satana | 320b07637a6836f3f245806ede573092942ad7310e2cce43561b88ad25a982cc

Analysis

max time kernel
1799s
max time network
1690s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08-08-2024 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ransomware.WannaCry_Plus.zip
Size

164KB
MD5

0a28daa799b042d398545a291b888aea
SHA1

f992593481c3bff8be22106ba2bdc164787e5be1
SHA256

320b07637a6836f3f245806ede573092942ad7310e2cce43561b88ad25a982cc
SHA512

ccf65ba911039edcf866c704f157f0358786872f1878952c5a101e4da6174bc647e62f3dabe6400ff59fa13625bc2123dabf7271cc82c182040ca381e4150e24
SSDEEP

3072:agxwh+Srh51lfL2kLxs6/X6OOKeRw+JCT/xzBGXPU0r1geeXpIGkzBrvLEmOEB73:UHotz3uokeOvHS1d1+sNs8wbiWQ/9/v7

Score

10^/10

satana bootkit discovery persistence ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\!satana!.txt

Ransom Note

You had bad luck.There was crypting of all your files in a FS bootkit virus <!SATANA!> To decrypt you need send on this E-mail: [email protected] your private code: 8DBD02D2AEE82E7D07AECF295DBEE8C3 and pay on a Bitcoin Wallet: XqgWm5YW5U7H1Zrr3fcrdTPDwE7DefDTxi total 0,5 btc After that during 1 - 2 days the software will be sent to you - decryptor - and the necessary instructions. All changes in hardware configurations of your computer can make the decryption of your files absolutely impossible! Decryption of your files is possible only on your PC! Recovery is possible during 7 days, after which the program - decryptor - can not ask for the necessary signature from a public certificate server. Please contact via e-mail, which you can find as yet in the form of a text document in a folder with encrypted files, as well as in the name of all encrypted files.If you do not appreciate your files we recommend you format all your disks and reinstall the system. Read carefully this warning as it is no longer able to see at startup of the computer. We remind once again- it is all serious! Do not touch the configuration of your computer! E-mail: [email protected] - this is our mail CODE: 8DBD02D2AEE82E7D07AECF295DBEE8C3 this is code; you must send BTC: XqgWm5YW5U7H1Zrr3fcrdTPDwE7DefDTxi here need to pay 0,5 bitcoins How to pay on the Bitcoin wallet you can easily find on the Internet. Enter your unlock code, obtained by E-mail here and press "ENTER" to continue the normal download on your computer. Good luck! May God help you! <!SATANA!>

Emails

[email protected]

Signatures

Satana
Ransomware family which also encrypts the system's Master Boot Record (MBR).
ransomware satana
Executes dropped EXE 1 IoCs

Processes:

tzb.exe

pid process

2500 tzb.exe

pid	process
2500	tzb.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

unpacked.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Windows\CurrentVersion\Run\jltf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\!satana!.txt"	unpacked.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

3 raw.githubusercontent.com
45 raw.githubusercontent.com
54 raw.githubusercontent.com
55 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

tzb.exe

description ioc process

File opened for modification \??\PHYSICALDRIVE0 tzb.exe

flow	ioc
3	raw.githubusercontent.com
45	raw.githubusercontent.com
54	raw.githubusercontent.com
55	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PHYSICALDRIVE0	tzb.exe

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe

description	pid	process	target process
PID 3288 set thread context of 1156	3288	683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe	683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe

Drops file in Windows directory 8 IoCs

Processes:

setup.exesetup.exeUserOOBEBroker.exechrome.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3700 1156 WerFault.exe 683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe

pid	pid_target	process	target process
3700	1156	WerFault.exe	683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

FileCoAuth.exe683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exeunpacked.exetzb.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unpacked.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tzb.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "2485586355"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31123966"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676046555194581"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	chrome.exe

