Resubmissions
11-01-2024 16:01
240111-tgd2laahcq 1011-01-2024 13:57
240111-q9c38ahbcn 1030-12-2023 02:18
231230-crebnsadgm 9Analysis
-
max time kernel
841s -
max time network
880s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system -
submitted
30-12-2023 02:18
Static task
static1
Behavioral task
behavioral1
Sample
Satana.exe
Resource
win11-20231215-en
General
-
Target
Satana.exe
-
Size
49KB
-
MD5
46bfd4f1d581d7c0121d2b19a005d3df
-
SHA1
5b063298bbd1670b4d39e1baef67f854b8dcba9d
-
SHA256
683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96
-
SHA512
b52aa090f689765d099689700be7e18922137e7a860a00113e3f72aa6553e94a870bbb741e52de9617506a236a2a59198fb224fcd128576d76642eec9d715df5
-
SSDEEP
768:AbFw10RFnAwJM7MiqwecUaX5h4IuCdYa+XLXTGY1idL2WYiwtDj:Apw10vnAOIUaJh4IXdWXLXTWLfuFj
Malware Config
Signatures
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Executes dropped EXE 6 IoCs
pid Process 4588 Satana.exe 5052 Satana.exe 3120 Satana.exe 740 Satana.exe 1300 Satana.exe 1320 Satana.exe -
Modifies file permissions 1 TTPs 1 IoCs
pid Process 3320 icacls.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of SetThreadContext 4 IoCs
description pid Process procid_target PID 3196 set thread context of 780 3196 Satana.exe 40 PID 4588 set thread context of 5052 4588 Satana.exe 123 PID 3120 set thread context of 740 3120 Satana.exe 128 PID 1300 set thread context of 1320 1300 Satana.exe 132 -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\setupact.log UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml UserOOBEBroker.exe -
Program crash 4 IoCs
pid pid_target Process procid_target 4620 780 WerFault.exe 4000 5052 WerFault.exe 123 4188 740 WerFault.exe 128 5056 1320 WerFault.exe 132 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133483764979480634" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-771046930-2949676035-3337286276-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 1040 chrome.exe 1040 chrome.exe 3024 chrome.exe 3024 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe Token: SeShutdownPrivilege 1040 chrome.exe Token: SeCreatePagefilePrivilege 1040 chrome.exe -
Suspicious use of FindShellTrayWindow 42 IoCs
pid Process 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe -
Suspicious use of SendNotifyMessage 14 IoCs
pid Process 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe 1040 chrome.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3008 MiniSearchHost.exe 4036 OpenWith.exe 5064 OpenWith.exe 3544 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3196 wrote to memory of 780 3196 Satana.exe 40 PID 3196 wrote to memory of 780 3196 Satana.exe 40 PID 3196 wrote to memory of 780 3196 Satana.exe 40 PID 3196 wrote to memory of 780 3196 Satana.exe 40 PID 3196 wrote to memory of 780 3196 Satana.exe 40 PID 3196 wrote to memory of 780 3196 Satana.exe 40 PID 3196 wrote to memory of 780 3196 Satana.exe 40 PID 3196 wrote to memory of 780 3196 Satana.exe 40 PID 3196 wrote to memory of 780 3196 Satana.exe 40 PID 1040 wrote to memory of 3396 1040 chrome.exe 84 PID 1040 wrote to memory of 3396 1040 chrome.exe 84 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 2848 1040 chrome.exe 86 PID 1040 wrote to memory of 3588 1040 chrome.exe 90 PID 1040 wrote to memory of 3588 1040 chrome.exe 90 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 PID 1040 wrote to memory of 2764 1040 chrome.exe 87 -
Views/modifies file attributes 1 TTPs 2 IoCs
pid Process 3148 attrib.exe 4368 attrib.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Satana.exe"C:\Users\Admin\AppData\Local\Temp\Satana.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3196 -
C:\Users\Admin\AppData\Local\Temp\Satana.exe"C:\Users\Admin\AppData\Local\Temp\Satana.exe"2⤵PID:780
