Resubmissions

11-01-2024 16:01

240111-tgd2laahcq 10

11-01-2024 13:57

240111-q9c38ahbcn 10

30-12-2023 02:18

231230-crebnsadgm 9

Analysis

  • max time kernel
    841s
  • max time network
    880s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    30-12-2023 02:18

General

  • Target

    Satana.exe

  • Size

    49KB

  • MD5

    46bfd4f1d581d7c0121d2b19a005d3df

  • SHA1

    5b063298bbd1670b4d39e1baef67f854b8dcba9d

  • SHA256

    683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96

  • SHA512

    b52aa090f689765d099689700be7e18922137e7a860a00113e3f72aa6553e94a870bbb741e52de9617506a236a2a59198fb224fcd128576d76642eec9d715df5

  • SSDEEP

    768:AbFw10RFnAwJM7MiqwecUaX5h4IuCdYa+XLXTGY1idL2WYiwtDj:Apw10vnAOIUaJh4IXdWXLXTWLfuFj

Score
9/10

Malware Config

Signatures

  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

  • Downloads MZ/PE file
  • Executes dropped EXE 6 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Windows directory 4 IoCs
  • Program crash 4 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 42 IoCs
  • Suspicious use of SendNotifyMessage 14 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Satana.exe
    "C:\Users\Admin\AppData\Local\Temp\Satana.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3196
    • C:\Users\Admin\AppData\Local\Temp\Satana.exe
      "C:\Users\Admin\AppData\Local\Temp\Satana.exe"
      2⤵
        PID:780
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 780 -ip 780
      1⤵
        PID:3024
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 384
        1⤵
        • Program crash
        PID:4620
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1040
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffabc9c9758,0x7ffabc9c9768,0x7ffabc9c9778
          2⤵
            PID:3396
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:2
            2⤵
              PID:2848
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
              2⤵
                PID:2764
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3236 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:1
                2⤵
                  PID:2836
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:1
                  2⤵
                    PID:1568
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                    2⤵
                      PID:3588
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3924 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                      2⤵
                        PID:2416
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4260 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:1
                        2⤵
                          PID:4040
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4240 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                          2⤵
                            PID:240
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                            2⤵
                              PID:224
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3676 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                              2⤵
                                PID:3856
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4168 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                2⤵
                                  PID:4540
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                  2⤵
                                    PID:3200
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4192 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                    2⤵
                                      PID:676
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4164 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:1
                                      2⤵
                                        PID:3156
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:2
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:3024
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3464 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:1
                                        2⤵
                                          PID:4492
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                          2⤵
                                            PID:2020
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3436 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:1
                                            2⤵
                                              PID:4540
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3304 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                              2⤵
                                                PID:788
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5252 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                2⤵
                                                  PID:2304
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1508 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                  2⤵
                                                    PID:4676
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5136 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:1
                                                    2⤵
                                                      PID:912
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1640 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                      2⤵
                                                        PID:2532
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                        2⤵
                                                          PID:3272
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                          2⤵
                                                            PID:3544
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3948 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                            2⤵
                                                              PID:4976
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                              2⤵
                                                                PID:3344
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                                2⤵
                                                                  PID:1412
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5088 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:388
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5468 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:3356
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                                      2⤵
                                                                        PID:464
                                                                      • C:\Users\Admin\Downloads\Satana.exe
                                                                        "C:\Users\Admin\Downloads\Satana.exe"
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetThreadContext
                                                                        PID:4588
                                                                        • C:\Users\Admin\Downloads\Satana.exe
                                                                          "C:\Users\Admin\Downloads\Satana.exe"
                                                                          3⤵
                                                                          • Executes dropped EXE
                                                                          PID:5052
                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 424
                                                                            4⤵
                                                                            • Program crash
                                                                            PID:4000
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1476 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                                        2⤵
                                                                          PID:4980
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1560 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:4036
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:4640
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3284 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:252
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5264 --field-trial-handle=1836,i,16481565242915864657,15583016802898330522,131072 /prefetch:8
                                                                                2⤵
                                                                                  PID:3860
                                                                                • C:\Users\Admin\Downloads\WannaCrypt0r.exe
                                                                                  "C:\Users\Admin\Downloads\WannaCrypt0r.exe"
                                                                                  2⤵
                                                                                    PID:1508
                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                      taskdl.exe
                                                                                      3⤵
                                                                                        PID:3956
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        C:\Windows\system32\cmd.exe /c 107691703903580.bat
                                                                                        3⤵
                                                                                          PID:3136
                                                                                        • C:\Windows\SysWOW64\icacls.exe
                                                                                          icacls . /grant Everyone:F /T /C /Q
                                                                                          3⤵
                                                                                          • Modifies file permissions
                                                                                          PID:3320
                                                                                        • C:\Windows\SysWOW64\attrib.exe
                                                                                          attrib +h +s F:\$RECYCLE
                                                                                          3⤵
                                                                                          • Views/modifies file attributes
