Overview

overview

10

Static

static

10

0bcaab2d6a...18.exe

windows11-21h2-x64

10

Resubmissions

01-05-2024 16:41

240501-t6493sdf43 10

01-05-2024 12:24

240501-pk4dfagh25 10

Analysis

  • max time kernel
    1049s
  • max time network
    1050s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01-05-2024 16:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0bcaab2d6aae4221ae17527874cd1167_JaffaCakes118.exe

  • Size

    164KB

  • MD5

    0bcaab2d6aae4221ae17527874cd1167

  • SHA1

    682cef7ee433feb06c1db1d445f9618eeff5eb95

  • SHA256

    dd7c40b211a54f1c860c85af0f488cf3aab9608041294f281261b636b59e494d

  • SHA512

    72a089cf1294ef7fc6d2f0b3e706e46b99be97bbb9f018f45f5c954673006f3f8bda683f7b62f0de91202f5873ff0abe23befc8e2558ef3283c6d13e74a9e08e

  • SSDEEP

    3072:70XoUeZ/DVS8L7flcMTeYWikGLvFfdL+qaXgOvGwZxC4:7eoUeZRlcYxWYTFflnaPvGe

Score
10/10
sodinokibipersistenceransomware

Malware Config

Extracted

Path

C:\Recovery\mm660g-readme.txt

Family

sodinokibi

Ransom Note
---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion mm660g. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/65E07B142510055C 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.top/65E07B142510055C Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: i0GIFiIWojifpPaW9DdMHYrxGrDuK3WuFDEHJXQhklCChkvfV6Qo7thXxWlJx7T9 iQcCmOuNiajQ+iurVd3RwxIMGgNDC9q0u6pBbiwiDJ1F6qIJ782hG9Dc/YYHm7im Zcs5gUsxze+bEQ95jSbGiX/yoxC5Hh4nKmwoqRsORjEL0PJUXqDnS8OZN0lndWhF jyj3MrAIo9lTYw+RberwzXHBZPSexDPDkLJ+aABlygtOUBTmATiw/qOq0VMujQkX /K8bPWlyI5TWS+uIci/pameu0mIzIU7nVGRPvN7t3/YOQ2yONW6H5L8g3C+RS+LJ xZw7BKioqH2XGvgj5DNjm48ITO3j3LKDPoSQFB4hl2pqndpz0enJB4qcUxULmec9 h1SqpB6pI+VSeEdIFIiEHFis3pwCBlzI+AOBRtRGiE4618P8PXuJntMDU7d9IvEs W4lKZnPG97OpXPU+ua9J9KM9EznMIGeB7A54Bw+rsk/ESTyEHWMcMrRCEmEPHim2 XRbvDJjv9HGbdr+CN9wSJnONCTehLnuihmjDfEblUG5/fzlvGrq6wb4tEJnRH9mv ugsdBMBL4uh6zvzvUFYkZfns4cTS4MBsv3WHwIetsXnI/Ua/92i7jLlAOdfCP4xh 3fEXlmyE2tlKWavG6aAptf7O6PudUZ/9L4uhh363FoadifkZod6rYS3x58JH0UQx SMdzXY4u/HtkmGQeDOf3KGcg3qy0E8UAJ0H4nSM1HdaWsYbj9v0cb3KC2fjXESHi yqL4E5BaD16eQEW+Ni1Ru2R/B0kJ7Er507oFNyY/nEWlpCwkl9lWNfJ1YcEajH9W RTxntNLm7+EKQqDLv0iglT88mS5bdFM6WvCVwMkCz6xleS1Um6uaLXBbdfqQKvpu xOyq6ttLfrW0gLqtb1Y7i2fB7JtXdz0vx1x0XWD/NGEZ7GCuGA8vYv68JjDGRHon uXDB6v0xZQoTj4eOZBVyUBiDqzVvzW/uil58GaD2dpbdtLbtETyR4QVbXYeaaLc5 niPAvs1FtwTzf0oVi/I0bKrkHV+W2ZuHkXS6aY8MRPCsjoM+tpuop0ias+2+vLgq bwMK7SxGDyQs9kLfe4vVE8FtGQppAQlFY1zTDuSjZLdjLko12O2Jg6NJFNEyFbS3 nTllOzJNduWCXIYZW9Gfmw1adDjkYgk1/hepEJv2qRsDTWAewihDcqpAQCeJW5+i QoSTB0LdKTAeeckXon/OmVsN Extension name: mm660g ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!
URLs