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 780 -ip 7801⤵PID:3024
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 3841⤵
- Program crash
PID:4620
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1040 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffabc9c9758,0x7ffabc9c9768,0x7ffabc9c97782⤵PID:3396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:22⤵PID:2848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:2764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:12⤵PID:2836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:12⤵PID:1568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:3588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3924 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:2416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4260 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:12⤵PID:4040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4240 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3676 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:3856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4168 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:4540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:3200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4192 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4164 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:12⤵PID:3156
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3464 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:12⤵PID:4492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:2020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3436 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:12⤵PID:4540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3304 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5252 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:2304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1508 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:4676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5136 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:12⤵PID:912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1640 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:2532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:3272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:3544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3948 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:4976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:3344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:1412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5088 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5468 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:3356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:464
-
-
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4588 -
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"3⤵
- Executes dropped EXE
PID:5052 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 4244⤵
- Program crash
PID:4000
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1476 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:4980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1560 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:4036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:4640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3284 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5264 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:82⤵PID:3860
-
-
C:\Users\Admin\Downloads\WannaCrypt0r.exe"C:\Users\Admin\Downloads\WannaCrypt0r.exe"2⤵PID:1508
-
C:\Users\Admin\Downloads\taskdl.exetaskdl.exe3⤵PID:3956
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 107691703903580.bat3⤵PID:3136
