Analysis

  • max time kernel
    171s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-04-2024 13:20

General

  • Target

    cc95a8d100f70d0fbf4af14e852aa108bdb0e36db4054c3f60b3515818a71f46.exe

  • Size

    719KB

  • MD5

    275e4a63fc63c995b3e0d464919f211b

  • SHA1

    51d85210c2f621ca14d92a8375ee24d62f9d7f44

  • SHA256

    cc95a8d100f70d0fbf4af14e852aa108bdb0e36db4054c3f60b3515818a71f46

  • SHA512

    1723fb4a624859cb49f1d00100a44c5104a8a6ee4685b0e0988fa54f929dc7d70d171034577a17db2e6529d6c19b49d2ba023c4c98e9637f92981a3c1a5c9dac

  • SSDEEP

    12288:OR8hjUV679Aa4Auw3gveB17cOT1WHWEQTe0udkuHgCNU7SY/qgjjmJ/:quK679Aa4Auw3gveB1TGWEQSzXY/tjq/

Malware Config

Extracted

Path

C:\Users\Admin\Documents\ZfV6ho_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .bDcebBDaC You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LWYwL2NpRTMrMlBPekl4RldZazNvLzRZdmNjWllKQUdQaVFNeWVPR2hVK0R3Nnh2b1RzaUNLOTRicm9ORDJEYXJwTzNaL0IrdEwvZFlPSCs5djFIa3M1Sm9KaDFiaTJ0RHFKTm9vOSsrMDZ6R0RPWTFmRTFqVlYyeHZxelI5Y0hhdWVMQTFLOU1KT3ZtaXpZeUx6M3ZJQ2NodGREMTdmdFhGSHBUWjM0ZndDUEFUNWxCM2JoY1ZpdHNtSGU0dUZCMGtDYUMyRkNnWHdaTjBjUjAyQzZjR1d5elNVL0pIU0RtU0JUK3Q0SjRwQUErTXBMdTcwbHhXS2MyWEVXUTVMeTZWc0loVGZlL3dORC9jOHAvYjBCbm9TdlNtUytrRUw0bTVSOVZGWndMYVRWOFE2RCtsV0RiQVIvMHBLRWJKbFdlVmZVOGp6QUdDSTYzMmJtZSt3NDNCNk1ndXFJT0tCcHlwQ3lXSVV4YzJyKzUyRjlVamFFTy9vTlFzMWlLcUZ2dUNaUXNBN3A1eGRtTWdtclpoR0Z0NU94T1c0bncrUVA0NmlqbngzL1BVUEhFNDhLNlZQR3FTdkJFbUl5MmxVekpRRzRKMVVydGJEZGhBWlVONUJ3Yys2OENDK0JuYlAvSjZ3TzVxY0g2MkY3TmZQM0JUVlFnN3lsYkxrbEFEQUZQTWlGRG5wSDJ4VEVyaEhrS05RZzNlTnlPdVdlSUlFeWpwcE9IUHh1c1ZTdEZjOC9ja3hMM1VNdHhMbEUwcWlUSEdrY3lBYVVjZnNqUkNhMUFQNEREeUcxZVhMKzBhMEYzU2xIS3U4NXNZNFNOaVJpZmoxZUdtNFFmQWpxWXgxQkV5eGt0ZTNqWUppVDkvWjgvQlFncU8xdHRiOEg2N3YxeGppeFdGZHY1NXlDTWhkcHRTbVE3c2MwdmpMSit4ZFJEcVFCdERqeC9SMjFhN05DV2g3VGxhMkx0cEhuT01wVEY1ZHNTckpXYTFUWGZ2aXpCTUZJK0VLc