                                                                                          PID:3148
                                                                                        • C:\Windows\SysWOW64\attrib.exe
                                                                                          attrib +h .
                                                                                          3⤵
                                                                                          • Views/modifies file attributes
                                                                                          PID:4368
                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                          cmd.exe /c start /b @[email protected] vs
                                                                                          3⤵
                                                                                            PID:3064
                                                                                            • C:\Users\Admin\Downloads\@[email protected]
                                                                                              PID:4036
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                                                                5⤵
                                                                                                  PID:4412
                                                                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                          1⤵
                                                                                            PID:2800
                                                                                          • C:\Windows\System32\rundll32.exe
                                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                            1⤵
                                                                                              PID:908
                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5052 -ip 5052
                                                                                              1⤵
                                                                                                PID:3380
                                                                                              • C:\Users\Admin\Downloads\Satana.exe
                                                                                                "C:\Users\Admin\Downloads\Satana.exe"
                                                                                                1⤵
                                                                                                • Executes dropped EXE
                                                                                                • Suspicious use of SetThreadContext
                                                                                                PID:3120
                                                                                                • C:\Users\Admin\Downloads\Satana.exe
                                                                                                  "C:\Users\Admin\Downloads\Satana.exe"
                                                                                                  2⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:740
                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 384
                                                                                                    3⤵
                                                                                                    • Program crash
                                                                                                    PID:4188
                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 740 -ip 740
                                                                                                1⤵
                                                                                                  PID:3032
                                                                                                • C:\Users\Admin\Downloads\Satana.exe
                                                                                                  "C:\Users\Admin\Downloads\Satana.exe"
                                                                                                  1⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Suspicious use of SetThreadContext
                                                                                                  PID:1300
                                                                                                  • C:\Users\Admin\Downloads\Satana.exe
                                                                                                    "C:\Users\Admin\Downloads\Satana.exe"
                                                                                                    2⤵
                                                                                                    • Executes dropped EXE
                                                                                                    PID:1320
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 396
                                                                                                      3⤵
                                                                                                      • Program crash
                                                                                                      PID:5056
                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1320 -ip 1320
                                                                                                  1⤵
                                                                                                    PID:4772
                                                                                                  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                                                    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                                                    1⤵
                                                                                                    • Modifies registry class
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:3008
                                                                                                  • C:\Windows\System32\oobe\UserOOBEBroker.exe
                                                                                                    C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
                                                                                                    1⤵
                                                                                                    • Drops file in Windows directory
                                                                                                    PID:1532
                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
                                                                                                    C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
                                                                                                    1⤵
                                                                                                      PID:1684
                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                      C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                                                                      1⤵
                                                                                                        PID:2236
                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
                                                                                                        1⤵
                                                                                                          PID:4712
                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                          1⤵
                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                          PID:4036
                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                          1⤵
                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                          PID:5064
                                                                                                        • C:\Windows\system32\OpenWith.exe
                                                                                                          C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                          1⤵
                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                          PID:3544
                                                                                                        • C:\Windows\SysWOW64\cscript.exe
                                                                                                          cscript.exe //nologo m.vbs
                                                                                                          1⤵
                                                                                                            PID:4580
                                                                                                          • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                            wmic shadowcopy delete
                                                                                                            1⤵
                                                                                                              PID:4580
                                                                                                            • C:\Windows\system32\vssvc.exe
                                                                                                              C:\Windows\system32\vssvc.exe
                                                                                                              1⤵
                                                                                                                PID:556

                                                                                                              Network

                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                              Replay Monitor

                                                                                                              Loading Replay Monitor...