-
-
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
PID:3320
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h +s F:\$RECYCLE3⤵
- Views/modifies file attributes
PID:3148
-
-
C:\Windows\SysWOW64\attrib.exeattrib +h .3⤵
- Views/modifies file attributes
PID:4368
-
-
C:\Windows\SysWOW64\cmd.exePID:3064
-
C:\Users\Admin\Downloads\@[email protected]PID:4036
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet5⤵PID:4412
-
-
-
-
C:\Users\Admin\Downloads\@[email protected]PID:1208
-
C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exeTaskData\Tor\taskhsvc.exe4⤵PID:640
-
-
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2800
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:908
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5052 -ip 50521⤵PID:3380
-
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3120 -
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"2⤵
- Executes dropped EXE
PID:740 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 3843⤵
- Program crash
PID:4188
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 740 -ip 7401⤵PID:3032
-
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1300 -
C:\Users\Admin\Downloads\Satana.exe"C:\Users\Admin\Downloads\Satana.exe"2⤵
- Executes dropped EXE
PID:1320 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 3963⤵
- Program crash
PID:5056
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1320 -ip 13201⤵PID:4772
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3008
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
PID:1532
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵PID:1684
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:2236
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵PID:4712
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:4036
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:5064
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:3544
-
C:\Windows\SysWOW64\cscript.execscript.exe //nologo m.vbs1⤵PID:4580
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete1⤵PID:4580
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵PID:556
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
201KB
MD5e3038f6bc551682771347013cf7e4e4f
SHA1f4593aba87d0a96d6f91f0e59464d7d4c74ed77e
SHA2566a55e169bc14e97dfcd7352b9bc4b834da37dd1e561282d8f2cc1dbf9964d29a
SHA5124bee876cea29ad19e6c41d57b3b7228f05f33f422e007dc1a8288fd1a207deb882c2789422e255a76c5bf21544f475689e7192b9a8a80dc2e87c94ee0bc6d75f
-
Filesize
1KB
MD5f63d40e34df492cfac19ffc4227456b8
SHA19fcc0a6941ce63511ca3d8e5e21a9b8934b7c5be
SHA25652815f307668dbacd33380bd5c491ffb02afd9017221369543aaca1c22d395ae
SHA512e0a86143bb6a5f7c3a22f465591dfc382ad99aac8bc92b6da830b2a2aab040a1dc7aac829929e2dcd07b877ebd14f5284a7d11536f6eeee674fdfc09c980aa16
-
Filesize
2KB
MD5d5b1b083b7ec6b62ed03cd2538148d69
SHA1c5dbbe1859800b3425205ec9e504c13647d7e81b
SHA2567ece152f3e3c793d43f674f8a892958b5ad02dca232a2e7aa091aa164c63908f
SHA5124364a1f1380d40dfc5c6a159b4d774b73b7905e87f85dee034651507e3832c2f593dd6bac50542422557f9d46e9a82135ee44f1aa22d453ca378506a1d8b5b00
-
Filesize
2KB
MD56b1e42f76fc2c0db13375d0c173f9a58
SHA13b0d5dfb7d2a7487271c00877a5cdde5134a0d76
SHA25635bf32a2ecbcd3886889f4a9c593936b5a3b9d5a2f8f597af1e558334fb0c0f7
SHA5122bbeadee4ad13a748a49858c77eb296046b35ace6018069e12666689ef788bdb2aa7249ce4ec2bc272cf6970fe69a15e8904315c80f2de6dd9fc5d32166a40bb
-
Filesize
168B
MD592fec6878e6b57089ecd41f6b8d5c5eb
SHA1074ed9b3ed4694592a1fc4dae142b7e4f347dbf8
SHA2563d3b83814d88bf4acb76e9cb762ab0eee5da4b10730704a004fb8b1800811c6c
SHA51204006ffd8a5150d597a27d818be552ebe977d305f3ac9ba1d68e9c3e3e6b0eb02a8e2530f73b4d8f8e60cd9e4294048200856229aadbab50d326d406f9eed422
-
Filesize
2KB
MD56e84d6e70659fd273c6f0bb495751593
SHA1fb47914e4294de0f48f15cc880aad216679ef7f5
