Overview

overview

10

Static

static

10

e2708d3c57...18.exe

windows11-21h2-x64

10

Resubmissions

18-09-2024 11:32

240918-nnmz7azakp 10

15-09-2024 12:50

240915-p21c4svflm 10

15-09-2024 12:44

240915-pysh4atflf 10

15-09-2024 12:04

240915-n83ldatdpl 10

Analysis

  • max time kernel
    71s
  • max time network
    144s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-09-2024 11:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2708d3c57b562b01da42f9e7549781f_JaffaCakes118.exe

  • Size

    165KB

  • MD5

    e2708d3c57b562b01da42f9e7549781f

  • SHA1

    3d82951dbfab5629187b26ecb7388b7a05597f67

  • SHA256

    d976a41f366fb1e3a0a5d15878d84e24704949973d9e0ccead9a779dee03ef0f

  • SHA512

    c483968f981e64021025bf4f42424df3cfb88a55bd4cb7f2aa904515eccb85e239c3d44812b28d5b617b6b8476dcc3f4258465a211ae6e6725adbf1850234619

  • SSDEEP

    3072:eCEq0R0nZ5ys5n4Y9doh7O79siUs/NaxohzDKMlt:lw02sJPi7O93N3FHlt

Score
10/10
sodinokibidiscoveryransomware

Malware Config

Extracted

Path

C:\Users\01p9fit-readme.txt

Family

sodinokibi

Ransom Note
---=== Welcome. CDHFUND. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your computer has extension 01p9fit. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3445786FFB0E1A8A 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.top/3445786FFB0E1A8A Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: DAa1It57a1qm88SkhD+YguHtk4LMqbnYUcKrAltubDQuSdTA8SridrPL9kzi9B37 Y/v2ulkPlnf11Fgq02kl1KVED2GPgaLAxZQGHPeCQTHp7yS5ti44waI698rVTI1O j0CKpC5uRXCUpl7NTErOc5wnduTiLFsuX7WiMLiS0beAHqnQxGEinv76wSVqI+YX 5kftJAeETvDuhEy33BbGst0UO1UPHXjbbR9unn5PzNkGv0g9QCF90yg7g7qiIzZ0 OT7E1sWbPeWOoi46UIjizVeMRH0876XwSwelqMz41NnMTiPuCyA67sW5ydYCEBYM 2oIZLz/lvDRttgo/xjslaipbajBzslnDoaWTn4YtSv/lB3afpsS/t/DhbupBWnYV GY9nTdFXUL8lwuTPuhHC/o7G1VxVgQQLm1+HOHJdlbkFBSEmVmLNQMJdSjLMKS3Z l93ZuwbYLgRHsXp6g9WfDs4X73roRqpmaFmOqOkwm66eCWrzPtwONf9jXaN3U0Fu zHWIislLtAbdXEcLmkYF/JRQby6zbmQ/V8AbWxd7ziV0nwZCNOEgibeRROiRzjY4 Mg/zXKQ3GpjH2qgRuGrKYV6DhsfJzBvEllikZXp13xmlljlfwLM4Qrb0cvlG5S5e vaHicMZOiRBcHDv36Lrvvjnw1IbHdZ1SSTTBUMwrgxz+gL43gJcPfAPYOeafwlTU aXizl7mIPNcfJYyn9Uwre0r81Mpf3QId2BabKhrhzFD9XAAWfMvG+hLV3FMRAA4I QbutqM5W1r/n9nswCozGP+YnklqNdDugEeHd1HMqIxrjqPzGP/SJDAWpq6N8Oguf +g66zQiR4dY6dTqIZzd+jYs0XxjGIy5El74wrS7C/HnZ2gBPJ5Q2QrfwuIXejQAw +LAYS2LWT93xyU3i2ODwHYK2bBmFGdWPjVSj31PE9WnfL21c4PSRE8p951e0hHFV hjpP5T3ALt5OI06U+rPrdoWe7nYiyFFhd4ifO7hWIePueq16rPLcexqz7u+zcay5 b6I1qDjmCHmcaPsRKwu63FdgT4uPHj7E5rh6qSfNgIaWnyk4elOlAO5WozeSWOeR 3GqtuJNFaqCvy5zsWezSPXZss1mPD0ThlQyHE++79ALrDfS7LHBGCa9NFrpoykX3 z3R6pNBuUV425eNuyg68si+ZtY/x0bF6qE2PF0Vx/P0rvokBbdZOubMS2gP1+MAM ZtljO7vSnanxBBwN9HCrOwIrp14= Extension name: 01p9fit ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!
URLs

http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3445786FFB0E1A8A

http://decryptor.top/3445786FFB0E1A8A

Signatures

  • Sodin,Sodinokibi,REvil

    Ransomware with advanced anti-analysis and privilege escalation functionality.