                                                                                                              Downloads

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

                                                                                                                Filesize

                                                                                                                201KB

                                                                                                                MD5

                                                                                                                e3038f6bc551682771347013cf7e4e4f

                                                                                                                SHA1

                                                                                                                f4593aba87d0a96d6f91f0e59464d7d4c74ed77e

                                                                                                                SHA256

                                                                                                                6a55e169bc14e97dfcd7352b9bc4b834da37dd1e561282d8f2cc1dbf9964d29a

                                                                                                                SHA512

                                                                                                                4bee876cea29ad19e6c41d57b3b7228f05f33f422e007dc1a8288fd1a207deb882c2789422e255a76c5bf21544f475689e7192b9a8a80dc2e87c94ee0bc6d75f

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                Filesize

                                                                                                                1KB

                                                                                                                MD5

                                                                                                                f63d40e34df492cfac19ffc4227456b8

                                                                                                                SHA1

                                                                                                                9fcc0a6941ce63511ca3d8e5e21a9b8934b7c5be

                                                                                                                SHA256

                                                                                                                52815f307668dbacd33380bd5c491ffb02afd9017221369543aaca1c22d395ae

                                                                                                                SHA512

                                                                                                                e0a86143bb6a5f7c3a22f465591dfc382ad99aac8bc92b6da830b2a2aab040a1dc7aac829929e2dcd07b877ebd14f5284a7d11536f6eeee674fdfc09c980aa16

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                Filesize

                                                                                                                2KB

                                                                                                                MD5

                                                                                                                d5b1b083b7ec6b62ed03cd2538148d69

                                                                                                                SHA1

                                                                                                                c5dbbe1859800b3425205ec9e504c13647d7e81b

                                                                                                                SHA256

                                                                                                                7ece152f3e3c793d43f674f8a892958b5ad02dca232a2e7aa091aa164c63908f

                                                                                                                SHA512

                                                                                                                4364a1f1380d40dfc5c6a159b4d774b73b7905e87f85dee034651507e3832c2f593dd6bac50542422557f9d46e9a82135ee44f1aa22d453ca378506a1d8b5b00

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                Filesize

                                                                                                                2KB

                                                                                                                MD5

                                                                                                                6b1e42f76fc2c0db13375d0c173f9a58

                                                                                                                SHA1

                                                                                                                3b0d5dfb7d2a7487271c00877a5cdde5134a0d76

                                                                                                                SHA256

                                                                                                                35bf32a2ecbcd3886889f4a9c593936b5a3b9d5a2f8f597af1e558334fb0c0f7

                                                                                                                SHA512

                                                                                                                2bbeadee4ad13a748a49858c77eb296046b35ace6018069e12666689ef788bdb2aa7249ce4ec2bc272cf6970fe69a15e8904315c80f2de6dd9fc5d32166a40bb

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                Filesize

                                                                                                                168B

                                                                                                                MD5

                                                                                                                92fec6878e6b57089ecd41f6b8d5c5eb

                                                                                                                SHA1

                                                                                                                074ed9b3ed4694592a1fc4dae142b7e4f347dbf8

                                                                                                                SHA256

                                                                                                                3d3b83814d88bf4acb76e9cb762ab0eee5da4b10730704a004fb8b1800811c6c

                                                                                                                SHA512

                                                                                                                04006ffd8a5150d597a27d818be552ebe977d305f3ac9ba1d68e9c3e3e6b0eb02a8e2530f73b4d8f8e60cd9e4294048200856229aadbab50d326d406f9eed422