NTFS ADS 2 IoCs

Processes:

chrome.exeunpacked.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Satana.zip:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Local\Temp\tzb.exe\:Zone.Identifier:$DATA	unpacked.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3684	chrome.exe
3684	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
220	msedge.exe
220	msedge.exe
4460	msedge.exe
4460	msedge.exe
476	msedge.exe
476	msedge.exe
3580	msedge.exe
3580	msedge.exe
5480	msedge.exe
5480	msedge.exe
5696	identity_helper.exe
5696	identity_helper.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3684 wrote to memory of 3132	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 3132	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2800	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2260	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 2260	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe
PID 3684 wrote to memory of 4012	3684	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Ransomware.WannaCry_Plus.zip
1⤵
PID:696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffefc6fcc40,0x7ffefc6fcc4c,0x7ffefc6fcc58
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,14488572065287549982,13434409177439990795,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,14488572065287549982,13434409177439990795,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,14488572065287549982,13434409177439990795,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1744 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,14488572065287549982,13434409177439990795,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,14488572065287549982,13434409177439990795,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,14488572065287549982,13434409177439990795,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,14488572065287549982,13434409177439990795,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,14488572065287549982,13434409177439990795,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:1228
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6587e4698,0x7ff6587e46a4,0x7ff6587e46b0
    3⤵
    - Drops file in Windows directory
    PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4884,i,14488572065287549982,13434409177439990795,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3596,i,14488572065287549982,13434409177439990795,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3216 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5044,i,14488572065287549982,13434409177439990795,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3452,i,14488572065287549982,13434409177439990795,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4712

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4988

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1716

C:\Users\Admin\Downloads\Ransomware.Satana\683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe
"C:\Users\Admin\Downloads\Ransomware.Satana\683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3288
- C:\Users\Admin\Downloads\Ransomware.Satana\683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe
  "C:\Users\Admin\Downloads\Ransomware.Satana\683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1156
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 416
    3⤵
    - Program crash
    PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1156 -ip 1156
1⤵
PID:4172

C:\Users\Admin\Downloads\Ransomware.Satana\unpacked.exe
"C:\Users\Admin\Downloads\Ransomware.Satana\unpacked.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- NTFS ADS
PID:1984
- C:\Users\Admin\AppData\Local\Temp\tzb.exe
  "C:\Users\Admin\AppData\Local\Temp\tzb.exe" {1d6f0a33-5124-11ef-b8d4-806e6f6e6963} "C:\Users\Admin\DOWNLO~1\RANSOM~1.SAT\unpacked.exe"
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  PID:2500

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\MergeCompare.mhtml
1⤵
- Modifies Internet Explorer settings
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef8643cb8,0x7ffef8643cc8,0x7ffef8643cd8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,1620779421738898412,10897607523874794167,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,1620779421738898412,10897607523874794167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,1620779421738898412,10897607523874794167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,1620779421738898412,10897607523874794167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,1620779421738898412,10897607523874794167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,1620779421738898412,10897607523874794167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,1620779421738898412,10897607523874794167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3408

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\StartWait.bat"
1⤵
PID:696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef8643cb8,0x7ffef8643cc8,0x7ffef8643cd8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,1820838087268365826,11150964342828505068,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5528 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4328

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5192

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
8cbf4b85622c82e5da86ee06312e5415

SHA1
e7baca6e0d7865b9c9729f009cd8e4782de04d04

SHA256
7662ef97fac1096615138286c4f57ad6a765154a35578bd222817fba30c99e09

SHA512
87f4d3a9dc482fbffd64542162dd5e9e55d2b5e06772b23e259303ae356b7ceeb9c6eb3f1bea572f3d74a3c83a5b57ff1ba1e74bdb2685ef01235247a22c31f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9f3cb53e902b7c1cdedb1f560e2e20c9

SHA1
43b632a045a96575be478ef270f470ccf168583a

SHA256
b1c5ff5be16197309950c8daf74b26921badb09e124b25a914d30caa7f801044

SHA512
72dae835893b6948d55369ad2886a0ebb28dc77b03bdede2f59d32febcab8395c5d96996de4118c1557bdbc618cd3a0e3254bd192a336eee72a2c1966f764250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
04c5077485a5f653b2ebb27bcd1d9e0f