    ransomwaresodinokibi
  • Enumerates connected drives 3 TTPs 25 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 24 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2708d3c57b562b01da42f9e7549781f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2708d3c57b562b01da42f9e7549781f_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3420
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -e RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBEAGUAbABlAHQAZQAoACkAOwB9AA==
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4708
  • C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe -Embedding
    1⤵
      PID:2792
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1388

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\01p9fit-readme.txt
      Filesize

      6KB

      MD5

      5b708adda614d9b99d9f2882eb7927e9

      SHA1

      10a66cc02571eab45d98eee2e1f7af91047227dd

      SHA256

      7e864c8ed89ae77c65c9acd9eb1788c590f3efc5b6c06fb041339171d9aad539

      SHA512

      05492f4b1e09d15ea1bcb8d144487151a1473315fba6486bd22cb3cec4c07272534c0720f7b4c1d0d73aac7d67da3a8adfd1933510532d09fa460540d496c63f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3a5q4hyk.fyc.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • C:\Users\Admin\Desktop\CloseApprove.htm.01p9fit
      Filesize

      1013KB

      MD5

      2a17561d6c5edd2ff3a09b8c00c1840f

      SHA1

      96e9813169a6e6d036644b56329dc89ec01e4387

      SHA256

      26e476c51af020a5e2eea7772f537a35fbc99317a491e7fa7b4fcdca063c14e6

      SHA512

      97ef9dd68c2d8d67aef01af9831a2d2382f94efe58e77c13d30a08fce7da0b74741fb152495ba17eb32627d5224d82c4d453ca42c2e7c7845c0518e52e197dd6

      Download Submit

    • C:\Users\Admin\Desktop\ConvertToExpand.MOD
      Filesize

      921KB

      MD5

      e3c5b47b9bf0e3c34bce8ef1d25eff75

      SHA1

      6e5233d52fd5e8db3f11b9af4be97fdfe76482f8

      SHA256

      72a9b8b543c12e9b6db47c8d831a9f2b44a3ff0cb743f897cd732764a260f4ec

      SHA512

      882ec6c3858d518b91267a3499aa55aaba0cc4bd9f99bd50a4a9581ba81ea3afc27cd463de4dc031ae425f379d6acaee3623a48aa941e798c840ff2182dc44ee

      Download Submit

    • C:\Users\Admin\Desktop\DisableRestart.css.01p9fit
      Filesize

      875KB

      MD5

      63ba99c53f2cc227b4e7fb137a51e9fe

      SHA1

      876d439f9a5e672012d7e49836a3faf3930dcaf6

      SHA256

      e0d094dc6f7c58e93f0ec350ca3a8ee1723621448d5979acc54929420278e17d

      SHA512

      fd25d020689dbfc91fe32975c9dd552500377f82ada9cd1ab681c224b3ee8807881ff4530439463ca96ff03dc81a400d4ac3cfc2e822e3052d135b4e57a146eb

      Download Submit

    • C:\Users\Admin\Desktop\ExitGet.ods.01p9fit
      Filesize

      1.1MB

      MD5

      f701c066170229fa69054cdf1a633643

      SHA1

      75f08f4f4b6b1dc1857ea3a506daab91afa62fc5

      SHA256

      6d1e91b58b1717a58c084869cd89a3c6cacc567978603aa1ca46323bfa0dc8e7

      SHA512

      43f7753771c23565d6c6237f9e50ff51eaccdaac4af6b49521b6a876e977489ea8ebc1a317ae1a8cc8de6fe0c6915080bf0623cdfec84e7ea40b17de85e78195

      Download Submit

    • C:\Users\Admin\Desktop\FormatTest.reg.01p9fit
      Filesize

      1.2MB

      MD5

      647bba17a8f274d39064b9963912db91

      SHA1

      c5b9dc258748390794fc37c680f03f94348f11a0

      SHA256

      fea118759cf962174dab5f10490f85870974ae67c51d99da108bf11920c79f3c

      SHA512

      386670b5b374c32ba4155fa4e1c547e359576b4e55f783fc455d228f84c817b1b92c768f3e242cf3e8c048435cb8a75f2432b01adee980597455ac3226fa2af7