SHA25614af80d6feb836fb8252fdf3216c082b2e108f4c4a0c8d4d00f9ddf208e4ee0f
SHA5120801eeafb78ec8d565aa6d9e69b3104eaa928d5d5a93964176094a111a4983f53fc09475cb850d2b42abe1aff6ee4afb384fd05910fc4b3dc0a2209f298c3b74
-
Filesize
2KB
MD53230d97604e15e612e2c31133ab3d1c7
SHA14a60d174597360067fffb56b0ff838d4571fdcac
SHA2569594b0cef468ab59e984bb359ec82f74ef1946dfa5660ae063e2c05d290489c2
SHA512cb9e26f9c6883b7735bdb9aa5fd0d83d625e74cce0ef9eec5bdf7cdd154a85a7c28424e1f5c5aad0c7d2f993b7cd68b42fa5367c7852f4ec503b70216187a96b
-
Filesize
2KB
MD5cd703611c579d25162f2565e51723ce2
SHA12089a49c8bdfab1f1a4a1570b1736c255fbfffea
SHA256a1f77b498bfa0c39c4ed44bcf9344b8cbf7124c83f72f90b84f025c1df138d27
SHA512cbbd7c2166352d43047768d4cbf1b7c966b7e9f98eadb55a99b6e06682dcc2a3cf99e3a7d8f21a701526fc602596d921997b8a02ead6f9eaff51b03a4023bb67
-
Filesize
2KB
MD581312dae21ce2ffc4d76ed6339a11eae
SHA1c2533b931a6d2f310d6063a283eefe9828cbd750
SHA256af23ce321cef0383d44c27c699dc66bcdbd17ae66f82bb84f28658d38d52a03c
SHA5123b06964bae5149d67cce2c08fc9e607c8241e61eef82af50a3484011ce95c94ac2a6cc1113b77aaa3c8a8a2747ee9204ceac11f0012500bb8f1d99b50661e053
-
Filesize
1KB
MD5374b2b3e3881f14e2980768e0a1b05e2
SHA12042312c70d6a7b1650caa06edf975231bb57f34
SHA256d6cdec83e7abf5daf235da2e2210c71374aca1397dfebd0598b4e3de109bd4f4
SHA512a26ce677e7d2908766f7fa813f33408836a5885e6db9d3043faf4096d039ae17f6710cd34041bf5164f705f67a5a58804598d7e8e949b0519ea322dae17df779
-
Filesize
2KB
MD5a7c7a59deb667012f1136eab167c2150
SHA1bb2762e55049b58ba3f2c844c170b34810091dac
SHA256f4596d1423571aca4515c93a96c8bdc342f7d77ae6294db5d16013214ebacc48
SHA5121e4e1348b67f934ac8dc55d2184fb0f839d9f9bd4a8ff17590ac86f314127a5d10b5dde6b43217c8fc894318103b088e6482e08d8c883b1deb8ab136a26c40b8
-
Filesize
371B
MD5c32e825dcbdf5a4d7ff4f92b68373ebe
SHA1c23a0f44a52c34ec5d90368be33a290e34e0cfad
SHA2567f5e8d992be7f26b8c8f135fc0a82e0f3fb537e6688656ee5a318ce48aa8506f
SHA512cd1e280c693b1faefcd15b281cd29024a42bbf1422b882734264f0f0db60d5947c01cc9e0beaa7ad2cf65ba665ca78ef7afffc5efd66488345c541e939c64b91
-
Filesize
1KB
MD58f627149a47c8901c1531420ea5e646d
SHA14cde485af7413c1c6cffb903fd49349ad38e7335
SHA2562f9f859242607abe19efdf3b7c20d47bc966275ec4fe588718b14031050ee1be
SHA5129e12c4bcc353153c4cf91c6cb222814e32f94a3ddcb3d44c6d8748acb9dfdc82fa92acc30a7a3bff148c3e5903eb1504713c1c3b90bb77316bcd34d8d76190eb
-
Filesize
1KB
MD523c26a63c49f825477b6fe801ee236d6
SHA1169309749f31b072e6121835aa0005e829c4be71
SHA256c8cdbf837ca5510a817385a3a3f6d77cb55a22f9526351062bce0a643e3d04f9
SHA51239b860bd74b86e0d1752fb75fda6877e8b534218d96b4cc37d504ae60070769b3375c397de597d7564cedbd76cb50f9f5046d1747f0faf382ac66e62e8f75f99
-
Filesize
1KB
MD58944e3306d615a9510dac298def8a67c
SHA12493ecc3501546075e345b104a152fe74b5006b1
SHA256a8a8bce43107af51ca2894660f56796fc25c12fa8d4914110f4120503e110054
SHA512dd8dba0a4bd0bcab4c43c901f67f6f83104da081f9819cf9b90763a795f3799f7ffe4a43ecb809263403cc70e6c0476e8e53326e12a4e8f5f331ebee3213c4a3
-
Filesize
371B
MD5e5f73a6a709bf3a1cd154349523a9c95
SHA1d740716166e4679b480545027ce5400c71626917
SHA25644d0296d85078935f1898d7d4e7a45689140e546a0358b6b6ddd7ace11741f37
SHA5124e0c45c21011c632de18351940bd633171e4b5a9e5dfd1da2dd6a2fed5389710ca250020c4ab55ac018932d11eeb56d0e06834a49ed6e86026158e9a1c336362
-
Filesize
1KB
MD5fbba61765394dcd54a33f99640d8b900
SHA100a7e42e6fdc63074576656e619a7f7762d36b72
SHA256320e0327c9182e81fdd92352ed97a96c04d86caada4ef8294906dbee843ffd75
SHA51240a9ce2d3ccbb5564dab776be9580ba8f7df4651c42a778a018dfc3d408b6015c77402a46f357cb6ca6fa2a275afabfdbf17dcf624ba625229c55b0f966831eb
-
Filesize
6KB
MD53560e0d1e92f33cfe7a61b72921e9ae8
SHA1ba7d6b253da6f4e9be1871f5c53bae97015a22ab
SHA2563fcc2f4c062108bfe06334f64b7d84967238d7c8fc6c98e094720b8af071b520