http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/65E07B142510055C

http://decryptor.top/65E07B142510055C

Extracted

Path

C:\Users\Public\Desktop\mm660g-readme.txt

Family

sodinokibi

Ransom Note
---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion mm660g. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/65E07B142510055C 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.top/65E07B142510055C Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: i0GIFiIWojifpPaW9DdMHYrxGrDuK3WuFDEHJXQhklCChkvfV6Qo7thXxWlJx7T9 iQcCmOuNiajQ+iurVd3RwxIMGgNDC9q0u6pBbiwiDJ1F6qIJ782hG9Dc/YYHm7im Zcs5gUsxze+bEQ95jSbGiX/yoxC5Hh4nKmwoqRsORjEL0PJUXqDnS8OZN0lndWhF jyj3MrAIo9lTYw+RberwzXHBZPSexDPDkLJ+aABlygtOUBTmATiw/qOq0VMujQkX /K8bPWlyI5TWS+uIci/pameu0mIzIU7nVGRPvN7t3/YOQ2yONW6H5L8g3C+RS+LJ xZw7BKioqH2XGvgj5DNjm48ITO3j3LKDPoSQFB4hl2pqndpz0enJB4qcUxULmec9 h1SqpB6pI+VSeEdIFIiEHFis3pwCBlzI+AOBRtRGiE4618P8PXuJntMDU7d9IvEs W4lKZnPG97OpXPU+ua9J9KM9EznMIGeB7A54Bw+rsk/ESTyEHWMcMrRCEmEPHim2 XRbvDJjv9HGbdr+CN9wSJnONCTehLnuihmjDfEblUG5/fzlvGrq6wb4tEJnRH9mv ugsdBMBL4uh6zvzvUFYkZfns4cTS4MBsv3WHwIetsXnI/Ua/92i7jLlAOdfCP4xh 3fEXlmyE2tlKWavG6aAptf7O6PudUZ/9L4uhh363FoadifkZod6rYS3x58JH0UQx SMdzXY4u/HtkmGQeDOf3KGcg3qy0E8UAJ0H4nSM1HdaWsYbj9v0cb3KC2fjXESHi yqL4E5BaD16eQEW+Ni1Ru2R/B0kJ7Er507oFNyY/nEWlpCwkl9lWNfJ1YcEajH9W RTxntNLm7+EKQqDLv0iglT88mS5bdFM6WvCVwMkCz6xleS1Um6uaLXBbdfqQKvpu xOyq6ttLfrW0gLqtb1Y7i2fB7JtXdz0vx1x0XWD/NGEZ7GCuGA8vYv68JjDGRHon uXDB6v0xZQoTj4eOZBVyUBiDqzVvzW/uil58GaD2dpbdtLbtETyR4QVbXYeaaLc5 niPAvs1FtwTzf0oVi/I0bKrkHV+W2ZuHkXS6aY8MRPCsjoM+tpuop0ias+2+vLgq bwMK7SxGDyQs9kLfe4vVE8FtGQppAQlFY1zTDuSjZLdjLko12O2Jg6NJFNEyFbS3 nTllOzJNduWCXIYZW9Gfmw1adDjkYgk1/hepEJv2qRsDTWAewihDcqpAQCeJW5+i QoSTB0LdKTAeeckXon/OmVsN Extension name: mm660g ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!! kys
URLs

http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/65E07B142510055C

http://decryptor.top/65E07B142510055C

Signatures

  • Sodin,Sodinokibi,REvil

    Ransomware with advanced anti-analysis and privilege escalation functionality.