      Download Submit

    • C:\Users\Admin\Desktop\FormatUnregister.vstx.01p9fit
      Filesize

      553KB

      MD5

      befe8b06d151854d23ae742606d7fdb6

      SHA1

      a05e463215d3f776e1cac9be0a0b75eeac66ee56

      SHA256

      a88fdf8b2ba573656a09390d1e43ad4d50fb8369679cd3d339d084e8455d741d

      SHA512

      3e8c4847aba1310439516032cb1aac0d82e3f4ec3d38b80452cd1b3e6d319642f81b4a58cccf326ef559c529a7287c0c29b4c23f1feef0abacb4c9d9f0c662fc

      Download Submit

    • C:\Users\Admin\Desktop\GetFormat.docm.01p9fit
      Filesize

      645KB

      MD5

      83609e0f5f832ee6100148db84dd67a6

      SHA1

      fdf136a4a1f892e42c2d7e61f418bf4e17ef8eb5

      SHA256

      b3fa1e1e7e30091dea7819dae5e069feb279d69ffd207b37bbcf8bd205f013d2

      SHA512

      de7b015693f6cf1850998759a66371705cfd63869dc91bc9a48c763997a5fc4118423b4b09e40a79365611e83a2aa9d0fe785270261231e3d3e7a062081060bf

      Download Submit

    • C:\Users\Admin\Desktop\GetSearch.wvx.01p9fit
      Filesize

      461KB

      MD5

      470c5e2a3f025d0fab5ee72a891ff1a6

      SHA1

      d5b0ff84ec504cf5b70903f5949de42a0426ec6a

      SHA256

      c93de69988c2d6e81c830b391cb836b11eb37f66f3d16d5d09e755890d43fb6d

      SHA512

      4d0e8b5d131bf38c7ec14d3475b14b42d1a3b27ead76c2944eb0903ffbb265ad66dbae165973c851d8eefd4397f126f7bef45e92d9844c857d871a31a2ff36f7

      Download Submit

    • C:\Users\Admin\Desktop\InitializePing.dotx.01p9fit
      Filesize

      737KB

      MD5

      4d16bfd661da5ea6f451118a902c67ac

      SHA1

      421ffd2b22ffeaa050f72ff3966b5922cdd3cecf

      SHA256

      c0b8e1e17b68cf7001b27bc64cdef2736e8ea2141e5f283883384d3d41645159

      SHA512

      36dd67b92549b50e1cb094df744ae955e7cd1eb61ace928befe22b690f2dc132342413c853a57c1b42f9540a39401c862685a25baf81d11a2a64b896e52a5824

      Download Submit

    • C:\Users\Admin\Desktop\InvokeGet.docx.01p9fit
      Filesize

      16KB

      MD5

      9bde4634ccf4e839e88f25bcf20b3542

      SHA1

      bb7db3b4251bee7b071472dd0864dca73cc68fd5

      SHA256

      4007b3e788ffae0d1ac711111bd6a250b117db3f29212783ec0719d254853484

      SHA512

      29f11d6721c7711c2ce7c0eec542aa901ddf35f7386bbdaa465ff98a3f2ace49b9d3b92661c96ee49a253c07577d8623b9cfbceaf95b1e3713e661a230d269a9

      Download Submit

    • C:\Users\Admin\Desktop\LockConvertTo.vssm.01p9fit
      Filesize

      1.0MB

      MD5

      a13f1e7849f4c2699edf53c37ef4654f

      SHA1

      5e001196420435c1c4687d03b4d15455af196986

      SHA256

      474e66ee3dc35976f9655f7f301a4724eb9baaea2d4d11628b417e0019a281c1

      SHA512

      bf3742c5c296d7c25c61e8aaca2a447652966824d38221c344835800be70caefe993c14cfc94c0435965b939098c91daec357a5d9e7c557dbf3d0e1eefa42b37

      Download Submit

    • C:\Users\Admin\Desktop\LockMerge.txt.01p9fit
      Filesize

      1.2MB

      MD5

      89ef8e80c6ea959df5ece154d41c8c42

      SHA1

      2b5c2a4f7360afd30c579543aaf0c9e9442564c9

      SHA256

      a426bd44494b890f5f0f0d41e789a0a04960a85122342914ee1c1c133d1bb2c1

      SHA512

      d2a86cbc2c357b5f2c2625a3367c6b593b5002d787a5b910798b2e2b87bdf70678a041d701f9abfcf0ea13ffb85412ac55d57acfbc0c395f58d17336420dbb82

