fa858d70f

    SHA256

    baf2dc4468d8b63f93024fe7e159308f826a8e392a0fb186c2ed675e82961505

    SHA512

    971ed48ae399dfc1da1b182f51438c31928bd7e69f4bd6ae414f7f6aa493e7804c02bb8c2ee747dd329b7ff7a58efb6073136df5ceb8802c0228b623da6b7612

  • C:\Users\Admin\Music\cbVK6_readme_.txt
    Filesize

    3KB

    MD5

    155ba49d93898abfed31f410ed73ef7f

    SHA1

    ca9488889f653e3e4bf6d1ef62afe7eacdc2dfd9

    SHA256

    bcce9f31be32c94a3482a4ff045d35df6fe23f7006c1d7a6c092502a5fd2f7dc

    SHA512

    2d67fc23554e4c4c27c53629c66d470fcb130ecf9b5d209bc91f1d264fec3a13cc7f73256b73a71e696304f7aed7e94398829297f16257cf4349cbc6921fe85b