Overview

overview

10

Static

static

3

28e82f28d0...7c.exe

windows7-x64

10

28e82f28d0...7c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2023 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    28e82f28d0b9eb6a53d22983e21a9505ada925ebb61382fabebd76b8c4acff7c.exe

  • Size

    5.4MB

  • MD5

    c95c81ca4e6b8153b458d29186e696bc

  • SHA1

    f97f8f78abb205dda329d89143aae34ba04d13df

  • SHA256

    28e82f28d0b9eb6a53d22983e21a9505ada925ebb61382fabebd76b8c4acff7c

  • SHA512

    b16b34d9865286bad27128bc9cff81ab76c438c891d208015d7f957067a7e5dce228c2cccb9c15fb587f60c30dcda98684b5f7b011ba19793849323a239b2ae5

  • SSDEEP

    49152:lQg2p4oH77z/vVYyuI2LxaafnQqrfHdYmGD2u24ccQ9B1AzA7NUkZ+no6pzUiFR+:9oRG2kZ+nxxEGBRHYFzupjUqvbdwj

Score
10/10
snatchransomwarespywarestealer

Malware Config

Extracted

Path

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\HOW TO RESTORE YOUR FILES.TXT

Ransom Note
We inform you that your network has undergone a penetration test, during which we encrypted your files and downloaded more than 250 GB of your and your customers data, including: Marketing data Accounting Confidentional documents Personal data Copy of some mailboxes Databases backups Important! Do not try to decrypt the files yourself or using third-party utilities. The only program that can decrypt them is our decryptor, which you can request from the contacts below. Any other program will only damage files in such a way that it will be impossible to restore them. You can get all the necessary evidence, discuss with us possible solutions to this problem and request a decryptor by using the contacts below. Please be advised that if we don't receive a response from you within 3 days, we reserve the right to publish files to the public. Contact me: [email protected] or [email protected] Additional ways to communicate in tox chat tox id: A2DCDE8AAC5AB15F552621CF24A44A708EDFD0C89E22AE77087FA1E2F4FA057ABDD292BA6259 =========================================================== Customer service TOX ID: 0FF26770BFAEAD95194506E6970CC1C395B04159038D785DE316F05CE6DE67324C6038727A58 Only emergency! Use if support is not responding

Signatures

  • Detecting the common Go functions and variables names used by Snatch ransomware 30 IoCs
  • Snatch Ransomware

    Ransomware family generally distributed through RDP bruteforce attacks.

    ransomwaresnatch
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Renames multiple (9391) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops startup file 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Interacts with shadow copies 2 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\28e82f28d0b9eb6a53d22983e21a9505ada925ebb61382fabebd76b8c4acff7c.exe
    "C:\Users\Admin\AppData\Local\Temp\28e82f28d0b9eb6a53d22983e21a9505ada925ebb61382fabebd76b8c4acff7c.exe"
    1⤵
    • Drops startup file
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\homnbqpogmwfmjcjqwo.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1720
      • C:\Windows\system32\sc.exe
        SC QUERY
        3⤵
        • Launches sc.exe
        PID:4584
      • C:\Windows\system32\findstr.exe
        FINDSTR SERVICE_NAME
        3⤵
          PID:1708
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\svefksswsxws.bat
        2⤵
          PID:2912
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ukobtaqobeqobniq.bat
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1764
          • C:\Windows\system32\vssadmin.exe
            vssadmin delete shadows /all /quiet
            3⤵
            • Interacts with shadow copies
            PID:2552
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\neqswhsmqgpiaqb.bat
          2⤵
            PID:1960
        • C:\Windows\system32\vssvc.exe
          C:\Windows\system32\vssvc.exe
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3916

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\EdgeWebView.dat.DATA
          Filesize

          9KB

          MD5

          2a3887db71d7010546f355d76a155e1d

          SHA1

          e4c1fca9c71f2fe0bd8eda43d00f0ee9da53b2a0

          SHA256

          81e2d6760e6144e865ddc45b22941ca7ab8f0887c6d8052150a397aefa7b734b

          SHA512

          8487509833757baa261ee03b4e535ede1517ca16a9a1835fda10faa4a1c0740f794d94ed694f1525b00a8a3082560c54cac702a91faef1a2bcfe19422e539e37