      Download Submit

    • C:\Users\Admin\Desktop\MeasureFormat.easmx.01p9fit
      Filesize

      691KB

      MD5

      638f89b4f179b2840096eff0859672a3

      SHA1

      b25343e42c2ea8c847ba7c0b8953b4f27138922f

      SHA256

      c6c755e04394f93f56cbe5ff38e946f2d30b92d435893b1e58c7856760d0d3c3

      SHA512

      cc843acadf2568d5abf01d0e837e7fa32a0c5436663fbd49809c397783145a2c6be81c07c07ac4be97ab16e78fd4d531a9640698ed1d1f3616c305165a7b0df1

      Download Submit

    • C:\Users\Admin\Desktop\MountConnect.xlsx.01p9fit
      Filesize

      12KB

      MD5

      df6ebc8b4a4e0de73747880b400bffe1

      SHA1

      647736287d33000dcc618ea8fc6ef2d20b45d4fd

      SHA256

      e08c00998fde3c39524eb3011fe48a31b94cb6ce48c8614eaa9ffa849774034a

      SHA512

      4d4a731aa69065f9f19e2577820e3e1eb143b0f1b13a06bc43fc934d4234e372e7aec53028c81f46811a1bbd91a4ca6fef0927bb68348536b5e365da0d8b3aa3

      Download Submit

    • C:\Users\Admin\Desktop\MoveRegister.ocx
      Filesize

      967KB

      MD5

      8008836cde1afe5e2217d76cdf706606

      SHA1

      d55f47a9048d47bdab152ba76e9f844963ac5dc3

      SHA256

      268f6d6b8a5329f7d95fe7ebf8047e4313994bb568fda0de563a183fd764c52d

      SHA512

      2bf7083b52c6f3f94c8df9aba4da1b02ca0281a669f81446e6d3573e9a528650db2302a65187d11685766c4cebfaf5a6523ca310aed568c64a0c9f47a2e1c44e

      Download Submit

    • C:\Users\Admin\Desktop\RemoveEdit.iso.01p9fit
      Filesize

      599KB

      MD5

      c76481a4ef65a10179bdbe7f0bf55f3d

      SHA1

      b116d175e858e83c7c330df37ed4439f5d39bf21

      SHA256

      c30310748009f1df253b6f81824f3f09043ab026165f2d34974167945dec673c

      SHA512

      dccea02fe2f1f05c71167e74726797da3c85d595869153ad12c72fdbed127678324239c49719bdf99828f6e64f8c27ece99938e570b06aeaf77b1de83b05b44b

      Download Submit

    • C:\Users\Admin\Desktop\RemoveUnblock.DVR-MS.01p9fit
      Filesize

      783KB

      MD5

      e9c6a3d1f5082382e56f0a2581c596a4

      SHA1

      362c70e1a59cf42b4c768676add3ab0b307b7c18

      SHA256

      ff7a13f700587fbccd752dd0d4da18d502d45ca5406b17da0f6ec1cf7b1315bf

      SHA512

      79739c6e44499a7e62fb14d4df29b89099d56e4eaaf33b2304d303ce559642dbfeacd22dd1b6e96e4a72f2785196e46520ea1f7faef7b5684e68aeb0c4134cd6

      Download Submit

    • C:\Users\Admin\Desktop\RestoreRename.i64.01p9fit
      Filesize

      1.3MB

      MD5

      eb05f9a206d2f471674e63de1655a8e4

      SHA1

      84dd1c3ebdb1c044755b1049a65c70c6e2336987

      SHA256

      43e7d089de89a4ba058e2843b9d8ccd3c0b37df14d7b0da3bf500a2903500767

      SHA512

      93a2caa71f274dc15083b6d8a187bcd21d2ce0f5b61ba05901f87c187cdcb1d519e558ed95dc22acb74d138dbdac416e3d20e519c3a1d7d55dccebcc35ce6e46

      Download Submit

    • C:\Users\Admin\Desktop\RestoreSwitch.3gp2.01p9fit
      Filesize

      829KB

      MD5

      39654c9eb6568a9cd4f999ac6bbf2f99

      SHA1

      1092b9976db5c1faeb4b922628c75d618270b32e

      SHA256

      9a82c02253a5c994caad5866af4fc6f210e06d171104fccaccf227e8fcde3179

      SHA512

      06b1a0f5c3344bceda28205234c4d68d36013908005609458aadf7cea607bb5c4c722a6f15466799dbe52534759c37fee066eee41e99047be946d7026b9d00f8

      Download Submit

    • C:\Users\Admin\Desktop\SearchInstall.mov.01p9fit
      Filesize

      1.8MB

      MD5

      22d4e0f04d79b01c1e32b459ec58ca12

      SHA1

      3f0006542b6f60fdb0deb69833a59a536a46cb5b

      SHA256

      7437328b8743aadf907cb8421d8c63beb5267462b18a91a1e7adf543c122192b

      SHA512

      5d2a62207fff0fa029e6dfe3aee625500ffbe7b10228e087a011a53128adb8d8d000ac57a674be8c888d10cfc4d3fa97e524e9d5363a2b48210d2fc60ce4bbac