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                Filesize

                                                                                                                2KB

                                                                                                                MD5

                                                                                                                6e84d6e70659fd273c6f0bb495751593

                                                                                                                SHA1

                                                                                                                fb47914e4294de0f48f15cc880aad216679ef7f5

                                                                                                                SHA256

                                                                                                                14af80d6feb836fb8252fdf3216c082b2e108f4c4a0c8d4d00f9ddf208e4ee0f

                                                                                                                SHA512

                                                                                                                0801eeafb78ec8d565aa6d9e69b3104eaa928d5d5a93964176094a111a4983f53fc09475cb850d2b42abe1aff6ee4afb384fd05910fc4b3dc0a2209f298c3b74

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                Filesize

                                                                                                                2KB

                                                                                                                MD5

                                                                                                                3230d97604e15e612e2c31133ab3d1c7

                                                                                                                SHA1

                                                                                                                4a60d174597360067fffb56b0ff838d4571fdcac

                                                                                                                SHA256

                                                                                                                9594b0cef468ab59e984bb359ec82f74ef1946dfa5660ae063e2c05d290489c2

                                                                                                                SHA512

                                                                                                                cb9e26f9c6883b7735bdb9aa5fd0d83d625e74cce0ef9eec5bdf7cdd154a85a7c28424e1f5c5aad0c7d2f993b7cd68b42fa5367c7852f4ec503b70216187a96b

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                Filesize

                                                                                                                2KB

                                                                                                                MD5

                                                                                                                cd703611c579d25162f2565e51723ce2

                                                                                                                SHA1

                                                                                                                2089a49c8bdfab1f1a4a1570b1736c255fbfffea

                                                                                                                SHA256

                                                                                                                a1f77b498bfa0c39c4ed44bcf9344b8cbf7124c83f72f90b84f025c1df138d27

                                                                                                                SHA512

                                                                                                                cbbd7c2166352d43047768d4cbf1b7c966b7e9f98eadb55a99b6e06682dcc2a3cf99e3a7d8f21a701526fc602596d921997b8a02ead6f9eaff51b03a4023bb67

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                Filesize

                                                                                                                2KB

                                                                                                                MD5

                                                                                                                81312dae21ce2ffc4d76ed6339a11eae

                                                                                                                SHA1

                                                                                                                c2533b931a6d2f310d6063a283eefe9828cbd750

                                                                                                                SHA256

                                                                                                                af23ce321cef0383d44c27c699dc66bcdbd17ae66f82bb84f28658d38d52a03c

                                                                                                                SHA512

                                                                                                                3b06964bae5149d67cce2c08fc9e607c8241e61eef82af50a3484011ce95c94ac2a6cc1113b77aaa3c8a8a2747ee9204ceac11f0012500bb8f1d99b50661e053

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                Filesize

                                                                                                                1KB

                                                                                                                MD5

                                                                                                                374b2b3e3881f14e2980768e0a1b05e2

                                                                                                                SHA1

                                                                                                                2042312c70d6a7b1650caa06edf975231bb57f34

                                                                                                                SHA256

                                                                                                                d6cdec83e7abf5daf235da2e2210c71374aca1397dfebd0598b4e3de109bd4f4

                                                                                                                SHA512

                                                                                                                a26ce677e7d2908766f7fa813f33408836a5885e6db9d3043faf4096d039ae17f6710cd34041bf5164f705f67a5a58804598d7e8e949b0519ea322dae17df779

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                Filesize

                                                                                                                2KB

                                                                                                                MD5

                                                                                                                a7c7a59deb667012f1136eab167c2150

                                                                                                                SHA1

                                                                                                                bb2762e55049b58ba3f2c844c170b34810091dac

                                                                                                                SHA256

                                                                                                                f4596d1423571aca4515c93a96c8bdc342f7d77ae6294db5d16013214ebacc48

                                                                                                                SHA512

                                                                                                                1e4e1348b67f934ac8dc55d2184fb0f839d9f9bd4a8ff17590ac86f314127a5d10b5dde6b43217c8fc894318103b088e6482e08d8c883b1deb8ab136a26c40b8