3JDN3dacWtVbkxLUnpCdkRtVHo4WnVndHRCZFY3MEhOTzBscHd2VXcwM0JYT0FqMUFvNStRa2JHRStudjZ5cTR2dkVlZlZCUVpCRzlNeEtkZi9LOTZCUDMxcHc4R3pRWEc3SitQTGhPbW53SHZKcy9iaWc4R3Blbi9TVjdScERjeGZuanVlaFhHbEhCUUZRWmRHa1ZNRVFCamNCL3RFRUhXcTVSUURiZXE3YjZOai9sd3hFMWlCbmtTL0syY1htR3VEZmxqN2VBdG9JdEw2TWpRR3NQZmhPM2NqVTg1elR5eFpoN2E4OXN1eHc4WGpqdEl4aXFjQXNlOE5rOHVaZXpJUzkzL1hDalJzR1F3cXoycEVuZzhVUjY3VWNJbHVzNjJDYTF3ejRVZnRrU2NEYVNVcEZLQXVSM0I4U01KbTdtNFVESjVxb1puaU40ZkFtMk94eENYZy91blptVCtwQzJCSlNGUTlxcEE1TjAzRndMVjFpUjhkMDhka28wZ1BnQ2RNQXJ5blBVY0RjbllHVXgxOHcyZ3o2SVFTRGNLRHNUc0hkZC8rTjR0QUIzNUI4YnRDM1g4ZmtBNys3OVRka3NxdlVrenUwQW9QZmpUWTJpbDd3eUQ0b2lZeHJhL2d2eERNaXZVYUNaQm9Yelg4RWpIVEJDU01wM1dnanNJYlJlZitlNUl2bGlpZWtuSXdESW5HUWp4L2FwcWtudDdtbGQzSy9PSGsxRGt6VnRCV1o3blBOSDNISzJ6cFE1aHJUQXhzMmNTcEhsd0VITHQvWUl6VjRLekxEZHdla056LzkzSHduWnZHbWkxcXhrRnp2WS84azh0VXV3NWhacVFXMlRpM2t1VFRuR21tWG84YWpHbUFHY3docWNQV1Q0OVM3RHJYNmRlRXRTemR3UjRZTGJmbFg1dllDd2lJMTNON0xkZHFjQnVva0hQR2dRcnJxdENYYjFYWmZrdEhsRkZUMVd2bzE5K3A3WllkL1NNQU5uMVpRd2pDb3orV1hzVU90U253MHVQRnN4Uy9mME9FRVNpL2VEVkRjTGcwdXpZdEVkbWNKU0FRalJkM0N3dlViWG5TMEFIVUxlbVFWRHY4RWFxVFVIcnp4V0w3bzZxNTRWQ1ZZdUpWYW8wVXIxRi93PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * 8
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Favorites\Microsoft Websites\ZfV6ho_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .bDcebBDaC You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LWYwL2NpRTMrMlBPekl4RldZazNvLzRZdmNjWllKQUdQaVFNeWVPR2hVK0R3Nnh2b1RzaUNLOTRicm9ORDJEYXJwTzNaL0IrdEwvZFlPSCs5djFIa3M1Sm9KaDFiaTJ0RHFKTm9vOSsrMDZ6R0RPWTFmRTFqVlYyeHZxelI5Y0hhdWVMQTFLOU1KT3ZtaXpZeUx6M3ZJQ2NodGREMTdmdFhGSHBUWjM0ZndDUEFUNWxCM2JoY1ZpdHNtSGU0dUZCMGtDYUMyRkNnWHdaTjBjUjAyQzZjR1d5elNVL0pIU0RtU0JUK3Q0SjRwQUErTXBMdTcwbHhXS2MyWEVXUTVMeTZWc0loVGZlL3dORC9jOHAvYjBCbm9TdlNtUytrRUw0bTVSOVZGWndMYVRWOFE2RCtsV0RiQVIvMHBLRWJKbFdlVmZVOGp6QUdDSTYzMmJtZSt3NDNCNk1ndXFJT0tCcHlwQ3lXSVV4YzJyKzUyRjlVamFFTy9vTlFzMWlLcUZ2dUNaUXNBN3A1eGRtTWdtclpoR0Z0NU94T1c0bncrUVA0NmlqbngzL1BVUEhFNDhLNlZQR3FTdkJFbUl5MmxVekpRRzRKMVVydGJEZGhBWlVONUJ3Yys2OENDK0JuYlAvSjZ3TzVxY0g2MkY3TmZQM0JUVlFnN3lsYkxrbEFEQUZQTWlGRG5wSDJ4VEVyaEhrS05RZzNlTnlPdVdlSUlFeWpwcE9IUHh1c1ZTdEZjOC9ja3hMM1VNdHhMbEUwcWlUSEdrY3lBYVVjZnNqUkNhMUFQNEREeUcxZVhMKzBhMEYzU2xIS3U4NXNZNFNOaVJpZmoxZUdtNFFmQWpxWXgxQkV5eGt0ZTNqWUppVDkvWjgvQlFncU8xdHRiOEg2N3YxeGppeFdGZHY1NXlDTWhkcHRTbVE3c2MwdmpMSit4ZFJEcVFCdERqeC9SMjFhN05DV2g3VGxhMkx0cEhuT01wVEY1ZHNTckpXYTFUWGZ2aXpCTUZJK0VLc3JDN3dacWtVbkxLUnpCdkRtVHo4WnVndHRCZFY3MEhOTzBscHd2VXcwM0JYT0FqMUFvNStRa2JHRStudjZ5cTR2dkVlZlZCUVpCRzlNeEtkZi9LOTZCUDMxcHc4R3pRWEc3SitQTGhPbW53SHZKcy9iaWc4R3Blbi9TVjdScERjeGZuanVlaFhHbEhCUUZRWmRHa1ZNRVFCamNCL3RFRUhXcTVSUURiZXE3YjZOai9sd3hFMWlCbmtTL0syY1htR3VEZmxqN2VBdG9JdEw2TWpRR3NQZmhPM2NqVTg1elR5eFpoN2E4OXN1eHc4WGpqdEl4aXFjQXNlOE5rOHVaZXpJUzkzL1hDalJzR1F3cXoycEVuZzhVUjY3VWNJbHVzNjJDYTF3ejRVZnRrU2NEYVNVcEZLQXVSM0I4U01KbTdtNFVESjVxb1puaU40ZkFtMk94eENYZy91blptVCtwQzJCSlNGUTlxcEE1TjAzRndMVjFpUjhkMDhka28wZ1BnQ2RNQXJ5blBVY0RjbllHVXgxOHcyZ3o2SVFTRGNLRHNUc0hkZC8rTjR0QUIzNUI4YnRDM1g4ZmtBNys3OVRka3NxdlVrenUwQW9QZmpUWTJpbDd3eUQ0b2lZeHJhL2d2eERNaXZVYUNaQm9Yelg4RWpIVEJDU01wM1dnanNJYlJlZitlNUl2bGlpZWtuSXdESW5HUWp4L2FwcWtudDdtbGQzSy9PSGsxRGt6VnRCV1o3blBOSDNISzJ6cFE1aHJUQXhzMmNTcEhsd0VITHQvWUl6VjRLekxEZHdla056LzkzSHduWnZHbWkxcXhrRnp2WS84azh0VXV3NWhacVFXMlRpM2t1VFRuR21tWG84YWpHbUFHY3docWNQV1Q0OVM3RHJYNmRlRXRTemR3UjRZTGJmbFg1dllDd2lJMTNON0xkZHFjQnVva0hQR2dRcnJxdENYYjFYWmZrdEhsRkZUMVd2bzE5K3A3WllkL1NNQU5uMVpRd2pDb3orV1hzVU90U253MHVQRnN4Uy9mME9FRVNpL2VEVkRjTGcwdXpZdEVkbWNKU0FRalJkM0N3dlViWG5TMEFIVUxlbVFWRHY4RWFxVFVIcnp4V0w3bzZxNTRWQ1ZZdUpWYW8wVXIxRi93PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * V9QX2
URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Default\ZfV6ho_readme_.txt

