mafiaware666 | 4bcbb8983fe7425976c5a1789deff73fb138e80981f5ebfef1f835bcc6757760

Resubmissions

14/04/2025, 07:51

250414-jp1kfssjz9 10

14/04/2025, 07:46

250414-jl9nyssjt9 10

08/04/2025, 15:58

250408-tevasswl18 10

08/04/2025, 14:19

250408-rm2nqsvqw2 10

Analysis

max time kernel
107s
max time network
95s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250410-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250410-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
14/04/2025, 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f89219b77e5fde5a7a1581e3e4cc0b00.exe
Size

294KB
MD5

f89219b77e5fde5a7a1581e3e4cc0b00
SHA1

557c9ff996b42056c0531e63ebf5e7d794b23b19
SHA256

6c8d0a52686544703953357f4d7655e5e1a27a90e2f1aeac9eccdddb618333e5
SHA512

9ba62300e547e971ff79e4ec0209e07197414071ddf0b90d4a951e06a82f258ab2abcd9653b5fdeb5febe9b6fc8b6a28ce52f7360d94b63283fd0485168b6a40
SSDEEP

3072:bC6UBkwelNBVB18I8qk49NWa+miRztQYi+GVnkgLmVv3yniVH9T2mZP:bdHvH8+k49wa+LRBQYi+OkgKLVH9T2m

Score

10^/10

mafiaware666 discovery ransomware

Malware Config

Signatures

Detect MafiaWare666 ransomware 1 IoCs

resource	yara_rule
behavioral20/memory/2988-1-0x0000000000B10000-0x0000000000B5E000-memory.dmp	family_mafiaware666

MafiaWare666 Ransomware
MafiaWare666 is ransomware written in C# with multiple variants.
ransomware mafiaware666
Mafiaware666 family
mafiaware666
Renames multiple (134) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops desktop.ini file(s) 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Documents\desktop.ini	f89219b77e5fde5a7a1581e3e4cc0b00.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	f89219b77e5fde5a7a1581e3e4cc0b00.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3528707984-280903734-2966936111-1000\desktop.ini	f89219b77e5fde5a7a1581e3e4cc0b00.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	f89219b77e5fde5a7a1581e3e4cc0b00.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	f89219b77e5fde5a7a1581e3e4cc0b00.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f89219b77e5fde5a7a1581e3e4cc0b00.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5036	taskmgr.exe
Token: SeSystemProfilePrivilege	5036	taskmgr.exe
Token: SeCreateGlobalPrivilege	5036	taskmgr.exe
Token: 33	5036	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5036	taskmgr.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe

Suspicious use of SendNotifyMessage 47 IoCs

pid	Process
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe
5036	taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\f89219b77e5fde5a7a1581e3e4cc0b00.exe
"C:\Users\Admin\AppData\Local\Temp\f89219b77e5fde5a7a1581e3e4cc0b00.exe"
1⤵
- Drops desktop.ini file(s)
- System Location Discovery: System Language Discovery
PID:2988

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5036

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\CheckpointSubmit.tif.DPN

Filesize
270KB

MD5
4d0598c7e68f30485432b966d3f87a01

SHA1
68c2c29311b35443a350d982a9cbed6cb5dcb917

SHA256
06f1a656399764da0856bb534b234a473564460cc61ecafcf9ad5ab599cd4888

SHA512
dbc9eb5c5da9244f046e0ae25495b976998e7fc1dd16e016a1e74ccf8631bb14412ef3e176d3ee62cbfc30d214ace1c63c3fdd431265b7bf31f9efd0e48f7fa4

Download Submit
C:\Users\Admin\Desktop\ClearEnter.htm.DPN

Filesize
152KB

MD5
9c35f14fd7b88bd2f73aaa5ae9913213

SHA1
c78f743d49e34562456857004545ef382ff9172c

SHA256
6faf46d350009efe4ffad123575646c61959fb4636f22878635df1db17d932f2

SHA512
6eba69ed627baa49cb450c2e7411acea4644c15447d6118b03247547a273069177d73fe86c36624ea4277fdff617f2d5056a6f61043225383c53a70f23d2fb4b