    ransomwaresodinokibi
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 25 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 35 IoCs
  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 13 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\0bcaab2d6aae4221ae17527874cd1167_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0bcaab2d6aae4221ae17527874cd1167_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -e RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBEAGUAbABlAHQAZQAoACkAOwB9AA==
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:5112
  • C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe -Embedding
    1⤵
      PID:3876
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:692
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\mm660g-readme.txt
      1⤵
        PID:1756
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
        1⤵
          PID:1688
        • C:\Windows\system32\OpenWith.exe
          C:\Windows\system32\OpenWith.exe -Embedding
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:560

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Recovery\mm660g-readme.txt
          Filesize

          6KB

          MD5

          4f04a561f5ea58bd1525270219e20a5c

          SHA1

          32b1a2b9c048416ac4eb1ff170f969d7ac7b4792

          SHA256

          5ba4f2a8b87eaf9de042472710fcbee2290ca96394fa16d64e2972993db0d84c

          SHA512

          997e19fbef5b456cb7c42557b6f8727567bb19d6c5d8829679f054ae39643ccfd43bc2fb88ca04d3304767649a0fc284d7b987bf21888e3c641ce04d8dbcd3c6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xr1awhnp.ppu.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • C:\Users\Admin\Desktop\AddSkip.xltm.mm660g
          Filesize

          348KB

          MD5

          758767306a59b9b8eef04bb6e917d071

          SHA1

          58bae640adb8a7c2572494b2d95646497fb882dc

          SHA256

          24bb2724f2d31531754c85984d13e951b2f53581bdfc74135067196d598dc0ea

          SHA512

          deda7870d9d90a578d0afb56e61885118ba00bb1118059b87d82f14123cf818e274a180c7e0478a515efad39aed4ff10678db13fd2877eb5af7c0108c1def515

          Download Submit

        • C:\Users\Admin\Desktop\CheckpointRepair.aif.mm660g
          Filesize

          528KB

          MD5

          097523b5226dd21697a1d453c0f966a1

          SHA1

          76694040b5adb5d3b12472f45eb6cc54da5409ff

          SHA256

          4f6b40afebc9ede6aa2780558966de1ac45eb9116f5fc820c68caff872371aeb

          SHA512

          4198f8287ac1331f71222ff46c725253c762335d3fcc5eaec8a637d8b6901064b220975e1530c53de72a4381a7df17861ca77b29975b5f61ce6c9c3847f57f61

          Download Submit

        • C:\Users\Admin\Desktop\ConvertConvertFrom.3gp.mm660g
          Filesize

          573KB

          MD5

          aebd0b47b7864a5511d3d98a9d42b262

          SHA1

          d0770d3fa31a5f78455528f43897101703f52c84

          SHA256

          6e98224de2fb4b2e59c4efcc3ae0d7c4f5a9621195b1cffff102f0f09b3ac932

          SHA512

          32acc878b575321ca21df4b748157134da2aaec51959aff680637e20b5f1af408e1b9ac831b376071e8079ee319f9330aaaa08bf500d1dbc54391c876ff641e7

          Download Submit

        • C:\Users\Admin\Desktop\DebugRevoke.xps.mm660g
          Filesize

          820KB

          MD5

          87444498a20a6c80b3481bccc501321a

          SHA1

          6e702a78aa09ddf73750c0ce5004cd544ea9d6a6

          SHA256

          5b574c5d261f54c098c7714d53e4b08d1920e7598d428d2ac2b2af215aba59d5

          SHA512

          78d5929f132a245bb815c33e887dc6492a76c4f45f5d2fa3bba6ae98c88404f4e030277bd5fdd0b4a50b2f1ccc8d6c18ff26d1888585adb7332359303963ea01