Family

avaddon

Ransom Note
-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .bDcebBDaC You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- NTc2LWYwL2NpRTMrMlBPekl4RldZazNvLzRZdmNjWllKQUdQaVFNeWVPR2hVK0R3Nnh2b1RzaUNLOTRicm9ORDJEYXJwTzNaL0IrdEwvZFlPSCs5djFIa3M1Sm9KaDFiaTJ0RHFKTm9vOSsrMDZ6R0RPWTFmRTFqVlYyeHZxelI5Y0hhdWVMQTFLOU1KT3ZtaXpZeUx6M3ZJQ2NodGREMTdmdFhGSHBUWjM0ZndDUEFUNWxCM2JoY1ZpdHNtSGU0dUZCMGtDYUMyRkNnWHdaTjBjUjAyQzZjR1d5elNVL0pIU0RtU0JUK3Q0SjRwQUErTXBMdTcwbHhXS2MyWEVXUTVMeTZWc0loVGZlL3dORC9jOHAvYjBCbm9TdlNtUytrRUw0bTVSOVZGWndMYVRWOFE2RCtsV0RiQVIvMHBLRWJKbFdlVmZVOGp6QUdDSTYzMmJtZSt3NDNCNk1ndXFJT0tCcHlwQ3lXSVV4YzJyKzUyRjlVamFFTy9vTlFzMWlLcUZ2dUNaUXNBN3A1eGRtTWdtclpoR0Z0NU94T1c0bncrUVA0NmlqbngzL1BVUEhFNDhLNlZQR3FTdkJFbUl5MmxVekpRRzRKMVVydGJEZGhBWlVONUJ3Yys2OENDK0JuYlAvSjZ3TzVxY0g2MkY3TmZQM0JUVlFnN3lsYkxrbEFEQUZQTWlGRG5wSDJ4VEVyaEhrS05RZzNlTnlPdVdlSUlFeWpwcE9IUHh1c1ZTdEZjOC9ja3hMM1VNdHhMbEUwcWlUSEdrY3lBYVVjZnNqUkNhMUFQNEREeUcxZVhMKzBhMEYzU2xIS3U4NXNZNFNOaVJpZmoxZUdtNFFmQWpxWXgxQkV5eGt0ZTNqWUppVDkvWjgvQlFncU8xdHRiOEg2N3YxeGppeFdGZHY1NXlDTWhkcHRTbVE3c2MwdmpMSit4ZFJEcVFCdERqeC9SMjFhN05DV2g3VGxhMkx0cEhuT01wVEY1ZHNTckpXYTFUWGZ2aXpCTUZJK0VLc3JDN3dacWtVbkxLUnpCdkRtVHo4WnVndHRCZFY3MEhOTzBscHd2VXcwM0JYT0FqMUFvNStRa2JHRStudjZ5cTR2dkVlZlZCUVpCRzlNeEtkZi9LOTZCUDMxcHc4R3pRWEc3SitQTGhPbW53SHZKcy9iaWc4R3Blbi9TVjdScERjeGZuanVlaFhHbEhCUUZRWmRHa1ZNRVFCamNCL3RFRUhXcTVSUURiZXE3YjZOai9sd3hFMWlCbmtTL0syY1htR3VEZmxqN2VBdG9JdEw2TWpRR3NQZmhPM2NqVTg1elR5eFpoN2E4OXN1eHc4WGpqdEl4aXFjQXNlOE5rOHVaZXpJUzkzL1hDalJzR1F3cXoycEVuZzhVUjY3VWNJbHVzNjJDYTF3ejRVZnRrU2NEYVNVcEZLQXVSM0I4U01KbTdtNFVESjVxb1puaU40ZkFtMk94eENYZy91blptVCtwQzJCSlNGUTlxcEE1TjAzRndMVjFpUjhkMDhka28wZ1BnQ2RNQXJ5blBVY0RjbllHVXgxOHcyZ3o2SVFTRGNLRHNUc0hkZC8rTjR0QUIzNUI4YnRDM1g4ZmtBNys3OVRka3NxdlVrenUwQW9QZmpUWTJpbDd3eUQ0b2lZeHJhL2d2eERNaXZVYUNaQm9Yelg4RWpIVEJDU01wM1dnanNJYlJlZitlNUl2bGlpZWtuSXdESW5HUWp4L2FwcWtudDdtbGQzSy9PSGsxRGt6VnRCV1o3blBOSDNISzJ6cFE1aHJUQXhzMmNTcEhsd0VITHQvWUl6VjRLekxEZHdla056LzkzSHduWnZHbWkxcXhrRnp2WS84azh0VXV3NWhacVFXMlRpM2t1VFRuR21tWG84YWpHbUFHY3docWNQV1Q0OVM3RHJYNmRlRXRTemR3UjRZTGJmbFg1dllDd2lJMTNON0xkZHFjQnVva0hQR2dRcnJxdENYYjFYWmZrdEhsRkZUMVd2bzE5K3A3WllkL1NNQU5uMVpRd2pDb3orV1hzVU90U253MHVQRnN4Uy9mME9FRVNpL2VEVkRjTGcwdXpZdEVkbWNKU0FRalJkM0N3dlViWG5TMEFIVUxlbVFWRHY4RWFxVFVIcnp4V0w3bzZxNTRWQ1ZZdUpWYW8wVXIxRi93PT0= -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * LIXtroCI
URLs

