Analysis

  • max time kernel
    168s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-04-2024 10:08

General

  • Target

    cc95a8d100f70d0fbf4af14e852aa108bdb0e36db4054c3f60b3515818a71f46.exe

  • Size

    719KB

  • MD5

    275e4a63fc63c995b3e0d464919f211b

  • SHA1

    51d85210c2f621ca14d92a8375ee24d62f9d7f44

  • SHA256

    cc95a8d100f70d0fbf4af14e852aa108bdb0e36db4054c3f60b3515818a71f46

  • SHA512

    1723fb4a624859cb49f1d00100a44c5104a8a6ee4685b0e0988fa54f929dc7d70d171034577a17db2e6529d6c19b49d2ba023c4c98e9637f92981a3c1a5c9dac

  • SSDEEP

    12288:OR8hjUV679Aa4Auw3gveB17cOT1WHWEQTe0udkuHgCNU7SY/qgjjmJ/:quK679Aa4Auw3gveB1TGWEQSzXY/tjq/

Malware Config

Extracted

Path

C:\Users\Admin\Documents\gp4Qvn_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .beeaDeaCd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LUx6dnc4WWVXbTVjQjJBMUFyS1BoQ3hrNGtJa0YyMFNBdm53dXFrWWZPeS8xSlVRVlliaVo1dll1c3BWb2FHdmFQYnp3UlRUQWVRSWJPYUVCalFsVjUxNFprWWlsMFo3c2pqRDNwTE9CZEdMVnZwK1AvdXBMZFhNVXpXS2FlUmxUdXN2Y2U4cEZtQXo2LzZDSTdLKzkzTVBVNVZRb29UcjY4Um9FVm9DYnRzNm5ZaEllbjZWVkdETUMzanhEa3NRRU1MTHpzdENtTTgzRmdoNEJENTE1Y05MVUwzWjdYa3FCMjZBWHFlWjNacGJXczByd1laN2NkYXp2THYzZWFLZ0dkcjIyVnNHbmZ5V214MzBoL3c2WGRnKytFa0t2TTBsSllTVVFwa2cyVzMreVNmTWp4TUVRZ0tMNFNrRng1bGRmQjlZUmF6NC83VDc2RVd1K0VnTzZIRlpVclFaL1RzZXhMNS90KzN4UHp0ajFBRUFRS0xoZjd4Z3d0QjJlVmt2bUtYZWVZTzdWc0RpSklCRS9MNTFaZlJXKzJWeEVQZ1hYZU5HRE5DVXVqbW9BZFpMd2FvVWRTZisycDhBZFZhRTJmNzFEdkJVeTBOT0lCbmdJU0RSTlJGK0RlaVIvQXk3aEFUaFVnU3E4MTlUZlVrUElibHZJL3VDQis5RlNkVzViSDExcmhCbVBGYWtvZUZycEthWWc4NHI1MkllTzhFWnBSbjQ5TWVweDJVRlFzNWQzeFVYMUk4QkxIUy9RbFQvdE5ZNzQ1TVNNUkh6eEV5UW9hR2RrbUN3RzNmL0VVdnpvZEc0WXdkSGNseWltK3pPRmdtUWxPQjVseVdMZ1BIaHMrV2hZS1V0bHkvYVFYSGZsSEpNejN5Si9KYUJmVGxPeUIwWFJwTFVmK3JjWWJ1QXRQTWtDYTRyVzdwZllibjU4eUxrZ2dOalVaZy9BT0J0cFd3MEdDWkVLWXF0d3ppdXl2L3pEWEJhc1hXNm9ocDFlekl2cmdDN0lzS0NPdFpXN0pwcXRtcDFZZ1g4by9NanN6VjVNc1Z6Zk5WRnhlYzdSZ3BabWJudC9odnJhdUV4cXpCSG5RQ1I3QWlNTXhwdVR1Nnd2Z2Y3d2pvSVVoamFYczJTN2s4VVlXaUx4c1RJaUJ3UCs4NUdPVHVDb2RjNnlDMzVpbmxSdjZieWJkNkcvWlVnTC9Mb0poUGdXMTJ0czlmUE5oNWx5YVFLbktNTnpoNk5JWkpnRTJndXZCRVlsaXRTaHI1ZGdheGNYQzIrM2dCeFVWZnJJL3ViRGhOWkNpZUdqUzd0ZHE0M2ozME5xTkVHRzJtdGFCa002U0F5aHFEV1lSaFVsNWZ1RG1xN2hWbGFURzZzQ1NYZVZrRFlCZ0JzYTF1RnowYkV5ZGd2U3N5U2V3a0pqNGtRYXZyeUwvbWhHZ0dmOVhnWEEzRjFDSkpTN2xmV05xb0krcDRaMHQ2MFRhemc5M0tablBaODhEVHFpUjdJUmtkOWhzMmNTckNBdHVzNndyeWdOWUszVkllWTNPVGVqeXJsVnlYZlZkQzBhUnJpdXlvZEJRSVEwSWJQZDRROGtNdGpDWGpmTmNoOXpHeWNTTmw5Rkhsa1BLUEsvSEtBd1lFYjJyVWJOMkExR1hMeEVqalBFQ2lqakVUdEFlRXBjM0FBdzh1YjVjdkxBSWZFVzB4TGozNWpKYzU2endhZVE3THR4SXEydmpjVHJud1dYM21nc0h2K3F2Vjc2WTRzdmt5RmxsNjU3bnNMVXMrSDhEdmFJL3FhOEdzbjdnYlpyTCsyVS9IMDA0MzdhOG9icDVEdE9MazVPTEM0aE1Fbkc2UXRlS3pseWhzSlBaUEJ0RW9wOG1YTDJQRW1pZzlGZzZESVd4ck1Sc25IWW5pcVlBa3AzZzRvK0FRN09nbmRGU0k3UldWbVhHRTBQKzE4encrODZVbzVzb0M0QkpHNGNCdExGKzBwK212WkxIdE44aG5xZk5LZGxMYURHU21oRnBIaitPaHdDY1pQeVdrZkMzeWo2by9sblBRM0JvVEh0NTZLU2pESkdNbFFiU2p0cnpOVWpuZEVhbjI4b0Q2d005TC96MGFwNXJwM3RDQnNXYmtEbFF1M0I5Q2JlQ3hwc2ZrTUZxc3VrR2tMYVF3PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * WgAJumrayn5
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Documents\gp4Qvn_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .beeaDeaCd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LUx6dnc4WWVXbTVjQjJBMUFyS1BoQ3hrNGtJa0YyMFNBdm53dXFrWWZPeS8xSlVRVlliaVo1dll1c3BWb2FHdmFQYnp3UlRUQWVRSWJPYUVCalFsVjUxNFprWWlsMFo3c2pqRDNwTE9CZEdMVnZwK1AvdXBMZFhNVXpXS2FlUmxUdXN2Y2U4cEZtQXo2LzZDSTdLKzkzTVBVNVZRb29UcjY4Um9FVm9DYnRzNm5ZaEllbjZWVkdETUMzanhEa3NRRU1MTHpzdENtTTgzRmdoNEJENTE1Y05MVUwzWjdYa3FCMjZBWHFlWjNacGJXczByd1laN2NkYXp2THYzZWFLZ0dkcjIyVnNHbmZ5V214MzBoL3c2WGRnKytFa0t2TTBsSllTVVFwa2cyVzMreVNmTWp4TUVRZ0tMNFNrRng1bGRmQjlZUmF6NC83VDc2RVd1K0VnTzZIRlpVclFaL1RzZXhMNS90KzN4UHp0ajFBRUFRS0xoZjd4Z3d0QjJlVmt2bUtYZWVZTzdWc0RpSklCRS9MNTFaZlJXKzJWeEVQZ1hYZU5HRE5DVXVqbW9BZFpMd2FvVWRTZisycDhBZFZhRTJmNzFEdkJVeTBOT0lCbmdJU0RSTlJGK0RlaVIvQXk3aEFUaFVnU3E4MTlUZlVrUElibHZJL3VDQis5RlNkVzViSDExcmhCbVBGYWtvZUZycEthWWc4NHI1MkllTzhFWnBSbjQ5TWVweDJVRlFzNWQzeFVYMUk4QkxIUy9RbFQvdE5ZNzQ1TVNNUkh6eEV5UW9hR2RrbUN3RzNmL0VVdnpvZEc0WXdkSGNseWltK3pPRmdtUWxPQjVseVdMZ1BIaHMrV2hZS1V0bHkvYVFYSGZsSEpNejN5Si9KYUJmVGxPeUIwWFJwTFVmK3JjWWJ1QXRQTWtDYTRyVzdwZllibjU4eUxrZ2dOalVaZy9BT0J0cFd3MEdDWkVLWXF0d3ppdXl2L3pEWEJhc1hXNm9ocDFlekl2cmdDN0lzS0NPdFpXN0pwcXRtcDFZZ1g4by9NanN6VjVNc1Z6Zk5WRnhlYzdSZ3BabWJudC9odnJhdUV4cXpCSG5RQ1I3QWlNTXhwdVR1Nnd2Z2Y3d2pvSVVoamFYczJTN2s4VVlXaUx4c1RJaUJ3UCs4NUdPVHVDb2RjNnlDMzVpbmxSdjZieWJkNkcvWlVnTC9Mb0poUGdXMTJ0czlmUE5oNWx5YVFLbktNTnpoNk5JWkpnRTJndXZCRVlsaXRTaHI1ZGdheGNYQzIrM2dCeFVWZnJJL3ViRGhOWkNpZUdqUzd0ZHE0M2ozME5xTkVHRzJtdGFCa002U0F5aHFEV1lSaFVsNWZ1RG1xN2hWbGFURzZzQ1NYZVZrRFlCZ0JzYTF1RnowYkV5ZGd2U3N5U2V3a0pqNGtRYXZyeUwvbWhHZ0dmOVhnWEEzRjFDSkpTN2xmV05xb0krcDRaMHQ2MFRhemc5M0tablBaODhEVHFpUjdJUmtkOWhzMmNTckNBdHVzNndyeWdOWUszVkllWTNPVGVqeXJsVnlYZlZkQzBhUnJpdXlvZEJRSVEwSWJQZDRROGtNdGpDWGpmTmNoOXpHeWNTTmw5Rkhsa1BLUEsvSEtBd1lFYjJyVWJOMkExR1hMeEVqalBFQ2lqakVUdEFlRXBjM0FBdzh1YjVjdkxBSWZFVzB4TGozNWpKYzU2endhZVE3THR4SXEydmpjVHJud1dYM21nc0h2K3F2Vjc2WTRzdmt5RmxsNjU3bnNMVXMrSDhEdmFJL3FhOEdzbjdnYlpyTCsyVS9IMDA0MzdhOG9icDVEdE9MazVPTEM0aE1Fbkc2UXRlS3pseWhzSlBaUEJ0RW9wOG1YTDJQRW1pZzlGZzZESVd4ck1Sc25IWW5pcVlBa3AzZzRvK0FRN09nbmRGU0k3UldWbVhHRTBQKzE4encrODZVbzVzb0M0QkpHNGNCdExGKzBwK212WkxIdE44aG5xZk5LZGxMYURHU21oRnBIaitPaHdDY1pQeVdrZkMzeWo2by9sblBRM0JvVEh0NTZLU2pESkdNbFFiU2p0cnpOVWpuZEVhbjI4b0Q2d005TC96MGFwNXJwM3RDQnNXYmtEbFF1M0I5Q2JlQ3hwc2ZrTUZxc3VrR2tMYVF3PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * RA5FFazoqGvwP9KTp9u4wgdr
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Downloads\gp4Qvn_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .beeaDeaCd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LUx6dnc4WWVXbTVjQjJBMUFyS1BoQ3hrNGtJa0YyMFNBdm53dXFrWWZPeS8xSlVRVlliaVo1dll1c3BWb2FHdmFQYnp3UlRUQWVRSWJPYUVCalFsVjUxNFprWWlsMFo3c2pqRDNwTE9CZEdMVnZwK1AvdXBMZFhNVXpXS2FlUmxUdXN2Y2U4cEZtQXo2LzZDSTdLKzkzTVBVNVZRb29UcjY4Um9FVm9DYnRzNm5ZaEllbjZWVkdETUMzanhEa3NRRU1MTHpzdENtTTgzRmdoNEJENTE1Y05MVUwzWjdYa3FCMjZBWHFlWjNacGJXczByd1laN2NkYXp2THYzZWFLZ0dkcjIyVnNHbmZ5V214MzBoL3c2WGRnKytFa0t2TTBsSllTVVFwa2cyVzMreVNmTWp4TUVRZ0tMNFNrRng1bGRmQjlZUmF6NC83VDc2RVd1K0VnTzZIRlpVclFaL1RzZXhMNS90KzN4UHp0ajFBRUFRS0xoZjd4Z3d0QjJlVmt2bUtYZWVZTzdWc0RpSklCRS9MNTFaZlJXKzJWeEVQZ1hYZU5HRE5DVXVqbW9BZFpMd2FvVWRTZisycDhBZFZhRTJmNzFEdkJVeTBOT0lCbmdJU0RSTlJGK0RlaVIvQXk3aEFUaFVnU3E4MTlUZlVrUElibHZJL3VDQis5RlNkVzViSDExcmhCbVBGYWtvZUZycEthWWc4NHI1MkllTzhFWnBSbjQ5TWVweDJVRlFzNWQzeFVYMUk4QkxIUy9RbFQvdE5ZNzQ1TVNNUkh6eEV5UW9hR2RrbUN3RzNmL0VVdnpvZEc0WXdkSGNseWltK3pPRmdtUWxPQjVseVdMZ1BIaHMrV2hZS1V0bHkvYVFYSGZsSEpNejN5Si9KYUJmVGxPeUIwWFJwTFVmK3JjWWJ1QXRQTWtDYTRyVzdwZllibjU4eUxrZ2dOalVaZy9BT0J0cFd3MEdDWkVLWXF0d3ppdXl2L3pEWEJhc1hXNm9ocDFlekl2cmdDN0lzS0NPdFpXN0pwcXRtcDFZZ1g4by9NanN6VjVNc1Z6Zk5WRnhlYzdSZ3BabWJudC9odnJhdUV4cXpCSG5RQ1I3QWlNTXhwdVR1Nnd2Z2Y3d2pvSVVoamFYczJTN2s4VVlXaUx4c1RJaUJ3UCs4NUdPVHVDb2RjNnlDMzVpbmxSdjZieWJkNkcvWlVnTC9Mb0poUGdXMTJ0czlmUE5oNWx5YVFLbktNTnpoNk5JWkpnRTJndXZCRVlsaXRTaHI1ZGdheGNYQzIrM2dCeFVWZnJJL3ViRGhOWkNpZUdqUzd0ZHE0M2ozME5xTkVHRzJtdGFCa002U0F5aHFEV1lSaFVsNWZ1RG1xN2hWbGFURzZzQ1NYZVZrRFlCZ0JzYTF1RnowYkV5ZGd2U3N5U2V3a0pqNGtRYXZyeUwvbWhHZ0dmOVhnWEEzRjFDSkpTN2xmV05xb0krcDRaMHQ2MFRhemc5M0tablBaODhEVHFpUjdJUmtkOWhzMmNTckNBdHVzNndyeWdOWUszVkllWTNPVGVqeXJsVnlYZlZkQzBhUnJpdXlvZEJRSVEwSWJQZDRROGtNdGpDWGpmTmNoOXpHeWNTTmw5Rkhsa1BLUEsvSEtBd1lFYjJyVWJOMkExR1hMeEVqalBFQ2lqakVUdEFlRXBjM0FBdzh1YjVjdkxBSWZFVzB4TGozNWpKYzU2endhZVE3THR4SXEydmpjVHJud1dYM21nc0h2K3F2Vjc2WTRzdmt5RmxsNjU3bnNMVXMrSDhEdmFJL3FhOEdzbjdnYlpyTCsyVS9IMDA0MzdhOG9icDVEdE9MazVPTEM0aE1Fbkc2UXRlS3pseWhzSlBaUEJ0RW9wOG1YTDJQRW1pZzlGZzZESVd4ck1Sc25IWW5pcVlBa3AzZzRvK0FRN09nbmRGU0k3UldWbVhHRTBQKzE4encrODZVbzVzb0M0QkpHNGNCdExGKzBwK212WkxIdE44aG5xZk5LZGxMYURHU21oRnBIaitPaHdDY1pQeVdrZkMzeWo2by9sblBRM0JvVEh0NTZLU2pESkdNbFFiU2p0cnpOVWpuZEVhbjI4b0Q2d005TC96MGFwNXJwM3RDQnNXYmtEbFF1M0I5Q2JlQ3hwc2ZrTUZxc3VrR2tMYVF3PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * IIgbammcgsdVIZSV0gKBdLGO0P4B
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Downloads\gp4Qvn_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .beeaDeaCd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LUx6dnc4WWVXbTVjQjJBMUFyS1BoQ3hrNGtJa0YyMFNBdm53dXFrWWZPeS8xSlVRVlliaVo1dll1c3BWb2FHdmFQYnp3UlRUQWVRSWJPYUVCalFsVjUxNFprWWlsMFo3c2pqRDNwTE9CZEdMVnZwK1AvdXBMZFhNVXpXS2FlUmxUdXN2Y2U4cEZtQXo2LzZDSTdLKzkzTVBVNVZRb29UcjY4Um9FVm9DYnRzNm5ZaEllbjZWVkdETUMzanhEa3NRRU1MTHpzdENtTTgzRmdoNEJENTE1Y05MVUwzWjdYa3FCMjZBWHFlWjNacGJXczByd1laN2NkYXp2THYzZWFLZ0dkcjIyVnNHbmZ5V214MzBoL3c2WGRnKytFa0t2TTBsSllTVVFwa2cyVzMreVNmTWp4TUVRZ0tMNFNrRng1bGRmQjlZUmF6NC83VDc2RVd1K0VnTzZIRlpVclFaL1RzZXhMNS90KzN4UHp0ajFBRUFRS0xoZjd4Z3d0QjJlVmt2bUtYZWVZTzdWc0RpSklCRS9MNTFaZlJXKzJWeEVQZ1hYZU5HRE5DVXVqbW9BZFpMd2FvVWRTZisycDhBZFZhRTJmNzFEdkJVeTBOT0lCbmdJU0RSTlJGK0RlaVIvQXk3aEFUaFVnU3E4MTlUZlVrUElibHZJL3VDQis5RlNkVzViSDExcmhCbVBGYWtvZUZycEthWWc4NHI1MkllTzhFWnBSbjQ5TWVweDJVRlFzNWQzeFVYMUk4QkxIUy9RbFQvdE5ZNzQ1TVNNUkh6eEV5UW9hR2RrbUN3RzNmL0VVdnpvZEc0WXdkSGNseWltK3pPRmdtUWxPQjVseVdMZ1BIaHMrV2hZS1V0bHkvYVFYSGZsSEpNejN5Si9KYUJmVGxPeUIwWFJwTFVmK3JjWWJ1QXRQTWtDYTRyVzdwZllibjU4eUxrZ2dOalVaZy9BT0J0cFd3MEdDWkVLWXF0d3ppdXl2L3pEWEJhc1hXNm9ocDFlekl2cmdDN0lzS0NPdFpXN0pwcXRtcDFZZ1g4by9NanN6VjVNc1Z6Zk5WRnhlYzdSZ3BabWJudC9odnJhdUV4cXpCSG5RQ1I3QWlNTXhwdVR1Nnd2Z2Y3d2pvSVVoamFYczJTN2s4VVlXaUx4c1RJaUJ3UCs4NUdPVHVDb2RjNnlDMzVpbmxSdjZieWJkNkcvWlVnTC9Mb0poUGdXMTJ0czlmUE5oNWx5YVFLbktNTnpoNk5JWkpnRTJndXZCRVlsaXRTaHI1ZGdheGNYQzIrM2dCeFVWZnJJL3ViRGhOWkNpZUdqUzd0ZHE0M2ozME5xTkVHRzJtdGFCa002U0F5aHFEV1lSaFVsNWZ1RG1xN2hWbGFURzZzQ1NYZVZrRFlCZ0JzYTF1RnowYkV5ZGd2U3N5U2V3a0pqNGtRYXZyeUwvbWhHZ0dmOVhnWEEzRjFDSkpTN2xmV05xb0krcDRaMHQ2MFRhemc5M0tablBaODhEVHFpUjdJUmtkOWhzMmNTckNBdHVzNndyeWdOWUszVkllWTNPVGVqeXJsVnlYZlZkQzBhUnJpdXlvZEJRSVEwSWJQZDRROGtNdGpDWGpmTmNoOXpHeWNTTmw5Rkhsa1BLUEsvSEtBd1lFYjJyVWJOMkExR1hMeEVqalBFQ2lqakVUdEFlRXBjM0FBdzh1YjVjdkxBSWZFVzB4TGozNWpKYzU2endhZVE3THR4SXEydmpjVHJud1dYM21nc0h2K3F2Vjc2WTRzdmt5RmxsNjU3bnNMVXMrSDhEdmFJL3FhOEdzbjdnYlpyTCsyVS9IMDA0MzdhOG9icDVEdE9MazVPTEM0aE1Fbkc2UXRlS3pseWhzSlBaUEJ0RW9wOG1YTDJQRW1pZzlGZzZESVd4ck1Sc25IWW5pcVlBa3AzZzRvK0FRN09nbmRGU0k3UldWbVhHRTBQKzE4encrODZVbzVzb0M0QkpHNGNCdExGKzBwK212WkxIdE44aG5xZk5LZGxMYURHU21oRnBIaitPaHdDY1pQeVdrZkMzeWo2by9sblBRM0JvVEh0NTZLU2pESkdNbFFiU2p0cnpOVWpuZEVhbjI4b0Q2d005TC96MGFwNXJwM3RDQnNXYmtEbFF1M0I5Q2JlQ3hwc2ZrTUZxc3VrR2tMYVF3PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * rf0B4