          Download Submit

        • C:\Users\Admin\Desktop\EnableInitialize.cfg.mm660g
          Filesize

          753KB

          MD5

          a5c048f00c6d46453e1bba116337327b

          SHA1

          4382d35237645baf0f617a5d0eb7c744df728774

          SHA256

          e98f5f6150cdcd446928769d37ca9c4ce9ac3367de71100f79df376203ab6472

          SHA512

          8ed38959f1b7b9b93f80aadb20c2288c67c2c6aef797c620450c80e51de234cbeb7ab28c0f5133e425726fb2713fa55505fa0dcd1df14f7fd700d6080fdefdd2

          Download Submit

        • C:\Users\Admin\Desktop\ExpandFormat.rtf.mm660g
          Filesize

          1.2MB

          MD5

          b6194ab396abc7fc750a675469b328ba

          SHA1

          5aec51232d78023f302896d73e8f00e546c3df39

          SHA256

          109f85d861e75d21717428d77e9a7167be33867eae357c4113b9dac6380613d5

          SHA512

          42720a4f96f6ffa41fda405ccb62372d1b5c96c96156ad8466d6d27c29709984a452dd91f631018eebe4e7ffd854fe60d0bdf17db2cbaa1254e0a30b795d6511

          Download Submit

        • C:\Users\Admin\Desktop\ExportCompare.wmv.mm660g
          Filesize

          663KB

          MD5

          a3e78eba6982625f7f7a71c0158bd3cf

          SHA1

          8e6ae74b9ad62e3b6fb3cfa2446af453a51f6489

          SHA256

          fdbee5d6a9a503ed4a3d80473995179bebbecae4123ec8326019a0d63f537428

          SHA512

          b56839896b04d55c63401fd3f7cd55262a8a5051b3260cf5232d1fa97ccd19d7b6272967782800fcf4702aa51b8f74215803bb5bdf536cbf2e22b59f0fe7d180

          Download Submit

        • C:\Users\Admin\Desktop\GroupDeny.docx.mm660g
          Filesize

          708KB

          MD5

          bb4e97dc9402d4f5de3c7b6137197dc5

          SHA1

          6c53cca5677f66d0da8e641af5850b4bc6910fb9

          SHA256

          69f8213fc7f6b3b07698d9d053bceedfa42a03b59cf7d5b526a861dcd6b99840

          SHA512

          b3071179fccc96460d3358c7e4c2e7c1290d3966be6b0638ca31395c0c880f53b47ccebbbaf61b6fef7e772a2e376068b468d230374061052c596da9add2cc45

          Download Submit

        • C:\Users\Admin\Desktop\HideDisable.gif.mm660g
          Filesize

          618KB

          MD5

          993a8e0691c3ca48204e08147d455484

          SHA1

          9537944e6fa523c23f1c11f79e454409616ea1df

          SHA256

          bed91c412af0ca2c12edd2fc564efffe4c2bdf9c65b0bd4328020e15113569f6

          SHA512

          09ebe39f670330d16bbe110ed9f10698130049a5457778d5b8122d55f744aed8bd52a1218a130899fca2b44b44ccbfdf428422c351fb1f9a96ca45a9534ce070

          Download Submit

        • C:\Users\Admin\Desktop\InstallConvertTo.wvx.mm660g
          Filesize

          303KB

          MD5

          fb22b58ca52b4d10e97035af489e07e0

          SHA1

          4e94903cccc03e15bd3f95d6501bafa0e174bb70

          SHA256

          29288c45167635cf8a23096deb0d8ea00637724b72694db0c27d3cf0459bb509

          SHA512

          d94e4c320aab925d85144fff2529558fd7c799d65ae0fad7e72ea5082a2acf07783ce33253bb570dd7bd340dd633ec86146eca29b9602eee58e104b4fba01142