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                Filesize

                                                                                                                371B

                                                                                                                MD5

                                                                                                                c32e825dcbdf5a4d7ff4f92b68373ebe

                                                                                                                SHA1

                                                                                                                c23a0f44a52c34ec5d90368be33a290e34e0cfad

                                                                                                                SHA256

                                                                                                                7f5e8d992be7f26b8c8f135fc0a82e0f3fb537e6688656ee5a318ce48aa8506f

                                                                                                                SHA512

                                                                                                                cd1e280c693b1faefcd15b281cd29024a42bbf1422b882734264f0f0db60d5947c01cc9e0beaa7ad2cf65ba665ca78ef7afffc5efd66488345c541e939c64b91

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                Filesize

                                                                                                                1KB

                                                                                                                MD5

                                                                                                                8f627149a47c8901c1531420ea5e646d

                                                                                                                SHA1

                                                                                                                4cde485af7413c1c6cffb903fd49349ad38e7335

                                                                                                                SHA256

                                                                                                                2f9f859242607abe19efdf3b7c20d47bc966275ec4fe588718b14031050ee1be

                                                                                                                SHA512

                                                                                                                9e12c4bcc353153c4cf91c6cb222814e32f94a3ddcb3d44c6d8748acb9dfdc82fa92acc30a7a3bff148c3e5903eb1504713c1c3b90bb77316bcd34d8d76190eb

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                Filesize

                                                                                                                1KB

                                                                                                                MD5

                                                                                                                23c26a63c49f825477b6fe801ee236d6

                                                                                                                SHA1

                                                                                                                169309749f31b072e6121835aa0005e829c4be71

                                                                                                                SHA256

                                                                                                                c8cdbf837ca5510a817385a3a3f6d77cb55a22f9526351062bce0a643e3d04f9

                                                                                                                SHA512

                                                                                                                39b860bd74b86e0d1752fb75fda6877e8b534218d96b4cc37d504ae60070769b3375c397de597d7564cedbd76cb50f9f5046d1747f0faf382ac66e62e8f75f99

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                Filesize

                                                                                                                1KB

                                                                                                                MD5

                                                                                                                8944e3306d615a9510dac298def8a67c

                                                                                                                SHA1

                                                                                                                2493ecc3501546075e345b104a152fe74b5006b1

                                                                                                                SHA256

                                                                                                                a8a8bce43107af51ca2894660f56796fc25c12fa8d4914110f4120503e110054

                                                                                                                SHA512

                                                                                                                dd8dba0a4bd0bcab4c43c901f67f6f83104da081f9819cf9b90763a795f3799f7ffe4a43ecb809263403cc70e6c0476e8e53326e12a4e8f5f331ebee3213c4a3

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                Filesize

                                                                                                                371B

                                                                                                                MD5

                                                                                                                e5f73a6a709bf3a1cd154349523a9c95

                                                                                                                SHA1

                                                                                                                d740716166e4679b480545027ce5400c71626917

                                                                                                                SHA256

                                                                                                                44d0296d85078935f1898d7d4e7a45689140e546a0358b6b6ddd7ace11741f37

                                                                                                                SHA512

                                                                                                                4e0c45c21011c632de18351940bd633171e4b5a9e5dfd1da2dd6a2fed5389710ca250020c4ab55ac018932d11eeb56d0e06834a49ed6e86026158e9a1c336362

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                Filesize

                                                                                                                1KB

                                                                                                                MD5

                                                                                                                fbba61765394dcd54a33f99640d8b900

                                                                                                                SHA1

                                                                                                                00a7e42e6fdc63074576656e619a7f7762d36b72

                                                                                                                SHA256

                                                                                                                320e0327c9182e81fdd92352ed97a96c04d86caada4ef8294906dbee843ffd75

                                                                                                                SHA512

                                                                                                                40a9ce2d3ccbb5564dab776be9580ba8f7df4651c42a778a018dfc3d408b6015c77402a46f357cb6ca6fa2a275afabfdbf17dcf624ba625229c55b0f966831eb