Download Submit
C:\Users\Admin\Desktop\CompleteWait.i64.DPN

Filesize
201KB

MD5
5582713aa7f20ce16e250e5ccdc6f77b

SHA1
16727da3c2335e8a49ad095d03f2df0d934fc737

SHA256
e2c20bad0068f7098977595bc3243204d3386b9e219fc2af70acfc5ed959a045

SHA512
048f2481f35a22966d72490c4a035cb54920a32ee16cf854c467b7192f359da33830b71ff6e315742b2c04f1de4f083d0cd486e4ce182e10cb709228112f5c31

Download Submit
C:\Users\Admin\Desktop\ConfirmUse.easmx.DPN

Filesize
162KB

MD5
9441b0245fb80cd2591fde3db2445ae9

SHA1
33c6fe2f93022caa2a8448706ee5aef3d390e07c

SHA256
4372f2ad804cffc65ad518e6f3e1055dcebadb6b8bcdf01d3214e830c6419adc

SHA512
9cf214f4d35666e0eff978bce6216a7febc44ab8fddd8fe512900a5f143d9f330f6c7edda5eb8bdfaf5cf57d58debf788559b9cfaba8a7de3079893068e78205

Download Submit
C:\Users\Admin\Desktop\ConvertToMeasure.dwfx.DPN

Filesize
250KB

MD5
89b01312c96c46ec9259f252e82e405b

SHA1
b3885a9ecc6ec493f8d3ddf568b46f2a480f2f2f

SHA256
2534ddad6b97fe07271c6dbf0db54c6ec7bbae3ef01677a28477a5e084664a42

SHA512
3831226c9ac04225a6d2261c8f94ecc62e0579c68187559c54ac801f170a08fad44af49d773547c3d5fe096d8380baef20e1a134c772ca76ea719037891084a7

Download Submit
C:\Users\Admin\Desktop\DenyRemove.jfif.DPN

Filesize
339KB

MD5
95aaafc2aa33697100bcbfea39143aec

SHA1
89651b63081beb665304dd30676d09dd39f30f6f

SHA256
5eae361ffe0cd4afa0e02f4189461a996bedd5f51f9398cfbb23ff4fd2f6dd74

SHA512
4274a2f3077cc017b8224d518f11a0f258b61cb1668a3efc251de17377b7e64f91240874f7bf137ab42ffbb2e109e9eb999f419800c9e8d2f3b10fe5e3bdbf19

Download Submit
C:\Users\Admin\Desktop\DenySearch.vbs.DPN

Filesize
358KB

MD5
6146b36a37dddd94781404f463a21e50

SHA1
752302858ea818d08c46f394abda38729e1382f8

SHA256
89ad55af90a5833cdbd9c1c132b483366359461821db51403a921e15a343e799

SHA512
aeb8685811a0432bb13afac67475c01a01f4944dfbd3c8d8f45256a21a21c33269d0eb6179ce1efa85aa3384ba2740352ab90b13e3c08e8202ef5e7c439ad1c4

Download Submit
C:\Users\Admin\Desktop\DisableUnprotect.ini.DPN

Filesize
132KB

MD5
7a2391e1672f4e0bad0fe854a44f225b

SHA1
180cbab95f628cb4fc0ea904b3b06ba61d1d9892

SHA256
9ed396af63e1385d365bec926e56d691a501914a9a46b19a2b682f6515a40785

SHA512
679b7f22367e3ae31d5b5609df8e51324f34ebb87b48889a9147e8ea0eb92288fa0244722270dee2c375086dcb971b7c01323d1f7b67f1f4027708aabdb5d615