http://avaddonbotrxmuyl.onion

Signatures

  • Avaddon

    Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.

  • UAC bypass 3 TTPs 2 IoCs
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

  • Renames multiple (179) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Interacts with shadow copies 2 TTPs 3 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 63 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • System policy modification 1 TTPs 3 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc95a8d100f70d0fbf4af14e852aa108bdb0e36db4054c3f60b3515818a71f46.exe
    "C:\Users\Admin\AppData\Local\Temp\cc95a8d100f70d0fbf4af14e852aa108bdb0e36db4054c3f60b3515818a71f46.exe"
    1⤵
    • UAC bypass
    • Checks whether UAC is enabled
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2200
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1984
    • C:\Windows\SysWOW64\vssadmin.exe
      vssadmin.exe Delete Shadows /All /Quiet
      2⤵
      • Interacts with shadow copies
      PID:2452
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2968
    • C:\Windows\SysWOW64\vssadmin.exe
      vssadmin.exe Delete Shadows /All /Quiet
      2⤵
      • Interacts with shadow copies
      PID:2652
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2852
    • C:\Windows\SysWOW64\vssadmin.exe
      vssadmin.exe Delete Shadows /All /Quiet
      2⤵
      • Interacts with shadow copies
      PID:2656
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Documents\ZfV6ho_readme_.txt

    Filesize

    3KB

    MD5

    76805ecdddcb52a769ce60100dffef3c

    SHA1

    00daffe57a804b48dda1b58de352707f2299a38e

    SHA256

    963dacb7abc995307fb8bf4d422027acda5b975409e316cc37e34d85157fd527

    SHA512

    813ae63e54f79e01e67340773239536bcbda30c7fa73944ac7b8cc3de52375e44993c2a4620c1b955cb3de03fa576248fbbd6a5f54cdc0cb0ca6e624aa16bf2a

  • C:\Users\Admin\Favorites\Microsoft Websites\ZfV6ho_readme_.txt

    Filesize

    3KB

    MD5

    3d57dc5d94f3de41b17159714f944d1e

    SHA1

    32f31c93d988607866d655099e6ef804bfa85d10

    SHA256

    188c8cebf2cb78597888cc3fb47f961ab1c1d97bffb592084419fe93de7714f8

    SHA512

    304c093cac84723866bbb16b7907cba0470fc747b7a220eef07ce07eb7c773d64dbd254fbfcaa2f5f9fe0d18c7cf3a0214c9afe0baf9a77befd13dacf41fb84e

  • C:\Users\Default\ZfV6ho_readme_.txt

    Filesize

    3KB

    MD5

    00428c6a0c312872095702b80b55c1c8

    SHA1

    70c70d0b837f045a69a3ef60cafb4dc4fda767ae

    SHA256

    657677b076e5581bee280fe21c7da0dc5274979b43b3e078e1f046d410d2fbbf

    SHA512

    dc5aee6cec1accf2c6b0d4330e2d6b3b5c11b9b27c4dc61918d3f5363c00d4dfb7687b9f08a7c2737a7d94dce70e39525b8d4d6e0b2b8e6a90ad0bc0a3512b8e