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Extensions\external_extensions.json.DATA
          Filesize

          1KB

          MD5

          3a457bda6ae702c9328fa575e73940eb

          SHA1

          57bd89cc960db6aaf5d4a2040a3a54337921ec9a

          SHA256

          ab09b1669066a398d097467337d85be41bb396b3a9a55b35ddb6d713fc5f1fb3

          SHA512

          5dad5537cc8ebb3941b30bdc3b7d9a5486c63b3b7e56741b0380cae905659819d67f5e5fda00c64b65a47521796c34eb2e2ff02a3faf6a3afd7cd522fe5aee15

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\af.pak.DATA
          Filesize

          836KB

          MD5

          b519aeacb7fb376703027951e4d5c53e

          SHA1

          5d8c6153497390fc2214cbb8db03e1ad0ea0f79e

          SHA256

          5e3a64faf80b2eb40f8ba589059e6455a2123e965ff893deaa2506bb2dae9718

          SHA512

          9adb7af027026458fe8e067c942c8abc792ac15225b7602e39afa1a5335fd73adebd31dc98e22880bc6646fb8295c48b5b4be88125d82dfb9b3540c7c9695d40

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\fil.pak.DATA
          Filesize

          938KB

          MD5

          4215ec609b257cb05461f14248780d01

          SHA1

          2a31c66d1f84f9c7db4d443bef74747aacd2ec09

          SHA256

          cb816e999f544fb64444f270075aeacb0110d21ecce6aa2e834d89bf5a9c2310

          SHA512

          ab29c0ef9d2e6f52f209d27fb37c28137e7a91df3bccd799dc96c9b10aa62c6c697addfcca7301f882fe48c1e2ea111033143f514e9a5855830c4c995780e892

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\lv.pak.DATA.vgccfmqdykr
          Filesize

          919KB

          MD5

          2035080e4cc4507e2fcef0238f0bddc0

          SHA1

          5d90c7465ac3457b925656ea92c23a5b8dabc10b

          SHA256

          69e038b638bb5063735bcb234a855281d433444d1d4c983e937b97363c66f6d3

          SHA512

          6c28c091105b7ac2470c3e5e07e8b7eec417785490479101eb439c60575f4bf8fadb01fdde80dc558e4b4820af06bd6233551b303fbd48644332a82e4f8eae38

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\mi.pak.DATA.vgccfmqdykr
          Filesize

          900KB

          MD5

          3ce51a09738ad744b02d549f68d0a12e

          SHA1

          3d918937974fd7924388416b259292fa0b5af622

          SHA256

          d2b45721a58ef0066d79af2289ffdfe90a38cf5459e67e74113f37b54cc2b3e4

          SHA512

          cd3bd05580f38dc472a74348e97e9d5bdcdbb5f91bb0aaf3351a35b86a1a74791601ca25fc4f343f2a834e6cc3e6833a629edcb90ab81e11020c2245c177fbf8

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\ms.pak.DATA.vgccfmqdykr
          Filesize

          847KB

          MD5

          d7a251b597138974ca23b890a17a70c7

          SHA1

          06b2e799b226e933f604586745eafa45eb497338

          SHA256

          7c2979be2ea3ff035701e9878788b6c1700c25453acaf080b060947e9b622716

          SHA512

          e026fb7e89900a16d0da794b612b5d9026f304b9a0ad7079fa1c89e0c8564394985e058216171198fd1830c57f8d819ec23abe34f4c7a0194756c2f09efdbc58

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\mt.pak.DATA.vgccfmqdykr
          Filesize

          952KB

          MD5

          ba7dd742fd9fa010da6c10a81ff15a37

          SHA1

          b213a49e7598d4f6320a252a3dbb3834607775bd

          SHA256

          46a1ac0f04e6534c43489affb5920e1abae498a1594f957e382b414aea57ffed

          SHA512

          878989acd69945d67946612f6396f1c66da8e9ae93ddf1b22e3f6b8c961c31f4839129f0f80ccbdb5fa13f140e08cd93e7d3c1dbf13da51fc8cc40fa938a109e