SHA1
5a7628cfcc2ddcfe099552bbca1b79ee242ff5c2

SHA256
4ee9afa218be39d0f781e065da0c87ce678581b146604ee80b859a9cd9a4dd9d

SHA512
dd58bd047ad8e005afd217bb0d5e5dee279097dd43d6fb0e9822a12cc8b7ee66f1c814e03421de4ba2f768054e66ac6f9c8250f5b2e9cfc30f1dd3e39d00d924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f6ccec475c9966aa3bb8be93eb70ed25

SHA1
f4584a3592e3d5dfb1286a0259f65ec06f94f67f

SHA256
2510417750dbec504745eb51be2d595d2373b6c26aad88feda121a8614d7ce59

SHA512
97678c2d1dad48d7b29012f6559c18be0a57475217b4cdaf14700f1ad3b2b443d43f0d3b2322c39aaf8e92fce5d317a681efbddf0728cf2aa20322b17adb21bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7235dd37d37d9baa37d12d20234fe4f8

SHA1
ee64716711078171a88d67706577cddfbf692fea

SHA256
bd9a1b92092b4a049cf09e80b36dc72571f3846c4e6087fb201d985313b24036

SHA512
ac9ae32e753e33a4b7a663117a25f3b7b55f225d642ce3f96bc144fd55b5cb9c03b8ee362d71d5dfd6212761916e8803b60cf2d76c8f7a5c736f22f8dcd2a79c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
016d9bd2753df1973216bed28e6161c4

SHA1
4b95e4772e55c83aee489d44931881e0a94c84f4

SHA256
bbdcc92beb6ca54eca4a338256496809e95a1ec572be3825cfc1a3c35c21e2bd

SHA512
27d1c8fa7071f73d27ba89f71516e08387f3c2dec7f6de4c70fb9b07bb2d6e0647e88e3185e74ea8d1570fd85e4496e0e478a1b6173bb79350e43a92c06d5a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
db179735b9dc56be7d8c5aa1c7e92b77

SHA1
dc71e727951b34de0c018b21ae942faadbf34211

SHA256
c76aebf7ca3e4074f2ef7fc5768c8fb52b7c47433eace2761c53decb0f1c6e6a

SHA512
2935774a51e761b89405e4e5fd183934a34623908f6c3205703ca152f3f4dc389806f4d10be26b9e1ab863a03da84de640aec046c4989cdcdf6be2a5c907c91d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9fcea61338e0d04cbdde810e06dc3723

SHA1
31c1d772874c4800a4712e87e382cd30f8e1db31

SHA256
f688da4b767eac4c64e55910ff96349731874f3d5593de850be49f99b13a7b3d

SHA512
30bec116574115c13d6630425c1280bc1f29b215740c11076d08b230c5c81c181674adb7389a8c829b6624236ca775e872b0329d39dfc62f39b1053b2bb543dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0df985262f4baea0a81cdad6b5bca093

SHA1
d3439c64c67eea75421c797e63f19e4083d3dc36

SHA256
3f7d1490890c76fd81ab3917511708a72e8be76d3a690f4c13791d6400769df4

SHA512
e4674cb20fa4d29ff24ce97b72fad5aac0a9f841549a5a91782bbfba2f04f1f02419c6c603f935df52852eba3b474c8f3b921f5986a0795a4cd70fa038d49449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
70fa6adb580aaca69b9ccca4474aca86

SHA1
dac91466492f3d21a05645d41112a72b749c90f5

SHA256
d5b2fe877eec4cc7c7f97180c0271b13c6fe4be8ca321fef22d70e70f42335a7

SHA512
b5a7f32552ed104c69519d765264e9e36ec22f5b9f3e4603dc1f78bb34eadcc731c17d3082eb95f628c88ae84baacdc9bb9f92914b60d6be3171239564aefec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e679f406416fc48ee58f8de0032d0874

SHA1
f3e8b267edbeeb630df790697c0494e2926a0c33

SHA256
3ee62fc283c34d005e1dd29946eeb7aedb31a122566709198134dd826ce1e297

SHA512
c92c5449ddfd6ddd08a7da430f4ecf6a6723566da4bf30e40c3a2d1c28a78af497b3b2d2132601f4521284b96b6a3b668b92cb3aba4a0bd1b612abab086a098d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4bc3626a62d1987358f3c879ae7887f8