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                6KB

                                                                                                                MD5

                                                                                                                3560e0d1e92f33cfe7a61b72921e9ae8

                                                                                                                SHA1

                                                                                                                ba7d6b253da6f4e9be1871f5c53bae97015a22ab

                                                                                                                SHA256

                                                                                                                3fcc2f4c062108bfe06334f64b7d84967238d7c8fc6c98e094720b8af071b520

                                                                                                                SHA512

                                                                                                                cd955494ef83d231144523e8d4fd9010b3fadc511fbcee17b306643adf40fb746b695af582ea3bc39e0ae331a341c8afbd3dbf9370f74c32c5788a982694cc53

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                6KB

                                                                                                                MD5

                                                                                                                d16d49a6ccfa5d0d883df2d118facef1

                                                                                                                SHA1

                                                                                                                5d1e8a26c508f207478661e2cd734aa73db9b761

                                                                                                                SHA256

                                                                                                                40178460b3037e6030858f114e74604f70313b452be467a8206ef5068db92b68

                                                                                                                SHA512

                                                                                                                4c616a3806e867e76e5c708fa0293d52154f3ce909c050cbf1e8e3762e2e25ba92ef1ee98149cf6382d012948adc17da3e00785a89ee0b9a4e146f84f12038ef

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                6KB

                                                                                                                MD5

                                                                                                                9275d2e347b0e290490a2da168ddc67c

                                                                                                                SHA1

                                                                                                                36062ddb1afd4efddae2c750844ec7c6470b0c35

                                                                                                                SHA256

                                                                                                                dc75185acb07c92660a79b8ffb4c693505aabfb38a7b517f24729441f106422b

                                                                                                                SHA512

                                                                                                                5e993a7d50dd37a47fb2dadfc8ef981a0f9fe730bb08f77de1874edaff115fab00f7198644be7803815c1c118ec30cf7304668f80f2ee93806ae1e5b7edd0683

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                6KB

                                                                                                                MD5

                                                                                                                1fe8dbd0a1b59158f18e745a5ffa0454

                                                                                                                SHA1

                                                                                                                6f12c3949f7957884e9c30fd64625013cbcabc11

                                                                                                                SHA256

                                                                                                                0bb7e386409e442309b8dc7177da36ed553af8ccef860e5d3d01fb06e501c28f

                                                                                                                SHA512

                                                                                                                f57353b2c7caa14a1b3f141a753844fabede71874d8dace285443961b105c7bc71f97d7877c6f6f50451634a0e2675efb45d5c43d11c37a3cc4808561e9d6246

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                Filesize

                                                                                                                6KB

                                                                                                                MD5

                                                                                                                d6c740161a2156036b9a85b4aa9f2100

                                                                                                                SHA1

                                                                                                                434acf130b71febe28cf59a7a884291dd15846d8

                                                                                                                SHA256

                                                                                                                e74e2ccd4f04b05304adacbbd0c4683ce1816fdac77c3e382204fe2763995253

                                                                                                                SHA512

                                                                                                                c02c9acc9ed678d51ee4a7154dfe87cb82f6891925f34813edbcc31972465dfb5718c15379522a315ab36e994add14d110f3e57e1f0986705d9ead3b84172ba5

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                Filesize

                                                                                                                15KB

                                                                                                                MD5

                                                                                                                c59b26bd10cffd45b173db45081dbc8b

                                                                                                                SHA1

                                                                                                                15de935f7b50c1dea745458fdb5e1a78e2cfb347

                                                                                                                SHA256

                                                                                                                b3af4cbb98fb8f71c99b742dc5bc4a4c2e0cc21d2e79365405a1d00576231138

                                                                                                                SHA512

                                                                                                                95b2506935f57415e1429056e6f9ce3db951a80a6c90c0e1b44b3c7b86ef5e5ed805e6dd1730d5ab94b069a4aefbd228b2c98798012ccedbbd9c8adbf38f9f0b