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\nn.pak.DATA.vgccfmqdykr
          Filesize

          813KB

          MD5

          13946c32477550074c73d3a755e0e563

          SHA1

          3d6f7a9e66b7910793289f3a7979a13f88dc9cd1

          SHA256

          31bd9ec43deede94d92193f863520ed951bf75200724ab66c3b792f792a7012d

          SHA512

          8c00cfab2acb5838a34d43015b2661651dfaa64991504ddfd55148206f21613e9b75e765a9cc10d830c0b9402a7492daff4d21fbc3166e992a6c78b197324a02

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\or.pak.DATA.vgccfmqdykr
          Filesize

          2.0MB

          MD5

          9fbc08f068f49a044a32a9b7b2ca5603

          SHA1

          1113ebd1077387ea0877b2ae66471560249b5f32

          SHA256

          11bbf5487545b5e990639a4b3bff7958e573b8f371702b068cfad786b2cb2238

          SHA512

          7f2e464ec504945a8e6cc6f6bc30d051460796028a9ebe5816cf743f7c5bf4aab6b99d7f818e4165be93c7307740ee016091a8fd3c20fa41850db438fe26e06e

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\pa.pak.DATA.vgccfmqdykr
          Filesize

          1.8MB

          MD5

          a85fe18ed9fc94673861d45bf8ebcae3

          SHA1

          73d17225b87b0bf5d883eddf5f1820e59d60989a

          SHA256

          4fe584eb238638380ddbfb7f8526207c6d3d1d533ad8136ee74d25f5ffdb7bbc

          SHA512

          30a44acbc502eeab878a7b73c20b7dadf460a44e5c8aa2b3a119356eeaae866aa2b054f3c97f2973e100b28f5ec5ba2798f40cd5734dc9803dc2a0fc09147cb4

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\pl.pak.DATA.vgccfmqdykr
          Filesize

          972KB

          MD5

          897f5a1d822d95f4f24a28ae944be3dc

          SHA1

          12849ff321bd5bc7b46ccc7c56a37737d5193b51

          SHA256

          7754e4b119a6b70a096c014d520d35ffffb394b79ad860fb7093bfc4e3398585

          SHA512

          0a044550952461536d6fcd79471d0205fe4260bd7a861290c6f641ce3f9b6b88539152e32d5a46a8f21a3156789b4de769fbbebbdc59c3bcc390e7c2fe511677

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\sk.pak.DATA.vgccfmqdykr
          Filesize

          947KB

          MD5

          40b0ba1febf8b631af62f11588679382

          SHA1

          3e209867277205b57f33b9d4243b9e20aaa15270

          SHA256

          50f0c193ddbf1b05ba85f3b894a8c07785e45a788aea38c753573045dca0d68a

          SHA512

          e808068fc2235410f8507bf0f3ca3d71b321ec3ebbcd353f77b3fa00342859415c00d54aa998d084da213fbfb9d69d19891398abe7080a610d708d65bec39d19

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\sl.pak.DATA.vgccfmqdykr
          Filesize

          896KB

          MD5

          290ec303c1cdb9fb08443deb58cd3a72

          SHA1

          fde1df35d5c843b270e26ebac23a5bec07206ff5

          SHA256

          2e9c4fb61c7cd0178c28e2459769007d0016cb1f2ce73898307d35e55b16d2c4

          SHA512

          d66585bce749fdd9f7cd1e797a66d47a9fcae838e6811600e6dc462a179f0c3e13ec4b9ca2f03c47611ca6e4a5ee8d8ae98da91776c8aaa58b88519326105287

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\sr.pak.DATA.vgccfmqdykr
          Filesize

          1.4MB

          MD5

          f3a4df4fc6bd04a52133461ca999981c

          SHA1

          25fededf3d7f4c021012315dffde93ff36b41186

          SHA256

          d411e9ff1c47e228d84570d5347fd6008be8c62842f945516936464830459dea

          SHA512

          5aa810cacfcf463fa2dacf1da9d0a8181fb3fe2bd6c2759b954ddf46d3eea35dcb613d35cc75fa83eb6d5e6c96048cb44a0947f7287724dfc8bbe4630e71b5e9