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Music\gp4Qvn_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .beeaDeaCd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LUx6dnc4WWVXbTVjQjJBMUFyS1BoQ3hrNGtJa0YyMFNBdm53dXFrWWZPeS8xSlVRVlliaVo1dll1c3BWb2FHdmFQYnp3UlRUQWVRSWJPYUVCalFsVjUxNFprWWlsMFo3c2pqRDNwTE9CZEdMVnZwK1AvdXBMZFhNVXpXS2FlUmxUdXN2Y2U4cEZtQXo2LzZDSTdLKzkzTVBVNVZRb29UcjY4Um9FVm9DYnRzNm5ZaEllbjZWVkdETUMzanhEa3NRRU1MTHpzdENtTTgzRmdoNEJENTE1Y05MVUwzWjdYa3FCMjZBWHFlWjNacGJXczByd1laN2NkYXp2THYzZWFLZ0dkcjIyVnNHbmZ5V214MzBoL3c2WGRnKytFa0t2TTBsSllTVVFwa2cyVzMreVNmTWp4TUVRZ0tMNFNrRng1bGRmQjlZUmF6NC83VDc2RVd1K0VnTzZIRlpVclFaL1RzZXhMNS90KzN4UHp0ajFBRUFRS0xoZjd4Z3d0QjJlVmt2bUtYZWVZTzdWc0RpSklCRS9MNTFaZlJXKzJWeEVQZ1hYZU5HRE5DVXVqbW9BZFpMd2FvVWRTZisycDhBZFZhRTJmNzFEdkJVeTBOT0lCbmdJU0RSTlJGK0RlaVIvQXk3aEFUaFVnU3E4MTlUZlVrUElibHZJL3VDQis5RlNkVzViSDExcmhCbVBGYWtvZUZycEthWWc4NHI1MkllTzhFWnBSbjQ5TWVweDJVRlFzNWQzeFVYMUk4QkxIUy9RbFQvdE5ZNzQ1TVNNUkh6eEV5UW9hR2RrbUN3RzNmL0VVdnpvZEc0WXdkSGNseWltK3pPRmdtUWxPQjVseVdMZ1BIaHMrV2hZS1V0bHkvYVFYSGZsSEpNejN5Si9KYUJmVGxPeUIwWFJwTFVmK3JjWWJ1QXRQTWtDYTRyVzdwZllibjU4eUxrZ2dOalVaZy9BT0J0cFd3MEdDWkVLWXF0d3ppdXl2L3pEWEJhc1hXNm9ocDFlekl2cmdDN0lzS0NPdFpXN0pwcXRtcDFZZ1g4by9NanN6VjVNc1Z6Zk5WRnhlYzdSZ3BabWJudC9odnJhdUV4cXpCSG5RQ1I3QWlNTXhwdVR1Nnd2Z2Y3d2pvSVVoamFYczJTN2s4VVlXaUx4c1RJaUJ3UCs4NUdPVHVDb2RjNnlDMzVpbmxSdjZieWJkNkcvWlVnTC9Mb0poUGdXMTJ0czlmUE5oNWx5YVFLbktNTnpoNk5JWkpnRTJndXZCRVlsaXRTaHI1ZGdheGNYQzIrM2dCeFVWZnJJL3ViRGhOWkNpZUdqUzd0ZHE0M2ozME5xTkVHRzJtdGFCa002U0F5aHFEV1lSaFVsNWZ1RG1xN2hWbGFURzZzQ1NYZVZrRFlCZ0JzYTF1RnowYkV5ZGd2U3N5U2V3a0pqNGtRYXZyeUwvbWhHZ0dmOVhnWEEzRjFDSkpTN2xmV05xb0krcDRaMHQ2MFRhemc5M0tablBaODhEVHFpUjdJUmtkOWhzMmNTckNBdHVzNndyeWdOWUszVkllWTNPVGVqeXJsVnlYZlZkQzBhUnJpdXlvZEJRSVEwSWJQZDRROGtNdGpDWGpmTmNoOXpHeWNTTmw5Rkhsa1BLUEsvSEtBd1lFYjJyVWJOMkExR1hMeEVqalBFQ2lqakVUdEFlRXBjM0FBdzh1YjVjdkxBSWZFVzB4TGozNWpKYzU2endhZVE3THR4SXEydmpjVHJud1dYM21nc0h2K3F2Vjc2WTRzdmt5RmxsNjU3bnNMVXMrSDhEdmFJL3FhOEdzbjdnYlpyTCsyVS9IMDA0MzdhOG9icDVEdE9MazVPTEM0aE1Fbkc2UXRlS3pseWhzSlBaUEJ0RW9wOG1YTDJQRW1pZzlGZzZESVd4ck1Sc25IWW5pcVlBa3AzZzRvK0FRN09nbmRGU0k3UldWbVhHRTBQKzE4encrODZVbzVzb0M0QkpHNGNCdExGKzBwK212WkxIdE44aG5xZk5LZGxMYURHU21oRnBIaitPaHdDY1pQeVdrZkMzeWo2by9sblBRM0JvVEh0NTZLU2pESkdNbFFiU2p0cnpOVWpuZEVhbjI4b0Q2d005TC96MGFwNXJwM3RDQnNXYmtEbFF1M0I5Q2JlQ3hwc2ZrTUZxc3VrR2tMYVF3PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * Q1Kl4T1xEYuu08n