      Download Submit

    • C:\Users\Admin\Desktop\UndoSearch.M2T.01p9fit
      Filesize

      1.1MB

      MD5

      79c057df95c0368b082e5e714ea82b59

      SHA1

      4fb25910bc743309fa634e8cf006f652a911a747

      SHA256

      a2e8bc28c4307d8d976d00004b6cf8efb983b3779da6b5b60e47a384e3ddb941

      SHA512

      e3d064b37199796ec3b81f313150ecbd592f025892ede9052d0d29f071745ab9248f7529f1e4483c0f1869b092fe4e66814250a6b4917f696775fb33aec23be4

      Download Submit

    • C:\Users\Admin\Desktop\WaitRestore.xlsx.01p9fit
      Filesize

      507KB

      MD5

      0e65c4da6fc11b25ee31f901bcf0f452

      SHA1

      c78a8be1e2e051bc104436208c5ee40b9e7e4df3

      SHA256

      045364a0e8f89d04296b442c8a6b57ff69b3f7ae95c34842bee5671f83d79502

      SHA512

      55edb2177c67c281f47ecfe9426516e70e14831bf68d4ca71193a859ddd2a463ea4a362e4584d0bce04154a2a50ba0e59f633370a9c994222207817ba040c286

      Download Submit

    • C:\Users\Public\Desktop\Acrobat Reader DC.lnk
      Filesize

      2KB

      MD5

      34a57aee30ca057c61c73ebab410117f

      SHA1

      eaf72023e5346a733d57e0ddb9a1d42c2908f396

      SHA256

      d7373cca840e81a42a578a23392bcfdadc3129ea9f90fc9056a3266b1040a8a4

      SHA512

      e61ff556d129d5bc8ec16ab151fd10fbc8a2c2b238bbe3e7a6a89bfc3b08612c8ba8bfd2111adb0cb134503b9f85f6bfaf58915fbec220f4d9b3d243515cf077

      Download Submit

    • C:\Users\Public\Desktop\Firefox.lnk
      Filesize

      1000B

      MD5

      41d15f39f0cdd9e1fb87b0905c5eef67

      SHA1

      c67f6e793d56fca48207002577aa5e5917e18ae0

      SHA256

      77a8aa315a9ac40f597fb28733669f40f4697f564402dcb8aa918540811add9b

      SHA512

      77f1f4872a7ba998f17ae9c272669419b8755c4876ff7a163fe236a62af748c13f7ff9c5850c7cd0d764b9b02583982f773e58ac24f6c543c34dbd50821a74b5

      Download Submit

    • C:\Users\Public\Desktop\Google Chrome.lnk
      Filesize

      2KB

      MD5

      ce4864e7fb15c7c15472264a8f8cbe62

      SHA1

      84fcf636c709029a882d7193c9288d1d37d68262

      SHA256

      42c9c4687d7369395d5121db46ff708cbf18f623fc8c515e616307461e4c4d64

      SHA512

      b3f37b21a8fe9971776fb4d711c98ef9a6b8b225f779dcc94ceed892d05882eaf4306593473d52f7d6370d9f1286cc01756a07b3292398c1d88591e5f88b71d3

      Download Submit

    • C:\Users\Public\Desktop\VLC media player.lnk
      Filesize

      923B

      MD5

      99b01f86a345233811cb34cf868c8534

      SHA1

      e483864dec47d5e3b71ba4b6ae15ed1579221bbf

      SHA256

      1151b9b4d907b845d6b7ca6d660494d9c39767094e0a90c0efe62d55f3906756

      SHA512

      665bdc5ddcdfeadf809b0b3cc6fc8927a272f79cee0032e09b083d2a21e8ffc1df96935f096d0df55aae0279eadf4ce740f608d1594a28e7046eb7bb8e0e09ab

      Download Submit

    • memory/4708-0-0x00007FF9881D3000-0x00007FF9881D5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4708-15-0x00007FF9881D0000-0x00007FF988C92000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4708-12-0x00007FF9881D0000-0x00007FF988C92000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4708-11-0x00007FF9881D0000-0x00007FF988C92000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4708-10-0x00000257AF750000-0x00000257AF772000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4708-1-0x00007FF9881D0000-0x00007FF988C92000-memory.dmp

      Filesize

      10.8MB

      Download