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\sv.pak.DATA
          Filesize

          833KB

          MD5

          3d2c2d997661e24cd9207f92c9fde451

          SHA1

          9b9373343674bfe9afc449bac6385f32477742ed

          SHA256

          c8f4f15067f28cb69f02fa8ea6af6d431ce78bab56d68da647a5a40a1621b0c9

          SHA512

          558a3ee43b7b9c23e46baa290748c405eaf29ba2a573b604293402efc18e00a71876e16c78311be10b67b2ed8ab3a1a793b39c3b8df4dcbd414f539adcfc3b54

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Locales\ur.pak.DATA
          Filesize

          1.3MB

          MD5

          f1fe62bb9f1510d665e186031818884b

          SHA1

          6435b7c31ebdd5919729f27e38b1ad1194069908

          SHA256

          a9ec069c26ce87f67177750a12757c74ef76506a79a1ae8b6dc1f5f19dd66d6e

          SHA512

          fdd220bd987e7551ef0b71d7a4b9fa7122555f8b83178bd22810ce3a34f2fc1f2faf45518e866e00849662aee24d00e1117e85053775c53a6c5f24a9876493ce

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\MEIPreload\manifest.json.DATA
          Filesize

          1KB

          MD5

          d0ad124a68dca3d627ccc0ad3861f78f

          SHA1

          f27cd2df10f1d57930500040ab11c17b05197c6f

          SHA256

          782f1b7d70bfce9c08880cecb8c69d1ff6311df0a6023e31373d351dd502d66a

          SHA512

          1977b08c793c3b3d6f46ff33303e70508d39bb171c7c5e583ba35f5b46700f620269ce487d2152ce6c5835668f73d75ad19c6b2139f79240598dfe15426dca7b

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\MEIPreload\preloaded_data.pb.DATA
          Filesize

          9KB

          MD5

          22f1429a27c541b5f1e1aac0e0c6757a

          SHA1

          ac410139dc9383bf8dfe08516f31b40ff0959f15

          SHA256

          fe910d510b7c796cf0e9beac5372a56dd5fba26ecaa2124d3a9304d71578d12e

          SHA512

          52e721c3aadb3d6e2eb0fc7f65d7182664f1dff3d7b93f0bb66f47798af4755124fc56e2c417c31e7226ea15c7d1c1dc17bdcb4d9785cfdc45ba24d9b1efece6

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\ResiliencyLinks\Notifications\SoftLandingAssetDark.gif.DATA
          Filesize

          159KB

          MD5

          5d3775af93f6e20b61cfc6f6d3c84e0f

          SHA1

          3078301490c186284701ecdca67cfda9f8013c85

          SHA256

          171ea2adbc971fe124368b4a97d9c66c828c23709ea8ac101fdc4a71c423a629

          SHA512

          d7a36928b750e1cf3d999d9909bb4b67a4cbc62dd7ef8bfbbf806d863914d457a743eb6ceb616bac9761c25ede13fe422e16658d1ee62e4e01d3964e2bccb9dc

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\Trust Protection Lists\Mu\LICENSE
          Filesize

          35KB

          MD5

          3603fdc4d1918a67a0a5764bde8af902

          SHA1

          69e939264b2a1ddf1d9d8ea7c271e32337558d61

          SHA256

          b1f64435074d6434dd7c42b4d64506b34d3d00e72dac277d5e9448cc41ab218a

          SHA512

          d3f8666ddb49e934bce7ea8af8127176f0f69004ac6be5c5d7e6f91c070d6474e9a9fbec89aa0a75800ef5d5da4eb0b8f793a5e8ea9f7f7fcb440d01466cd06d

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\Trust Protection Lists\Sigma\Advertising
          Filesize

          2KB

          MD5

          7af788dc82e09d5d0ae6832ce4c84767

          SHA1

          c3ccabee2528f673f9ca15bd33ac7c47a71bd701

          SHA256

          ea68f925386a200d9a95887902471d604580fa3c4bf77d2a3f2fbc44502c1a26

          SHA512

          e0b15e236cdb0a13c64aec0ad0953682bce57b4a103d0d2ae4fd5ec5e09d849d6eee0d958a2cf0517ae5604be300d3b79b7158e0d156042006d6445f38ef1aa0