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                Filesize

                                                                                                                224KB

                                                                                                                MD5

                                                                                                                ffe8b0d61a9382801f32c671e9e4d68a

                                                                                                                SHA1

                                                                                                                cdc35d89f16c1121827cd064293ba857d348e5d7

                                                                                                                SHA256

                                                                                                                4b9e1af73518ef93af1d20c6bc8129a5c5a8e055f5e48065394374d8a3b6bad0

                                                                                                                SHA512

                                                                                                                7ad75b0e60264ae296633bf9fe2a7491cf0d5bc7835eba8d6d2771af19245169ed74e873a3dcf1986af1b6c780e999c2f571e56f19c1eeac3f7194d8128ccb31

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                Filesize

                                                                                                                94KB

                                                                                                                MD5

                                                                                                                a56346a663cfb5b2f643f5ce48d18f62

                                                                                                                SHA1

                                                                                                                7553c6291a2de47b68f33f8ec4f4353586562096

                                                                                                                SHA256

                                                                                                                7072dbf328a603390689066ec6f21a28bc51f063103bc906d9842ffa451c2cdc

                                                                                                                SHA512

                                                                                                                0ea844bd10ad4de0519c908697403346e6765436b09c263da4c20c969056798363a419a0bd22e546194e133d64b8fd1cff255f38878c3ed75bddeed7031e0d6e

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                Filesize

                                                                                                                100KB

                                                                                                                MD5

                                                                                                                558baeaea3e5787b55d984d57cd1bac5

                                                                                                                SHA1

                                                                                                                10ca9081b99d3a426ddd6ff8dad09a574328b4b3

                                                                                                                SHA256

                                                                                                                b8f781ca829d8e1bb0f57e585b5f7aec857484dfef2dc1f5f9e868460259c679

                                                                                                                SHA512

                                                                                                                80ae3fa72d55c57b2ec90ee10e02fd8f57fabb667c6b3883952d9a0392dd348a2aec40676b1ea42af972b0a015d03aa3bfe5389fa8b3baf8cf396646e6fcd046

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                Filesize

                                                                                                                90KB

                                                                                                                MD5

                                                                                                                dbf8f2b680f096e876258c8b95282d70

                                                                                                                SHA1

                                                                                                                64b60ffe199dad9b7294428e45e8236f5a3f60bf

                                                                                                                SHA256

                                                                                                                08a4c32c5d11e8b857ecb314eb869e6fc9355585506f520d1bdddf81945ead06

                                                                                                                SHA512

                                                                                                                39319f54321c47f1610ac76d7d31b2b80b34a355229f238bb970ebcd9bb44cf41db1511c7c1c15f52de8cb0c7688583652f45a4ae17ffd6574f18d7ac99a2e19

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ebb8d.TMP

                                                                                                                Filesize

                                                                                                                88KB

                                                                                                                MD5

                                                                                                                0828d803e0dcccb7c438c113efb03f4d

                                                                                                                SHA1

                                                                                                                d632beaf06386ea2a4c25ea38d423563a412fd5a

                                                                                                                SHA256

                                                                                                                23ee567ac7db247e273745720112004e00c33b7c2457fe6eabd75d795f3c2552

                                                                                                                SHA512

                                                                                                                03acb28d91495ecab70b8b764fd5bdf9ff03a5256c2a966e1ecae724a5da09a2378cf24c14a4c9acba3e5f04dd13def83ba70185045f0ad85d0dc1cd0b61e74a

                                                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                                Filesize

                                                                                                                2B

                                                                                                                MD5

                                                                                                                99914b932bd37a50b983c5e7c90ae93b

                                                                                                                SHA1

                                                                                                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                SHA256

                                                                                                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                SHA512

                                                                                                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                              • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                                                                Filesize

                                                                                                                10KB

                                                                                                                MD5

                                                                                                                94a3800cd07b487c8ea7b23fc358ea29

                                                                                                                SHA1

                                                                                                                4fb9a6ef780d93728e3adc9c17377f2ee7b2f70b

                                                                                                                SHA256

                                                                                                                c4cb6a098a5b4108493ab8a117b7cc7f7aac4b8a4df48e32c6909c8a5f96a351

                                                                                                                SHA512

                                                                                                                ecc32f9527fd245c893ac1256c3ec86c2256f1f1f7d92705348e108a6997ed1588bbf18d0e2d5c2b02e87f8d849ed2856149b823c66be0cad43cdd6719715250