          Download Submit

        • C:\Users\Admin\Desktop\InvokeOut.ppsx.mm660g
          Filesize

          483KB

          MD5

          d25a514819220e9b11ae957f91bb8881

          SHA1

          90efb22233e206038386f9522dfe356203097782

          SHA256

          38e0c3ae4bbcf0716a3bf721beec744afe77b56a30f52759c37df020f2820558

          SHA512

          3da0759392d161a7a8648a982b0e188f28d7f7e568f02609fb4df472607762bd73468ed2327bb669a72db8230074ed16fbce0c8b8981947d9f471e63267fe043

          Download Submit

        • C:\Users\Admin\Desktop\MergePop.exe
          Filesize

          505KB

          MD5

          8f807f189a121a998ed408015656f03f

          SHA1

          6609d98ac263befe31523b76d0af7ce1100da4e6

          SHA256

          716a47abac3b7b3a1b98e99c2a01992603f36dd5c75205e3dbf4ee4c4cc1153f

          SHA512

          eb8353376e12a6076d99de87ee1b1c22493fd02b59d94ac62945b6acb01b6ea5baa919fe55fd74b77531c3d2dcdf3e6cecaf0453ea2ae329d61490c3a03fae7c

          Download Submit

        • C:\Users\Admin\Desktop\MergeRename.odt.mm660g
          Filesize

          438KB

          MD5

          798c68f1c2d7accde5dfb9b648109d7b

          SHA1

          62deea54c33691eed41769a699b7f03d5f14fa50

          SHA256

          5c2cfb9f041d9a0fd578ca9f57244a2058b8a0e8d3b3575ed8a81e933d2e0733

          SHA512

          f8c962709bf4bad594ad3cda360dce983479c3d13a564f0f69aaa4d2d4d2f0b711018e5349c33d448cc8a26ecb42e271acfee5aa6c8428f1109af17b7b1954b8

          Download Submit

        • C:\Users\Admin\Desktop\MergeReset.csv.mm660g
          Filesize

          685KB

          MD5

          52cef770d58c3a171f740d55aac7fa3a

          SHA1

          38be38411feaa41b73f9ab5147d1eaa0f23e35c1

          SHA256

          a4c9715ba321f1f7bc0285ddfbff33b56179945b2d75f25517edf62e40e63e11

          SHA512

          d157abe1369f02c0627d1483c039812441fe30992e6d0e69f906cf4ad054d9b95c76a4ec989e70f6962d0409c5bf5d499d302f66195234802937d0e6318795f5

          Download Submit

        • C:\Users\Admin\Desktop\PopConvert.ADT.mm660g
          Filesize

          460KB

          MD5

          6f59da905afe3b9401fda8b7920ae850

          SHA1

          b9c5bf4389d9fa4eb8a46711fa300917cbb9d1bc

          SHA256

          072da01a3356d3d12324775aa6c0f225b4746db9567ffebe092751d745e9cc3e

          SHA512

          f80277313be6a74c27788338454c47bc7aac828803c3ac551d064c50ca143dd9aebd5323aeae6de4ae1ec94275b3b4b78808aa44ac0bf25599d26d886249f81d

          Download Submit

        • C:\Users\Admin\Desktop\ProtectRevoke.zip.mm660g
          Filesize

          371KB

          MD5

          c1ad15b4876ea944be700c321a60f932

          SHA1

          c68b0b45bc15dc9ca09ea178e8d8e3c0a341578f

          SHA256

          b7938c10e8463928e12e6d645db6c8caefd9d2d1d3a6b22717a28ac81bd5bc9e

          SHA512

          8589560a341676045189894c362b03bfcddac36fa42929a89badfc3da0d61e13cbb935c84dc9792f8c0e397c9da73fcbbcf11ea6cdbb3dc0dfbaf667f36920f5

          Download Submit

        • C:\Users\Admin\Desktop\ResizeRestore.rmi.mm660g
          Filesize

          640KB

          MD5

          cb2be0446bc72b378c86c8ed81300fc6

          SHA1

          9a2c3bdf378a89b7d8903e5e816cee30a2359cce

          SHA256

          c254ddf40b6999e5772b2b3dbcbd63333b8a7cafda178c686aeff66553a7fb76

          SHA512

          7dc13b9802f60b47e04cfe00c928af1f97e167034f2dbd264192985ee1daa5b69831be8fb1fa567ade1ff79bc80b0b9943868bafb5cd35acfea454c19a2f4bc5