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\Trust Protection Lists\Sigma\Cryptomining
          Filesize

          1KB

          MD5

          41ef8431e12e5788e2af559106186b79

          SHA1

          407675eda945b8c382e8778f96b474f55827dc87

          SHA256

          d71e6713b8082d24e2f3db079de59133e210f9cc899ca99553bd145c9826097d

          SHA512

          9bbb8471c8a23912554efd119d997733ae437e97657ea6ed030d4e5a70181804f4621acfb2eccce7fa257dbacc456c195db15c4556ce20d185d82339713d3f8d

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\Trust Protection Lists\Sigma\Entities
          Filesize

          10KB

          MD5

          f0c851d48a5b425ca07b2a07f621af89

          SHA1

          9e07938b62a0d3b8b72fd22d15c4cb0b35d7901c

          SHA256

          a7ea8ad983571e0806e0bc55145526ee4265b360534670a4c6eec79263036c77

          SHA512

          f45a2b722910f7d310a0e68d2b247032f0ea17906c36dc3fb91f21946d9ae357f5af87f0d0c6da7e84559e80a096129082624b8721581686c34bf2bb5d044723

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\Trust Protection Lists\Sigma\LICENSE
          Filesize

          1KB

          MD5

          66e39c95c94ac176ad461ee9a24c3005

          SHA1

          a35b2adbfe2278f50eb73132d4d1cc84ad615bcd

          SHA256

          1bf13cc7f0b6656452e68ec88589b7c4f5a9d1b34ef68a0af6da6ee85d6ab6ed

          SHA512

          e4db494c77d39f9f33016b849f4eae65ee12c3a0c67fc7fc8983aad01318ced2039fdb874dec7fa6e01a1d91533fb17ee4ca27ee25890b3f3e9c36cadda3623b

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\Trust Protection Lists\Sigma\Other
          Filesize

          1KB

          MD5

          139fb1c3e60a2397649fc27e9287ed03

          SHA1

          8107c2805aa9f1b7eb4d6bbfc8dae632c000df5a

          SHA256

          e51b4976eea8746f61b58908996a95faee2da0928df4867ea34dd61ee13ab4f8

          SHA512

          64ad6ecf1c930d57c51bcb33a0c0e5ba14a5c5af427c4ca8f0d307d2bad2283e7b544a79323056fa0ce6b5505591940eaf3c3d6dfc2afc00c58e3016eb25ff6e

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\Trust Protection Lists\Sigma\Staging
          Filesize

          4KB

          MD5

          05b34e38d56029638e2b15708f7e7e8e

          SHA1

          7292747ea94dbd08bc587afbf78416dafdca37bc

          SHA256

          2ed70176372ebc873cf45d16759a9e7efa5fdc61095e51842e35a72ffc92c45c

          SHA512

          666c51f392eaf9159705e1203c19e584472f5c8118c0fdcdd2752ee3168bf5bc77eacbe97d87ad9e244d88b1a5fe3f4091cff6f0ca31890bc2235d24b5c5bde4

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\VisualElements\LogoBeta.png
          Filesize

          30KB

          MD5

          0f601d14337293766b51fc52d5060e8e

          SHA1

          5a591b51d120fd236472b3f49c8eeccb4a8bce81

          SHA256

          818d3960118abcdddb7583d2e30b14f7537c9f46da56e96a813e343b92d1a0ab

          SHA512

          68be87191d87f0677b627a6686f130b46fcafc0935d7bb96d515023d98ebd4e4a89275954bfe7b34f67a2f23f6701f6f1a0b1406c77d9dffc97161694c3f6436

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig
          Filesize

          2KB

          MD5

          3c4de7ef5d7c0fe589f5b28b8eb88eb1

          SHA1

          309b20920066433eaecf77c7e3b816bfc53635d0

          SHA256

          0faf9348ea19cd06b2887308aeef8e2bed69fde66c58e129c575c05306517ff5

          SHA512

          43246331ec8d22541f8a6d924bc0e6a01c1157574ed584d31f5a370b1f3607b36ae4c2cb98dd5878d016860849849a2c59ceb3cc5aa369880a786f2ec9f2db35