SHA1
ad934c926f51213d5c8d626624a1762b426339ec

SHA256
69dc92a8ed5d483385b0f8fcedcae81fd39e767a5eb80b9402f0cb33d078f1d5

SHA512
b4aa568238d9f487e9346648a0bf97f3d4dde4dbe817cd809a2eba08468ff940b90cd256573e1c2127fbddb9fadd7ad2c58cc31794fa1aeeca891c4b4d5586a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a8b4ce21b2539542aeee430095efb624

SHA1
415097960f965b27d9e7de588f7616cc017487d3

SHA256
b15c4049501b3e18bc42fda208ca07e5d35ee8696b350d715dead8af489473fa

SHA512
40644f231d859d9982c4953a42e9f951fad2e34ddac62306006534a4ab34a423ce2a3cef1000fa81251a4e496d36b6ee926d808b8d81f8070f3b4fc9cc44b8cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12e0b13b2b51f14f634e01891d379f75

SHA1
9d47e414f22bab2f804292a94dc9fae519241398

SHA256
249991c09d2a25cc44825b1d5a1ae77093d5c4da585dd3cd4a452a490a04aaaf

SHA512
f9157a1c1846468f9d4d075c0f4ce797652a695f8423b7fe80341c5a106bc2f15e1c2bd63ce3d0e96510831680a4c867bf7ab0d5c3fa06f62a09477c6c3e400a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
749099226cd139e844af41ac68327afa

SHA1
2699ed34696ca06a7d7a5a74a20fab14357bd1fc

SHA256
efc5b1ee869789521b0957e453b993c9f0788f6306f48dde991102c0340d67b7

SHA512
3d5c7bb66943824bf1757957dddc90dffa90428a04e9ba9ced0f3081194b3e18d10f23d6da0375f8c37bee5e628d60458595ff2c83327680749f0119c7ce4c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
727391c2b17795d3a5007fc5b3d52eb2

SHA1
109eea9caddd67fbe870d6708bb12acd47d753f5

SHA256
1033bc0538a90e6be335c502a64883b3970eaadb3b163c851a8c0dd9c7de1105

SHA512
50ef3407eeebc16431d3c6334fef79816ceda0156f492c6369f70a23d31c0e491baeb506329c1c29b88b1cef9d6531150671b0d14f1abceac716e3cade2b8d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a1dad7e097a9e2c5e0c1c088f92f4695

SHA1
f319d4ddc7065e020a69144b79dea4a4e248b527

SHA256
d7c9d80c9632abf1f1d1682fb2fbe336ab51a70a5f87df0a2866b7a45fd8d2fa

SHA512
c374048ca10315e331f49cd126b214f14c92c8ab497c1ecbed0fdebdfa4be278594ef2cc43682775ab73b456ccdd7a56c8fdcd9b6070a140002681ca68f62035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
281778255709dad9f738d10dca234c65

SHA1
008eca8e94d14e57402f2c4e937421746fa26cbf

SHA256
650f091c0c06b317e1d08aaf82f7a58d88dd40e69b9c0da4eccd6e48d6d24831

SHA512
d3f6d8a2c06279e0c0b72263e9a50854b449e2a0e163acf211c42bffe5ca4ceb0c3743c54ccd01972e5a4dff1b5350383eaba5a4bc5288090a29eb97245387b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af56e9c83ac8e3ff2c6f058fe91498dc

SHA1
e12dd5f531af1c9ac74bf419fcfe757a7c3d6442

SHA256
e49ebbfc0fba32161acb97166bf4f4b61393f8589d75c263ae437b74808db75c

SHA512
354b49cc2c9c5440c834f56d3a2ec08f970333b1b726e32bab0d7d80d12e7d6cbb6d0555f8023721bd4a83660b3eb6012cdcf09d1d66de019fb759799b2724e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7fdbe5addb1df826901cf59be87df5c3