SHA512cd955494ef83d231144523e8d4fd9010b3fadc511fbcee17b306643adf40fb746b695af582ea3bc39e0ae331a341c8afbd3dbf9370f74c32c5788a982694cc53
-
Filesize
6KB
MD5d16d49a6ccfa5d0d883df2d118facef1
SHA15d1e8a26c508f207478661e2cd734aa73db9b761
SHA25640178460b3037e6030858f114e74604f70313b452be467a8206ef5068db92b68
SHA5124c616a3806e867e76e5c708fa0293d52154f3ce909c050cbf1e8e3762e2e25ba92ef1ee98149cf6382d012948adc17da3e00785a89ee0b9a4e146f84f12038ef
-
Filesize
6KB
MD59275d2e347b0e290490a2da168ddc67c
SHA136062ddb1afd4efddae2c750844ec7c6470b0c35
SHA256dc75185acb07c92660a79b8ffb4c693505aabfb38a7b517f24729441f106422b
SHA5125e993a7d50dd37a47fb2dadfc8ef981a0f9fe730bb08f77de1874edaff115fab00f7198644be7803815c1c118ec30cf7304668f80f2ee93806ae1e5b7edd0683
-
Filesize
6KB
MD51fe8dbd0a1b59158f18e745a5ffa0454
SHA16f12c3949f7957884e9c30fd64625013cbcabc11
SHA2560bb7e386409e442309b8dc7177da36ed553af8ccef860e5d3d01fb06e501c28f
SHA512f57353b2c7caa14a1b3f141a753844fabede71874d8dace285443961b105c7bc71f97d7877c6f6f50451634a0e2675efb45d5c43d11c37a3cc4808561e9d6246
-
Filesize
6KB
MD5d6c740161a2156036b9a85b4aa9f2100
SHA1434acf130b71febe28cf59a7a884291dd15846d8
SHA256e74e2ccd4f04b05304adacbbd0c4683ce1816fdac77c3e382204fe2763995253
SHA512c02c9acc9ed678d51ee4a7154dfe87cb82f6891925f34813edbcc31972465dfb5718c15379522a315ab36e994add14d110f3e57e1f0986705d9ead3b84172ba5
-
Filesize
15KB
MD5c59b26bd10cffd45b173db45081dbc8b
SHA115de935f7b50c1dea745458fdb5e1a78e2cfb347
SHA256b3af4cbb98fb8f71c99b742dc5bc4a4c2e0cc21d2e79365405a1d00576231138
SHA51295b2506935f57415e1429056e6f9ce3db951a80a6c90c0e1b44b3c7b86ef5e5ed805e6dd1730d5ab94b069a4aefbd228b2c98798012ccedbbd9c8adbf38f9f0b
-
Filesize
224KB
MD5ffe8b0d61a9382801f32c671e9e4d68a
SHA1cdc35d89f16c1121827cd064293ba857d348e5d7
SHA2564b9e1af73518ef93af1d20c6bc8129a5c5a8e055f5e48065394374d8a3b6bad0
SHA5127ad75b0e60264ae296633bf9fe2a7491cf0d5bc7835eba8d6d2771af19245169ed74e873a3dcf1986af1b6c780e999c2f571e56f19c1eeac3f7194d8128ccb31
-
Filesize
94KB
MD5a56346a663cfb5b2f643f5ce48d18f62
SHA17553c6291a2de47b68f33f8ec4f4353586562096
SHA2567072dbf328a603390689066ec6f21a28bc51f063103bc906d9842ffa451c2cdc
SHA5120ea844bd10ad4de0519c908697403346e6765436b09c263da4c20c969056798363a419a0bd22e546194e133d64b8fd1cff255f38878c3ed75bddeed7031e0d6e
-
Filesize
100KB
MD5558baeaea3e5787b55d984d57cd1bac5
SHA110ca9081b99d3a426ddd6ff8dad09a574328b4b3
SHA256b8f781ca829d8e1bb0f57e585b5f7aec857484dfef2dc1f5f9e868460259c679
SHA51280ae3fa72d55c57b2ec90ee10e02fd8f57fabb667c6b3883952d9a0392dd348a2aec40676b1ea42af972b0a015d03aa3bfe5389fa8b3baf8cf396646e6fcd046
-
Filesize
90KB
MD5dbf8f2b680f096e876258c8b95282d70
SHA164b60ffe199dad9b7294428e45e8236f5a3f60bf
SHA25608a4c32c5d11e8b857ecb314eb869e6fc9355585506f520d1bdddf81945ead06
SHA51239319f54321c47f1610ac76d7d31b2b80b34a355229f238bb970ebcd9bb44cf41db1511c7c1c15f52de8cb0c7688583652f45a4ae17ffd6574f18d7ac99a2e19
-
Filesize
88KB
MD50828d803e0dcccb7c438c113efb03f4d
SHA1d632beaf06386ea2a4c25ea38d423563a412fd5a
SHA25623ee567ac7db247e273745720112004e00c33b7c2457fe6eabd75d795f3c2552
SHA51203acb28d91495ecab70b8b764fd5bdf9ff03a5256c2a966e1ecae724a5da09a2378cf24c14a4c9acba3e5f04dd13def83ba70185045f0ad85d0dc1cd0b61e74a
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD594a3800cd07b487c8ea7b23fc358ea29
SHA14fb9a6ef780d93728e3adc9c17377f2ee7b2f70b
SHA256c4cb6a098a5b4108493ab8a117b7cc7f7aac4b8a4df48e32c6909c8a5f96a351
SHA512ecc32f9527fd245c893ac1256c3ec86c2256f1f1f7d92705348e108a6997ed1588bbf18d0e2d5c2b02e87f8d849ed2856149b823c66be0cad43cdd6719715250
-
Filesize
49KB
MD546bfd4f1d581d7c0121d2b19a005d3df
SHA15b063298bbd1670b4d39e1baef67f854b8dcba9d
SHA256683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96
SHA512b52aa090f689765d099689700be7e18922137e7a860a00113e3f72aa6553e94a870bbb741e52de9617506a236a2a59198fb224fcd128576d76642eec9d715df5