                                                                                                              • C:\Users\Admin\Downloads\Satana.exe

                                                                                                                Filesize

                                                                                                                49KB

                                                                                                                MD5

                                                                                                                46bfd4f1d581d7c0121d2b19a005d3df

                                                                                                                SHA1

                                                                                                                5b063298bbd1670b4d39e1baef67f854b8dcba9d

                                                                                                                SHA256

                                                                                                                683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96

                                                                                                                SHA512

                                                                                                                b52aa090f689765d099689700be7e18922137e7a860a00113e3f72aa6553e94a870bbb741e52de9617506a236a2a59198fb224fcd128576d76642eec9d715df5

                                                                                                              • memory/640-2267-0x0000000073E10000-0x000000007402C000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.1MB

                                                                                                              • memory/640-2283-0x0000000073E10000-0x000000007402C000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.1MB

                                                                                                              • memory/640-2277-0x0000000000B80000-0x0000000000E7E000-memory.dmp

                                                                                                                Filesize

                                                                                                                3.0MB

                                                                                                              • memory/640-2278-0x0000000074190000-0x0000000074212000-memory.dmp

                                                                                                                Filesize

                                                                                                                520KB

                                                                                                              • memory/640-2279-0x0000000074170000-0x000000007418C000-memory.dmp

                                                                                                                Filesize

                                                                                                                112KB

                                                                                                              • memory/640-2280-0x00000000740E0000-0x0000000074162000-memory.dmp

                                                                                                                Filesize

                                                                                                                520KB

                                                                                                              • memory/640-2282-0x0000000074030000-0x00000000740A7000-memory.dmp

                                                                                                                Filesize

                                                                                                                476KB

                                                                                                              • memory/640-2268-0x00000000740E0000-0x0000000074162000-memory.dmp

                                                                                                                Filesize

                                                                                                                520KB

                                                                                                              • memory/640-2272-0x00000000740E0000-0x0000000074162000-memory.dmp

                                                                                                                Filesize

                                                                                                                520KB

                                                                                                              • memory/640-2274-0x00000000740B0000-0x00000000740D2000-memory.dmp

                                                                                                                Filesize

                                                                                                                136KB

                                                                                                              • memory/640-2273-0x0000000000B80000-0x0000000000E7E000-memory.dmp

                                                                                                                Filesize

                                                                                                                3.0MB

                                                                                                              • memory/640-2271-0x0000000073E10000-0x000000007402C000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.1MB

                                                                                                              • memory/640-2270-0x00000000740B0000-0x00000000740D2000-memory.dmp

                                                                                                                Filesize

                                                                                                                136KB

                                                                                                              • memory/640-2269-0x0000000074190000-0x0000000074212000-memory.dmp

                                                                                                                Filesize

                                                                                                                520KB

                                                                                                              • memory/640-2266-0x0000000074190000-0x0000000074212000-memory.dmp

                                                                                                                Filesize

                                                                                                                520KB

                                                                                                              • memory/780-5-0x0000000000400000-0x000000000041B000-memory.dmp

                                                                                                                Filesize

                                                                                                                108KB

                                                                                                              • memory/780-3-0x0000000000400000-0x000000000041B000-memory.dmp

                                                                                                                Filesize

                                                                                                                108KB

                                                                                                              • memory/780-1-0x0000000000400000-0x000000000041B000-memory.dmp

                                                                                                                Filesize

                                                                                                                108KB

                                                                                                              • memory/780-0-0x0000000000400000-0x000000000041B000-memory.dmp

                                                                                                                Filesize

                                                                                                                108KB

                                                                                                              • memory/1508-883-0x0000000010000000-0x0000000010010000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                              • memory/5052-669-0x0000000000400000-0x000000000041B000-memory.dmp

                                                                                                                Filesize

                                                                                                                108KB

                                                                                                              • memory/5052-668-0x0000000000400000-0x000000000041B000-memory.dmp

                                                                                                                Filesize

                                                                                                                108KB