SHA1
9ea9410ff87ca6129cac92323eafbf3e7b622f47

SHA256
4df104ad149c7f6f9b2c28dc5bbd0df6096a7cc8e125eec2b0e00c1504053168

SHA512
f482778bdd9319988118251648e5be9f5162735e662760dd6b63e219808ed28eded5769eca281d5082ef43eef8da6ca60aa6d8fa9098cf97b3bbc58faedaf9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
22aff466d8625c633c667057c7caa502

SHA1
d71cf29bc61e8234288eb14b9bb9b226f10e93f4

SHA256
9d8479d9d4f7fc9eee5a03d60113f0f8c8c07996219555e1574c01b10dfb70b8

SHA512
80170beba4a24c12a8d30702fdc3c4111cd96f2acaeb64104178f63f1f45535db6103f3ef53d547fa9ac6f5b9d903927d187a9a6a3435093bbc7fcc5dc14cc90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
86b8b0eaf7c60a7fd2de3fbc8abbda2d

SHA1
8ed9be5324e20864805ea8f75ff3cd90a89d600d

SHA256
29064d8a1320eefa046081c12549b63f6c1050440c00ea77284d684adce211bb

SHA512
ae494d988ed029ecb557bea625ddedb657d889a2a98890299e5252093065d61bdb0e8df448145ec50be0681ecace0620290ffea30c3bb56b506c9d13f40433cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a93da393a7a6a1b6a97e176d64f4b216

SHA1
473abe6387a8ed1eb572747133a21f48c71b2ff1

SHA256
3ddb2838e80f18123e8a43e52f981e3f18671480a088fa7e13a13b1d93c5acbd

SHA512
0005f3d8eaa7abe5715dd9f929f4d3ecb01a6280f19ec12a8ac8d4511369713a0209ea09bde2ad7b68590c592c1c1a6c120b97f8ef658a7acb7c7597d38f5d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5301575908f17a02c6c7d6f85730d9da

SHA1
f8b50c0f6438c61a1b9db190955ee61d2a157bb7

SHA256
d7f1e2c0a7d90800b2f288bf1c0f3084c877f526b58f59b5cf798b653c22a9af

SHA512
ddc6733856d5765e40301e61f01633008f99ad5f4ced128e155e7b04d6d6d2e1c90e4cab06c9a026fb74741bd7a68df6b462ff9b918de0f219e57727e0a562c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1859a3d04237d7b9ad90967b77e95021

SHA1
026eeecbd63cdd47ca55dc98c9198b494181c674

SHA256
cf38c8039fd00e6a321fe9886b0cfb9335a3441293f6a4595945158946a84463

SHA512
f7f5e2473e308a864271e9d6fb4f3993f37061bc0952f996706be1aa516ba9f9e3c49ec652d368edd22f739149e46b2f7adb896a0188cf69e415d6dca11ca29e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f6a86b5f6a94a5aa455cd96b210e1d6d

SHA1
a2d2ceed96bf991d18f5212376dc4665e0e48ea3

SHA256
8e2f32dec7299697574359ee9246333f70e059451e5424f903fdb0277efb7325

SHA512
fc57f49f7294a05c8a2399564e7e5d7bc04aaa1a49addcd2eacdd7ef2e9de502b537a74951068cfba19933de6c9ecaab76025270b7484db53b78a5a65668b822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
536e9495d5e7eee4ea3d0f81cd590f30

SHA1
31556244a3095638c406e5c7bac7fe650aa7f311

SHA256
6cb73ecb3a369278a5794a4639156f6d0607824cbdeacc7826b9adeab2f0c5d8

SHA512
934b97aff90af55ca66a64ffb1ee7c4f1df489cb288717f296c5bbf61d3da0a8ce294c0dd4b2591e6859215b3624d24b45be95e241af4cbeefe724d480b9b5fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07ecf37b5249759e6fc00bf9414f9e57