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\WidevineCdm\manifest.json
          Filesize

          1KB

          MD5

          94becd5b3ca95fb6ecb36c6f65514696

          SHA1

          fca170a7df21b46c358047588d1336c9fe1fb9cf

          SHA256

          8ddc84352e98edb8db08af307822e41910efc94a092a43ece37d1947ec0c94b5

          SHA512

          6872989487cdbfce0139b7275873217a5e2331cb1b8ef3a47cab76f87065a907a95d9ba874ec0e680cb462e7e39b28fcc31750494ded4049e1dbea0276c67164

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\delegatedWebFeatures.sccd
          Filesize

          19KB

          MD5

          bc23045d713e2c78b3beb5b99d28db40

          SHA1

          dde65bfb463e7d5bbedc64ef8966f920b2fb52e7

          SHA256

          dc03890a2268b6040f0e24e726e63a6f2193d84673a201b0aedde24354784a76

          SHA512

          2a2d0ebb0a68dfc126e2dacfe1eeb330eac5ba634b694544085a2d46a360d594edcca19191d584723d70a029060764889654976d796eb854cbaf494dcdab2e62

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\identity_proxy\win10\identity_helper.Sparse.Beta.msix
          Filesize

          54KB

          MD5

          147b99770ae7129986545862600a79f1

          SHA1

          bf74cbf74db8e5bcaf8ca35ce85d62a5893d825f

          SHA256

          fac36097b34644fae24b68a12e64aa0b618f513f6af6d533172aa0a6de465f8b

          SHA512

          0435ba3c90da23941e4c3a95dc0b5c3b254ce32011f435217a2f4b3259b1e0b60a545408c8ff865e7897fa0b56f221bbd0c22ea3356431f9d2c24b44b6af7d28

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\identity_proxy\win10\identity_helper.Sparse.Internal.msix
          Filesize

          58KB

          MD5

          c942a9a1920af7b576f9706c8bec35b0

          SHA1

          f69e95abbd50f91ca0eb77ddba759593e37d22fd

          SHA256

          cf6f21d2e556492bb10d0afaa5572fc981f584b7f69c95b4be932f863c3a7b39

          SHA512

          b7de9c5fd7a51fe901bf3b9ac04f82c5b70194b9a88d0946767f67c14cae36f4ea0bb18d6f095d81efe490676b97c89bff961366f0f4a5e1df7b59de4d8e5c03

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\identity_proxy\win11\identity_helper.Sparse.Canary.msix.vgccfmqdykr
          Filesize

          54KB

          MD5

          95879c60ab70e848a0758ebfd45c6d7f

          SHA1

          3f1c480b00ea132349af878aa08d8fa9dbab95b2

          SHA256

          40637b12a85860a4ec3f9697434c621a7a6b1ca51cdaa1966f6045ea7a2f2f22

          SHA512

          c2549cb24ffc833c378cac5e60333faf22a06fe124658690ce90415a7a6894a5fd6bab47e980aa7aab60a7668f5fce7dd3a2aca7047e01335f8d60e4da9339e0

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\identity_proxy\win11\identity_helper.Sparse.Internal.msix.vgccfmqdykr
          Filesize

          57KB

          MD5

          7fe6d38490e4c35b4caac8e349975baa

          SHA1

          a026df973a823010ae49bd7c7fdfb56689521694

          SHA256

          5600cc6adffb3dadb46245d1b6392938c4f18b7bb0e90eaf00f5af9afcc697c5

          SHA512

          96c8cf1f648b5df342a115a355721ba7c9ab7020ba55edec7ee2490bf71a3e0eeb26929750ca12ef985c257e9a3e4ffe2fc0fd93115da7c7bd4c2b698e6773d7

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\msedgewebview2.exe.sig
          Filesize