          Download Submit

        • C:\Users\Admin\Desktop\RestartUnregister.aif.mm660g
          Filesize

          843KB

          MD5

          4bb4da60c489c89ffd5574b50d58c4a5

          SHA1

          6808d3c6e3f906bc7cf5d7665105fdc4c2c4300c

          SHA256

          f5e947912729ac2c370b82e626233f6199448f9d2c4f76fedf627684562aece9

          SHA512

          5b0fd4068d7b6e140d18618bb7fed38ed21e6143cfe0d97b97f98e2202a4015c1b52e592af8bebc33c1a3283a687548f0afb0ba90a4a6e238f6b3f9d92a335a9

          Download Submit

        • C:\Users\Admin\Desktop\SearchTest.mp4v.mm660g
          Filesize

          730KB

          MD5

          9cb1aaf3c4ca25c5ecc32c1eb4a430f0

          SHA1

          881e5ff8e7fb2f49343ac8a18ea8b88a15d7e284

          SHA256

          f46e8db1235f923442d51ede43feb31bcc1193ba7284e0da660ee02d870ead89

          SHA512

          9cf567bb9dc55a29b38a11ad48e1b09218021f69835b2431799c2cb495a1472d4e9189441ad114bb225082dda4d8212b6f170478cc1d6b4c37a168e56f7a6855

          Download Submit

        • C:\Users\Admin\Desktop\SkipBackup.php.mm660g
          Filesize

          775KB

          MD5

          2b05f6f91c644a96c30364538efde4c5

          SHA1

          bfd87b19be0fb4a054894d10dcd038463acde653

          SHA256

          7295cbcc82a54319ec8f64b14719308a73dc2d1a581001cffc411d2b85cfd7cb

          SHA512

          3fb6f9aa95af79591f478f93b51cb4178a70d5fca757db669ab39b0766f793b9264876bf2a878af33293feb9fd75cb385031aa8760c8b072e609eaeeb546692f

          Download Submit

        • C:\Users\Admin\Desktop\SwitchEnable.wmv.mm660g
          Filesize

          798KB

          MD5

          abf91013b3a2891d035013833f757f6b

          SHA1

          d8285f1e2d98d3539f5de81dbe51e3603594518d

          SHA256

          8e93d0265e69ee9b3ceb9b15286fecd2babab9d54680767c24354106eb18c493

          SHA512

          ccdeb3099d4b28165beecd6f75d16fef839cb5adff74e162544c1870fea3e4224bdd864d11539c19a976f5f3c147311cebf28161b1d148a55b9c29c8166f1f8b

          Download Submit

        • C:\Users\Admin\Desktop\TraceSuspend.mov.mm660g
          Filesize

          550KB

          MD5

          2567b62168b866ccc95f9bfde8bf7b1e

          SHA1

          a706093251d56cc88b4ba5c4dc7122758ceac0fc

          SHA256

          3eb58d8e3ab49a87ab5991cc8c97123eba4e32edeadeec5de6aa4fdfff82a8fd

          SHA512

          2818495157326232b6e0df68c36ec97ffe140ae4d53eff7f6a96a012fbf4cde263536f686ee939b18522462e196b9e88f433b404b6590b17e19b7c8ca189b18e

          Download Submit

        • C:\Users\Admin\Desktop\UninstallExport.aif.mm660g
          Filesize

          416KB

          MD5

          b4e662ccd4ef78a354985870b1709efe

          SHA1

          bb17fe3ac7ef0ad826f7e885c41b4fc67102c5fc

          SHA256

          9e604ae94bc2b0aea4c27d867450fb8207a1d7e98813464e421e4bb00fb57a55

          SHA512

          a67136ea23b1e37ef198647931a69673cfb6d76bcad3a5db61ad9637bee07bd2614cdd683b319f9d1ce9cf2c446615550173229dc06403f3032e748c4238b066