Download Submit
C:\Users\Admin\Desktop\GroupCompare.eps.DPN

Filesize
221KB

MD5
10569ea6c84dc5caf83a830f7f47551b

SHA1
1d29a08a1c2fdb7a131b8242600b5602b9addc3c

SHA256
feb02085d3846cd56c88afb63200c48114fc4f578833878f44b4983bb9b034f9

SHA512
681495cbdd7f0f5973d74a3f8d6fee93f8d8028ad6207c8b1569cedf67508d4edac90de43ddebf728280c3685cbc4df1acc7091f2d5aa1ea1896b5b13dfb5e6d

Download Submit
C:\Users\Admin\Desktop\ImportSplit.mp2.DPN

Filesize
329KB

MD5
bb0e0942c9c0c0476cdf25a52551304c

SHA1
9ba29be04ba96cf2ebca9e504f8bfa7782098dc3

SHA256
ae860fd2062727ff3110b3b8803dda3ebf8cd2a026b3398a7b4681c5f92e19df

SHA512
5c4f8fdd4bfa47e88d0cf356bf93aa0062d3a862c47e3d77a6ae94b736324096453d6518340521036a14680dbf9c01434108d08f259a4bc8e4c1d9cec145ed85

Download Submit
C:\Users\Admin\Desktop\LockShow.3gp2.DPN

Filesize
231KB

MD5
901040b89ad520a4acb2a933f58966ed

SHA1
ca1b76beb368e7bb98bcb07929bedf505c7111e8

SHA256
c528366d50c290dc862c8a2041bebbb2c98bfc0784a6055a07af5350bbc10f21

SHA512
1d01d240b4c66b65508566fb15a89a32c92b01b6c369611f9ce47320a8cfe3dc42907b33a1c9f776013fce67c307d03ee412f649aefbb0a78845b75e6c00df28

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk.DPN

Filesize
2KB

MD5
b02f6a7d9b1c88cca1357142d48e759f

SHA1
095aee268f6f5eacf3f34f074f1fa831c6db621a

SHA256
42696604619fadafb8eacf5c26798002ae68e9965b52abfe844a3f96e6cbac1d

SHA512
3e7d0dabf3236c7b5b6476dc26e74b97ab0c04fbc15856eecf7088019bc1a0815735fb3992aead468aa48985d1153c5761629f477f7c43bf4389e5d0d2954101

Download Submit
C:\Users\Admin\Desktop\MoveRevoke.aif.DPN

Filesize
260KB

MD5
351ce18e6e342c9350d094c04f9422f5

SHA1
2ffde7e7fb564de4a3c2d8259b37d3d4da6b1d58

SHA256
a2de2978d6d6c8cf2657a70a8842a949e1884d4d13f1d1f686a9be6f56a98b7d

SHA512
16dbaad2864cad90dd7bb9bab9134ea0641311a3a5e1e70cd86ced68e5d6bc0e81d79a41afb9bb816de156bf51e142b0ed13c7a2df2ee85b06f599af681cb22a

Download Submit
C:\Users\Admin\Desktop\OutDisable.txt.DPN

Filesize
520KB

MD5
6bf5b274d39df24c8b77364fc0c097bc

SHA1
ba938dcb6eba06aae5b06ff3c387466a35861c71

SHA256
fae9b2eb2977b3e0aedc9e5dd8b9dbbecbab7487fbb466e513cfd64b24f8fdf7

SHA512
47669e0699024e6a47980520190381eb9748b8e131e4bdafee85a6d6cb8b332b2b81ff729e13eade0a4604df29bca3a75fa81059d62701bbbe7e20cb752c56a1

Download Submit
C:\Users\Admin\Desktop\RegisterReset.wmv.DPN

Filesize
280KB

MD5
7da730e43f57f954272c824a38cad055

SHA1
3d0a22e20b6e790b26bcfec5e4248ed1957ac20c

SHA256
81bf45578920b08a3a60fa8ca7b327d1157f1b7ebf00f6df2839547fd25f885c

SHA512
b792cc1d9594cdf8366125e10b15a2fd485745139b1a2046f7c36b0a36a49a7851b07704d98d77d67c76d4dbd58d00432713f8ddc5edc6697080f1d598d7481d