          2KB

          MD5

          318a984a24cbe008a9c9a5a771e632d1

          SHA1

          9c4f02e56437476ea98143c1f0378dab97d430e7

          SHA256

          68621137a05e4aa8f3516f39da54d2894edb68dbc30e80d0cd77c3614d9a8d48

          SHA512

          ced15381cd0e10489f053c1d5a3cd3ca329b0461f5315628ea1f9792f0127f2f87451ffc4af329b0ef6333e6217e5974be12f92e7e3cbde49888814fc1804aef

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\nacl_irt_x86_64.nexe.vgccfmqdykr
          Filesize

          4.2MB

          MD5

          476364cd9a41ab7cb71055bb9ebf5ec1

          SHA1

          5e667a43ca768df7a9be18a65948f09e7f85b57b

          SHA256

          61a2d03a25a12597d1d673c4156feca478d9e0b29b275869f95a513fd10f0ab7

          SHA512

          9b495e4b9dfc3c666125bb165e7817c10fada8ed0a6b161cbe8c15183632ff83809db4da00e8ea1ae92494ccb92e6b952bfb5bfcf83f1b0a578a7b75a0a1358a

          Download Submit

        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.76\v8_context_snapshot.bin
          Filesize

          598KB

          MD5

          0e39ebfa805823e4e444c6b64038f7dc

          SHA1

          dfa099b4bfa715c9866c3f8d42ed08056d3947e1

          SHA256

          01285ab109167f145fad9e25942fbf42995cf653e36f96f7eddf03456c6c9ba0

          SHA512

          fe0d069dc6beffa31344ba3a2ad4dd46d97d4835290ebe20a195c74fe3e52e670060ecc972b5245a29ec53d68e8a255ad6ee5cd87f18c6d3d20a25513eaeb29c

          Download Submit

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\HOW TO RESTORE YOUR FILES.TXT
          Filesize

          1KB

          MD5

          51c08d5554f9f1f08ae6d6459418f5cf

          SHA1

          5f3b81daf238348c3d85c5558aa2d44ae1925328

          SHA256

          032b6e54166e5621813dea997d5186db8762985a714601f19fa6ef8fdd7370a2

          SHA512

          6300cf927c70e6757028b489cad2eba0d2a9a0de2e09ce367d584491a9a11a374bc26c630620ee409ebc39a3b6ad81f23021001763a10de810cc3d95fd6e3238

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\homnbqpogmwfmjcjqwo.bat
          Filesize

          43B

          MD5

          55310bb774fff38cca265dbc70ad6705

          SHA1

          cb8d76e9fd38a0b253056e5f204dab5441fe932b

          SHA256

          1fbdb97893d09d59575c3ef95df3c929fe6b6ddf1b273283e4efadf94cdc802d

          SHA512

          40e5a5e8454ca3eaac36d732550e2c5d869a235e3bbc4d31c4afa038fe4e06f782fa0885e876ad8119be766477fdcc12c1d5d04d53cf6b324e366b5351fc7cd4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\ukobtaqobeqobniq.bat
          Filesize

          47B

          MD5

          2202e846ba05d7f0bb20adbc5249c359

          SHA1

          4115d2d15614503456aea14db61d71a756cc7b8c

          SHA256

          0965cb8ee38adedd9ba06bdad9220a35890c2df0e4c78d0559cd6da653bf740f

          SHA512

          cd6ce6d89a8e5f75724405bc2694b706819c3c554b042075d5eb47fdb75653235160ac8a85e7425a49d98f25b3886faaaec5599bcf66d20bf6115dc3af4ba9c7

          Download Submit

        • memory/1540-311-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-304-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-276-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-267-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-266-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-264-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-265-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-288-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-289-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-19-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-16-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-15-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-290-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-0-0x00000000001E0000-0x00000000001E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1540-14-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-281-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-310-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-305-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-1-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-315-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-312-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-314-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-632-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-564-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-557-0x0000000000400000-0x000000000097B000-memory.dmp

          Filesize

          5.5MB

          Download

        • memory/1540-555-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-552-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-378-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-317-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-313-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-316-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download

        • memory/1540-23494-0x0000000002CF0000-0x00000000031D0000-memory.dmp

          Filesize

          4.9MB

          Download