          Download Submit

        • C:\Users\Admin\Desktop\UnlockRevoke.asp.mm660g
          Filesize

          595KB

          MD5

          775059c92713cbc2b0415036d25d915c

          SHA1

          998bcfcea92e16e4624f955054429e439b13fa93

          SHA256

          10268355597af2e3388c7cc9975dbd42089535b5ae7dd486ca6326bc04fbcbfb

          SHA512

          0e29a0a240af66c415f24375cddd1b02355e3e2ab46fa977d2387678b4faed913d27125c8cb6f337f07f3a9e9c75ace7358ff76c7a3e765456d98dc9a90d8e9e

          Download Submit

        • C:\Users\Admin\Desktop\UnregisterSet.tmp.mm660g
          Filesize

          865KB

          MD5

          aa8207fa81339ff0c540edc8e48e10be

          SHA1

          9586b448ae8c2ff500691b78c70537093703330d

          SHA256

          9a8dc268142a703e89a7d3f2f1be89e257e2eb5c7e13caed7fa3ef541ca0cb7a

          SHA512

          d148567d249ca558dd71016e2a956027a8082708923da84c73a30744c32425d9c845e0d89164ce4b2e99714734fe7dbb3c5b48ea5a86a18ac52200597eede7ef

          Download Submit

        • C:\Users\Admin\Desktop\UpdateExit.crw.mm660g
          Filesize

          393KB

          MD5

          27f185230e6bc0da666c52d80d476814

          SHA1

          b83ef6bd9483b46ef2c00c14366c1dffdc247492

          SHA256

          83a95dcebf879d85e6b78b360db7ca7553613f5e0c339d2432945afdbccb1f67

          SHA512

          4020f154f71bf0dda69ee392bd384fbc3e16b14ab44db7c5eeb37e0b123cce6233d083db61a291a45c392ec11490960be5dde69873966c3b55e9fb0410538ac6

          Download Submit

        • C:\Users\Admin\Desktop\UseSync.gif.mm660g
          Filesize

          326KB

          MD5

          67b83a265cccc17e6018c9d6bd3aef95

          SHA1

          675531b9468c46e0e50b163659e070020b2ab07b

          SHA256

          9bb5a48a22eaecfb6f422cd49a11f14358b6b9531b5691bc5e745afbed653abc

          SHA512

          f0b4d1014ff98264ff735ea718d36e65c928aef8000611a35be1b0a2d653604ea90cccd8650723b241a72eeef2b8e163dace4694f0c4e43a16dbc5eef0487b70

          Download Submit

        • C:\Users\Public\Desktop\mm660g-readme.txt
          Filesize

          6KB

          MD5

          a39f021abd13972613b14b8f0011c8e6

          SHA1

          85c5f4c79ce4a496b8d1d6bbc8f37738bb586a4c

          SHA256

          fe7efa1d7a316b90a71362662ae6275d16310b25c577423acd12bc254f0cbaf7

          SHA512

          9a76c685cdf8bb7bb92b2256d6514a464283ec8732da61eb4f92945bfa4ad358e87a5590bf87c07d71d52e86236b9cb1e62a5c73501499849cb5b51cde4a9ce2

          Download Submit

        • memory/5112-0-0x00007FFCB8293000-0x00007FFCB8295000-memory.dmp

          Filesize

          8KB

          Download

        • memory/5112-15-0x00007FFCB8290000-0x00007FFCB8D52000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5112-12-0x00007FFCB8290000-0x00007FFCB8D52000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5112-11-0x00007FFCB8290000-0x00007FFCB8D52000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5112-10-0x00007FFCB8290000-0x00007FFCB8D52000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/5112-1-0x000002551C7B0000-0x000002551C7D2000-memory.dmp

          Filesize

          136KB

          Download