Download Submit
C:\Users\Admin\Desktop\RenameApprove.docx.DPN

Filesize
181KB

MD5
fdb5c9c90ff7d271dd67465cd20e3ced

SHA1
348673fe465092f9bc5e3333914973efafc9e4bb

SHA256
de9bb33f9077de663957d729975b3b04e1074a168fc27dc596f710e995b7dadb

SHA512
7d635f0d386b7f838c3c0d16f962a8ac205ed0848d7f3c4d828dd468c68809608890ff0e3b78e111db12a752f810d4806a77d711e0f04c0a57979b8f651f5bb5

Download Submit
C:\Users\Admin\Desktop\RequestDebug.jpg.DPN

Filesize
299KB

MD5
8b2ae16fd43f48ac18a9c5bad412d8d6

SHA1
e4d2caa70b487d744b513de2dfadb2a03d430294

SHA256
30d362b9d65b82eb24a08cb076e332d2c8d3710cd20be8ce7dd369e7cdd09677

SHA512
3d5f908b5f7d87dd5688f732a2b253676276fa92ea0fb25352a5b1933e8b37ff57e071c33d2a0407d49d77b746ec45c607d19d7b4db37e8c3de04cf576c55738

Download Submit
C:\Users\Admin\Desktop\RevokeConnect.rle.DPN

Filesize
142KB

MD5
0137877bea37f3c6073a79193ef90784

SHA1
9061d01b1e61b0daf574e26fcc3fb831fe35cd00

SHA256
aa49c59cd6632742623b70e344fff96fd8c81c8cb152a83abd447b8e47b343be

SHA512
3f341e8da84b36522288f5d4cec5f008460d7684cd2e2a47ae7e906129b8ea347269373732176127fe3c7db93c2418655dcc6e5a4cd26cde8bf371cbe92ee643

Download Submit
C:\Users\Admin\Desktop\ShowMount.ttf.DPN

Filesize
290KB

MD5
ecff20ebb7f1b47a1ba5643eb1792900

SHA1
2d80a16e3caba5b625193837c59251d9ae69dcf4

SHA256
a8e7bcdfa390d0131b8dddc7899cf8a218b168387662cacbc8255b9df2f393d3

SHA512
e5131e04c77cb47f8ce47bc30210a29788339fc5a9e8240cff293c62bfd2dc4f32e9c900cc5017533c36040b15056b6a24e75ad50e71cf97f4315e1efaf54170

Download Submit
C:\Users\Admin\Desktop\StepConvertTo.7z.DPN

Filesize
309KB

MD5
e1fe002144179aad15a7fcab55261cb6

SHA1
b23609ec0f58f792fe47e76346e139d336b4e534

SHA256
4adaf7c9627513c2571897c01bc994b3d5e088a9f779f0cec4f0656159b97660

SHA512
06f903f46eacc6c2502e90df465e09b69b56ede14a0a557303a67346714986bba539ff5ee6f635642d031c36cddd39090a15504dbc32eb3d1b31b54c3a0ae127

Download Submit
C:\Users\Admin\Desktop\StepRestore.ini.DPN

Filesize
349KB

MD5
8886cd5f2f0139e0321fcd485437b347

SHA1
c6a42d953b42be9b10647029fa93b7fc938a6691

SHA256
4b5ad361d36b8f565ed4fe43352d82efe0a7f8b5e883a7a70ba694785efe6ed6

SHA512
878bb8407275cbc742b32b553527165117a2c3d56d58236b1c85a05b73220e5d0f1bd62de2549081ead4ea9da08e28ed977765bbaa8ffde51317dc4bf4c9cf3c