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Pictures\gp4Qvn_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .beeaDeaCd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LUx6dnc4WWVXbTVjQjJBMUFyS1BoQ3hrNGtJa0YyMFNBdm53dXFrWWZPeS8xSlVRVlliaVo1dll1c3BWb2FHdmFQYnp3UlRUQWVRSWJPYUVCalFsVjUxNFprWWlsMFo3c2pqRDNwTE9CZEdMVnZwK1AvdXBMZFhNVXpXS2FlUmxUdXN2Y2U4cEZtQXo2LzZDSTdLKzkzTVBVNVZRb29UcjY4Um9FVm9DYnRzNm5ZaEllbjZWVkdETUMzanhEa3NRRU1MTHpzdENtTTgzRmdoNEJENTE1Y05MVUwzWjdYa3FCMjZBWHFlWjNacGJXczByd1laN2NkYXp2THYzZWFLZ0dkcjIyVnNHbmZ5V214MzBoL3c2WGRnKytFa0t2TTBsSllTVVFwa2cyVzMreVNmTWp4TUVRZ0tMNFNrRng1bGRmQjlZUmF6NC83VDc2RVd1K0VnTzZIRlpVclFaL1RzZXhMNS90KzN4UHp0ajFBRUFRS0xoZjd4Z3d0QjJlVmt2bUtYZWVZTzdWc0RpSklCRS9MNTFaZlJXKzJWeEVQZ1hYZU5HRE5DVXVqbW9BZFpMd2FvVWRTZisycDhBZFZhRTJmNzFEdkJVeTBOT0lCbmdJU0RSTlJGK0RlaVIvQXk3aEFUaFVnU3E4MTlUZlVrUElibHZJL3VDQis5RlNkVzViSDExcmhCbVBGYWtvZUZycEthWWc4NHI1MkllTzhFWnBSbjQ5TWVweDJVRlFzNWQzeFVYMUk4QkxIUy9RbFQvdE5ZNzQ1TVNNUkh6eEV5UW9hR2RrbUN3RzNmL0VVdnpvZEc0WXdkSGNseWltK3pPRmdtUWxPQjVseVdMZ1BIaHMrV2hZS1V0bHkvYVFYSGZsSEpNejN5Si9KYUJmVGxPeUIwWFJwTFVmK3JjWWJ1QXRQTWtDYTRyVzdwZllibjU4eUxrZ2dOalVaZy9BT0J0cFd3MEdDWkVLWXF0d3ppdXl2L3pEWEJhc1hXNm9ocDFlekl2cmdDN0lzS0NPdFpXN0pwcXRtcDFZZ1g4by9NanN6VjVNc1Z6Zk5WRnhlYzdSZ3BabWJudC9odnJhdUV4cXpCSG5RQ1I3QWlNTXhwdVR1Nnd2Z2Y3d2pvSVVoamFYczJTN2s4VVlXaUx4c1RJaUJ3UCs4NUdPVHVDb2RjNnlDMzVpbmxSdjZieWJkNkcvWlVnTC9Mb0poUGdXMTJ0czlmUE5oNWx5YVFLbktNTnpoNk5JWkpnRTJndXZCRVlsaXRTaHI1ZGdheGNYQzIrM2dCeFVWZnJJL3ViRGhOWkNpZUdqUzd0ZHE0M2ozME5xTkVHRzJtdGFCa002U0F5aHFEV1lSaFVsNWZ1RG1xN2hWbGFURzZzQ1NYZVZrRFlCZ0JzYTF1RnowYkV5ZGd2U3N5U2V3a0pqNGtRYXZyeUwvbWhHZ0dmOVhnWEEzRjFDSkpTN2xmV05xb0krcDRaMHQ2MFRhemc5M0tablBaODhEVHFpUjdJUmtkOWhzMmNTckNBdHVzNndyeWdOWUszVkllWTNPVGVqeXJsVnlYZlZkQzBhUnJpdXlvZEJRSVEwSWJQZDRROGtNdGpDWGpmTmNoOXpHeWNTTmw5Rkhsa1BLUEsvSEtBd1lFYjJyVWJOMkExR1hMeEVqalBFQ2lqakVUdEFlRXBjM0FBdzh1YjVjdkxBSWZFVzB4TGozNWpKYzU2endhZVE3THR4SXEydmpjVHJud1dYM21nc0h2K3F2Vjc2WTRzdmt5RmxsNjU3bnNMVXMrSDhEdmFJL3FhOEdzbjdnYlpyTCsyVS9IMDA0MzdhOG9icDVEdE9MazVPTEM0aE1Fbkc2UXRlS3pseWhzSlBaUEJ0RW9wOG1YTDJQRW1pZzlGZzZESVd4ck1Sc25IWW5pcVlBa3AzZzRvK0FRN09nbmRGU0k3UldWbVhHRTBQKzE4encrODZVbzVzb0M0QkpHNGNCdExGKzBwK212WkxIdE44aG5xZk5LZGxMYURHU21oRnBIaitPaHdDY1pQeVdrZkMzeWo2by9sblBRM0JvVEh0NTZLU2pESkdNbFFiU2p0cnpOVWpuZEVhbjI4b0Q2d005TC96MGFwNXJwM3RDQnNXYmtEbFF1M0I5Q2JlQ3hwc2ZrTUZxc3VrR2tMYVF3PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * 9mXyjsa4PnKYEVZnsugb7B