Download Submit
C:\Users\Admin\Desktop\TraceMerge.mp4.DPN

Filesize
368KB

MD5
eba67470082badc9ef2a639b80defeaa

SHA1
431eb70d53f60a22ac736db092d6ba0e97ecb56c

SHA256
a9ed816121de76b7f938861c55948564ca397a4ec0e65dcaa39d1d5c34fd3e52

SHA512
f27be7ab41370f30795e565ae9df3bf4e0e41541854e5dd897b429dc30f955c1f6829d92c44ebe7d352c0e8af9a8729623036a3081b1c017d8f63a0480bfeafb

Download Submit
C:\Users\Admin\Desktop\TraceStop.wps.DPN

Filesize
211KB

MD5
6cb3c30290681f4cb131a77186ace6da

SHA1
3534682893390c35cefa527cf21b521487acc63d

SHA256
ae3edc1dba1376416709798cbd1a7e8aa56408d0bbaf448deb943a91ded32440

SHA512
e9fc761b9d926fdf66ae862f3e121198b07557779fc097b7411754c21fd344d058f01ca9c8488a55c56a9858f52d642f1331264203545c37da620451e975281a

Download Submit
C:\Users\Admin\Desktop\UndoWrite.xlsm.DPN

Filesize
319KB

MD5
8dacb38f50780bd3d528e36c429cc505

SHA1
46425de886068c87f941ad24ad607c2fea0dc6fb

SHA256
eb02f57ad95bc93d4c1c8ce15f72a1513aeadcf812d8415948c4ede7455c4fa9

SHA512
eb65f1c5ebd9e9efe72a79a5c5ee693c6f1b0d90245f4a976c8a60538dc0534aa60f63b91540624332931369a666a824b8cb701899b1ad0267ffcc4b5e69703e

Download Submit
C:\Users\Admin\Desktop\UninstallPublish.aifc.DPN

Filesize
240KB

MD5
0638a9b1e5af07299c85812e94456de2

SHA1
916d0ffe8f3a6bc59cf1405d61c9328c5bb59b4d

SHA256
aa2c23f9e94384982633767a957a9b5805a987b5ee690171eadaeab1e1728081

SHA512
72a4d61ee27a6ccc8154d1aa42048ade89f8a3f2809d4695cd015626c4306287871060bd66915c533a4c96d726cb5f4ebb3063251f21bc1cc7d5e420fbd90254

Download Submit
C:\Users\Admin\Desktop\UnpublishConvert.gif.DPN

Filesize
172KB

MD5
7ff048002705d1ef80610e94eb34daf3

SHA1
c183272eb69dbdc3de88089da7a5f357aa0aec3a

SHA256
7e0663b27b4945f132b46dbdd6b5aa95777de73f562358e9201dedc8fd9cf692

SHA512
7268dc02d0d2e4f20c57d036eba0c796b21de77d36b60b50538996137f7cb148e0f924a3e7708993add4e830ebfc4d4c8612b4705e9ac298dda31cd92e1425f9

Download Submit
C:\Users\Admin\Desktop\UseConvertFrom.search-ms.DPN

Filesize
191KB

MD5
3a77fd274d6864d7892c62b64fc9ccd2

SHA1
7d93aec15de2d38f74d9c75f9a4cb3413bb9bb25

SHA256
7b19f18fd8d64a38b68e98fdb738d4dca5d96dfa8b3c65b376db594769559963

SHA512
0eac4cd8276dc6ee86c58953fc6f57697633d4616d6063f051ce456d2e67adb7666a4eab881146d5628f88817c87eef5d1f680656e0d57620d1e1d65ed2b3b30

Download Submit
C:\Users\Admin\Desktop\WriteRename.emf.DPN

Filesize
378KB

MD5
de76f3dd6df00470abc8d0e6b3514241

SHA1
b6e85e4b0c929cc7a3addf69250059c9464b2c1b

SHA256
4b3490458083e51e8f70a1cade5336c3bcb1b096c1be56d20257cfb7462e1dc5

SHA512
d92d464e32e618648d8b5553b150a527ce1031f5171594f3b29d151c3eb5a841db2a0c4fff0503a952a509b7d539a82697b89bc3a63494d5f92ae3fbac65d36a