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Searches\gp4Qvn_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .beeaDeaCd You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LUx6dnc4WWVXbTVjQjJBMUFyS1BoQ3hrNGtJa0YyMFNBdm53dXFrWWZPeS8xSlVRVlliaVo1dll1c3BWb2FHdmFQYnp3UlRUQWVRSWJPYUVCalFsVjUxNFprWWlsMFo3c2pqRDNwTE9CZEdMVnZwK1AvdXBMZFhNVXpXS2FlUmxUdXN2Y2U4cEZtQXo2LzZDSTdLKzkzTVBVNVZRb29UcjY4Um9FVm9DYnRzNm5ZaEllbjZWVkdETUMzanhEa3NRRU1MTHpzdENtTTgzRmdoNEJENTE1Y05MVUwzWjdYa3FCMjZBWHFlWjNacGJXczByd1laN2NkYXp2THYzZWFLZ0dkcjIyVnNHbmZ5V214MzBoL3c2WGRnKytFa0t2TTBsSllTVVFwa2cyVzMreVNmTWp4TUVRZ0tMNFNrRng1bGRmQjlZUmF6NC83VDc2RVd1K0VnTzZIRlpVclFaL1RzZXhMNS90KzN4UHp0ajFBRUFRS0xoZjd4Z3d0QjJlVmt2bUtYZWVZTzdWc0RpSklCRS9MNTFaZlJXKzJWeEVQZ1hYZU5HRE5DVXVqbW9BZFpMd2FvVWRTZisycDhBZFZhRTJmNzFEdkJVeTBOT0lCbmdJU0RSTlJGK0RlaVIvQXk3aEFUaFVnU3E4MTlUZlVrUElibHZJL3VDQis5RlNkVzViSDExcmhCbVBGYWtvZUZycEthWWc4NHI1MkllTzhFWnBSbjQ5TWVweDJVRlFzNWQzeFVYMUk4QkxIUy9RbFQvdE5ZNzQ1TVNNUkh6eEV5UW9hR2RrbUN3RzNmL0VVdnpvZEc0WXdkSGNseWltK3pPRmdtUWxPQjVseVdMZ1BIaHMrV2hZS1V0bHkvYVFYSGZsSEpNejN5Si9KYUJmVGxPeUIwWFJwTFVmK3JjWWJ1QXRQTWtDYTRyVzdwZllibjU4eUxrZ2dOalVaZy9BT0J0cFd3MEdDWkVLWXF0d3ppdXl2L3pEWEJhc1hXNm9ocDFlekl2cmdDN0lzS0NPdFpXN0pwcXRtcDFZZ1g4by9NanN6VjVNc1Z6Zk5WRnhlYzdSZ3BabWJudC9odnJhdUV4cXpCSG5RQ1I3QWlNTXhwdVR1Nnd2Z2Y3d2pvSVVoamFYczJTN2s4VVlXaUx4c1RJaUJ3UCs4NUdPVHVDb2RjNnlDMzVpbmxSdjZieWJkNkcvWlVnTC9Mb0poUGdXMTJ0czlmUE5oNWx5YVFLbktNTnpoNk5JWkpnRTJndXZCRVlsaXRTaHI1ZGdheGNYQzIrM2dCeFVWZnJJL3ViRGhOWkNpZUdqUzd0ZHE0M2ozME5xTkVHRzJtdGFCa002U0F5aHFEV1lSaFVsNWZ1RG1xN2hWbGFURzZzQ1NYZVZrRFlCZ0JzYTF1RnowYkV5ZGd2U3N5U2V3a0pqNGtRYXZyeUwvbWhHZ0dmOVhnWEEzRjFDSkpTN2xmV05xb0krcDRaMHQ2MFRhemc5M0tablBaODhEVHFpUjdJUmtkOWhzMmNTckNBdHVzNndyeWdOWUszVkllWTNPVGVqeXJsVnlYZlZkQzBhUnJpdXlvZEJRSVEwSWJQZDRROGtNdGpDWGpmTmNoOXpHeWNTTmw5Rkhsa1BLUEsvSEtBd1lFYjJyVWJOMkExR1hMeEVqalBFQ2lqakVUdEFlRXBjM0FBdzh1YjVjdkxBSWZFVzB4TGozNWpKYzU2endhZVE3THR4SXEydmpjVHJud1dYM21nc0h2K3F2Vjc2WTRzdmt5RmxsNjU3bnNMVXMrSDhEdmFJL3FhOEdzbjdnYlpyTCsyVS9IMDA0MzdhOG9icDVEdE9MazVPTEM0aE1Fbkc2UXRlS3pseWhzSlBaUEJ0RW9wOG1YTDJQRW1pZzlGZzZESVd4ck1Sc25IWW5pcVlBa3AzZzRvK0FRN09nbmRGU0k3UldWbVhHRTBQKzE4encrODZVbzVzb0M0QkpHNGNCdExGKzBwK212WkxIdE44aG5xZk5LZGxMYURHU21oRnBIaitPaHdDY1pQeVdrZkMzeWo2by9sblBRM0JvVEh0NTZLU2pESkdNbFFiU2p0cnpOVWpuZEVhbjI4b0Q2d005TC96MGFwNXJwM3RDQnNXYmtEbFF1M0I5Q2JlQ3hwc2ZrTUZxc3VrR2tMYVF3PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * UlNLtyOXdh05BQgZ
URLs

http://avaddonbotrxmuyl.onion

Signatures

  • Avaddon

    Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.

  • UAC bypass 3 TTPs 2 IoCs
  • Renames multiple (159) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 63 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc95a8d100f70d0fbf4af14e852aa108bdb0e36db4054c3f60b3515818a71f46.exe
    "C:\Users\Admin\AppData\Local\Temp\cc95a8d100f70d0fbf4af14e852aa108bdb0e36db4054c3f60b3515818a71f46.exe"
    1⤵
    • UAC bypass
    • Checks whether UAC is enabled
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:3788
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3200
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3272
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2612

Network

MITRE ATT&CK Matrix ATT&CK v13

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Documents\gp4Qvn_readme_.txt
    Filesize

    3KB

    MD5

    b37a48cd2f86c5b3e826bc6a622e1225

    SHA1

    9934db33fdcc2fa5d7d785cf1514b412bfc9f27f

    SHA256

    01c7e32f546a1db70ec72d7648e2b5bcb3ceb653fd220a9e53c63caba5cb9595

    SHA512

    01e5c8e2bff71b0228b85a6895336239d706b01827ca208dfe1d3b26ae6b4e825bee01de12150f122801c339ba8f70b480e58a9d9744b1607a6816759d5d4b95

  • C:\Users\Admin\Documents\gp4Qvn_readme_.txt
    Filesize

    3KB

    MD5

    deb3ca4daa6b39a82dfdaaca6f5c4aab

    SHA1

    a9929ed34562eeab09e6bac46a8621164b748a37

    SHA256

    1eaad13999f9f3c948550aa89c28ae7ea7d1d2a431146b44211dec296011c85f

    SHA512

    c0017f11d6a54254139d58ac8279434079425069ebb422ae2d9d62e884dd4df5346ff4726515ccc47ee750348f041a6a68dc055bfb2ea1e49b9c9053285f8038

  • C:\Users\Admin\Downloads\gp4Qvn_readme_.txt
    Filesize

    3KB

    MD5

    e6b4cfd8355ef7ecef0d7d8f342bef45

    SHA1

    3ca16b784fcb2055a4f8dc647a0d9faa9cd9807d

    SHA256

    5e8a2b65cad6b9ffc4826e223df913396247df8af18f598481e96b877f3def37

    SHA512

    59967055db7fcc86439cf2fea035d9ed7cceb83871166a66be1c274c5009d3970010b1d20855366ad8b066bc1ea413f1ed74837b5fea6fe300faba757e7c4de6

  • C:\Users\Admin\Downloads\gp4Qvn_readme_.txt
    Filesize

    3KB

    MD5

    1b6166533e18d941cc3d0040b1fef694

    SHA1

    784dd7f51d99655947eeff84f2c1ca70f404440b

    SHA256

    bb1ffe939cbb7e83dd8dc701b64bc3de9a461045cfa287047d77401ba9b292f0

    SHA512

    8182bf97bf1b43433ddaf6fcde6cd53defefd13c3438d70f003fffb454ada21739b8afc833636fe4827c7868e0d2cdb1b236fcf09d32a05f61db391f85ec68fe

  • C:\Users\Admin\Music\gp4Qvn_readme_.txt
    Filesize

    3KB

    MD5

    f04121547c092ae1f0c14812fc99f12f

    SHA1

    ffeaf355e71c3c543330696ba6055faf089d7982

    SHA256

    6b76bd06231e6f68c590db26e4183600d6af0c847da6c804c0b780d2a8929226

    SHA512

    4c5d1cd75bfe39c861d8ff2bffc318f6e87d2f01861de0fafb8bd72fcd12cebd40ba91e07ddc649efa049da7eab2760ea5e00dfe35c64ec82a4816f031b1dbca

  • C:\Users\Admin\Pictures\gp4Qvn_readme_.txt
    Filesize

    3KB

    MD5

    d7e5752000f3d04e470007db7900f6f1

    SHA1

    dbadc13a6abf4ec0795e6ba695c5820f95371663

    SHA256

    01fea2d81883adc73a51035c8117d473a54af74e5736cfedfb08264c82e17f95

    SHA512

    0cf82668a07f974023013a610bf490bc074f9addb5e90eec56492f627fccd98bdff1c5172969f4704883684ec43eb5860cccb606fd950df42a29c75f4c5d98f5

  • C:\Users\Admin\Searches\gp4Qvn_readme_.txt
    Filesize

    3KB

    MD5

    1c1ae92326e613377d86656255e38a72

    SHA1

    64e19587356342af44a25f14bca46f11d1f78a89

    SHA256

    5837daac68b0dfaa43ea94db84272df8538c7fbb018f3803a0760a2f27de6550

    SHA512

    eb4ffe3240a6357b8b10bc5ed12aab5224d71ee3597dd840cdf0da4dc04be5815a3168407a6ceaf72167e4a5f4792f0a108d9cf4c2d557f8bc5a6788db001be6