Download Submit
C:\Users\Admin\Desktop\___RECOVER__FILES__.DPN.txt

Filesize
5KB

MD5
64d1db248caef628bc0abc7f0cd6be5b

SHA1
64c3f075e8e7fb980343d30340cac2d9c508368b

SHA256
af73e9d1edc833e0351dbb354c97815bafa8aa3147fc02320677549e61fd8103

SHA512
4652e810032cb70c9af8e7fb8acdf9dfe6f26873e4772df39fdc077716acc6c8d9c6af041704f53b92c4c380865c4c68ed7542194d9a244a2213e91548e5fa5d

Download Submit
C:\Users\Admin\Desktop\desktop.ini.DPN

Filesize
320B

MD5
aec244c9833fe5cc472f00470afdd235

SHA1
3cb55cc95343b3b085079bea0201fec66e1a0214

SHA256
610dd0d3925067caa49fc69219700bce7df5a2f56a50d7c58897826064ecbcd6

SHA512
9f95594dc9b69b69ac439f6f72e2e78a7f48de7c81c350294b9160ac929d6f5acdc3d72a2566ff9ed6a39699e5f921fbb7d65a44280323e55df6ace42373ad83

Download Submit
memory/2988-3-0x0000000005520000-0x00000000055B2000-memory.dmp

Filesize
584KB

Download
memory/2988-4-0x00000000055F0000-0x00000000055FA000-memory.dmp

Filesize
40KB

Download
memory/2988-5-0x0000000074E70000-0x0000000075621000-memory.dmp

Filesize
7.7MB

Download
memory/2988-6-0x0000000074E70000-0x0000000075621000-memory.dmp

Filesize
7.7MB

Download
memory/2988-2-0x0000000005A30000-0x0000000005FD6000-memory.dmp

Filesize
5.6MB

Download
memory/2988-1-0x0000000000B10000-0x0000000000B5E000-memory.dmp

Filesize
312KB

Download
memory/2988-0-0x0000000074E7E000-0x0000000074E7F000-memory.dmp

Filesize
4KB

Download
memory/2988-34-0x0000000074E70000-0x0000000075621000-memory.dmp

Filesize
7.7MB

Download
memory/2988-158-0x0000000074E70000-0x0000000075621000-memory.dmp

Filesize
7.7MB

Download
memory/2988-31-0x0000000074E70000-0x0000000075621000-memory.dmp

Filesize
7.7MB

Download
memory/2988-27-0x0000000074E7E000-0x0000000074E7F000-memory.dmp

Filesize
4KB

Download
memory/5036-146-0x0000017C615A0000-0x0000017C615A1000-memory.dmp

Filesize
4KB

Download
memory/5036-145-0x0000017C615A0000-0x0000017C615A1000-memory.dmp

Filesize
4KB

Download
memory/5036-147-0x0000017C615A0000-0x0000017C615A1000-memory.dmp

Filesize
4KB

Download
memory/5036-151-0x0000017C615A0000-0x0000017C615A1000-memory.dmp

Filesize
4KB

Download
memory/5036-153-0x0000017C615A0000-0x0000017C615A1000-memory.dmp

Filesize
4KB

Download
memory/5036-154-0x0000017C615A0000-0x0000017C615A1000-memory.dmp

Filesize
4KB

Download
memory/5036-155-0x0000017C615A0000-0x0000017C615A1000-memory.dmp

Filesize
4KB

Download
memory/5036-156-0x0000017C615A0000-0x0000017C615A1000-memory.dmp

Filesize
4KB

Download
memory/5036-157-0x0000017C615A0000-0x0000017C615A1000-memory.dmp

Filesize
4KB

Download
memory/5036-152-0x0000017C615A0000-0x0000017C615A1000-memory.dmp

Filesize
4KB

Download