SHA1
daca824f6abf1a1249789ce445c8c199417eecb4

SHA256
7cdfacbec9a6f4deff918d9bcd6976270908b6af1c2e91d82a5fbbd3cfab4500

SHA512
11c2e1d32e7755e146eee913c3df8c539041845ece3d5f40cf55ca0bc3ae9faa3cb6ea9b2fa7fb75f63bb071ae66d6a603897277de551199275e3c293659ac6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6f4a53537d61bc573f5597d395a91c0e

SHA1
79f1e4a9df41830e4cfa8b13a1238fae80526509

SHA256
56fb9faad526f33fa53618a9fabc83508ae4776e02be0f4a79468c2acc0dc4f0

SHA512
2a54ec049224b9b346463b26a22d50152071bb35ded0381b8fce4e798f086d1d69f21d92c78e484e1b440c31cf8b8612a4116a37cd85c6027ccf4393e248312a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
717c6f1630249b92e431197bfe8fab93

SHA1
d289a0662fe6d11bf5b81e4592b05a175071e997

SHA256
a12740833f90d6567613855af7bd9eea9ef5e6bd31a11cdfeef9abc47d494ac6

SHA512
d4f787cf81fcecb75db86fe941fb21e935fedd81163950a213dc676c550af4515b28c5320a01685ba842099dbe8dfd1586c5788984ccdddf37d2af03d2a5652c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a25e4085a6c1cf7dfe1e802dd2e6ec8

SHA1
03bac8d1c12123bcda813e259a62fbff68c0f82a

SHA256
10445c8807482528e207761007fedb91765cfd9018a28912fd1d5cdc147c833d

SHA512
4eae5d9fd11f4c552869910b1d2c54de97acecb29bfbf8e72ee6ce39695499d3b6687943440b1f8ec6707cf7adfc01f4123820576143bab9f6c849c4bbe421c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6f66d3d4b1f05cf65b01b44421ceb3f7

SHA1
fe78890c1c6fb634346e23ed8e31bf4c2cf0d645

SHA256
c2b3c4500074ce43ccbee34360aef493cf1f35363e2872f33dc2e88c694386cd

SHA512
5e83f0765e1d9e61eeef17a5c3172fd598920cfd96e7e97fe9e0a6ecdee8ddf4b4e5b555e17f68995098a757ab6b1e2df9527488980bccd887617baa58a13d2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
427a2949faffbfa2c3a297e62423af07

SHA1
ead172c372d9d0c806225791452a499699798769

SHA256
48e2e6078c234a93ebac130a992cce44aa53aeedae8c892c5143fdffdb813a7c

SHA512
8ae2f04622861d64b3365fcd3d5b99db2c1b49620c90fe18486451e11be43424d09918a193a7f92b26e180dce88f861360cc981ca45d099f316762d04772e944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7130fa99f9679c7fec96d3e2f5c7bb3a

SHA1
76b00ab7155b52edbf8e94e55f0dc2cade14c0d2

SHA256
62b00926f6ef7f43d917f384e9252234b1b2231e53ffd65ede4a9f0db21696ec

SHA512
db2e8486ee2c08bdd7bb1dbb34b549e0d253e9d0c835d78868c6bfdd38ac24e8e23729f8fba00da0a84d4f84db501ad7a84ad81e70028c44bb36b3062c5145d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f9a15b80d21556190b3ea1070de7970

SHA1
039fb74d63ad27c095de3321f2342dd63bc007b3

SHA256
d311f322b0bdeca6c69c7bb011a649a3ac23876f6b38471d81c72942381a8c3b

SHA512
33fbdd41b324135eeb2b63225eacf1754c08919542b55eb2aa6c44e0a5906d1f410ccdc344eb5b687131afd58e39163c481b226a219a85c3b9b7c3b32c523736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8655dc1e8d05a3b3ab79cc5a6d98e52b

SHA1
23203ffbfcee3f5450856f9cf2d50a9b85fd1440

SHA256
92eb0e12ed1f09face6abb24124347348dd8fb0b14a3333977ca93f4eabb6335

SHA512
fe73bca9e004f571e02cf341d646f0b0cca5b7e07f1ec0487bcf329bbf53ee4befa454cce389e667826871c89e573f551b96cb14cf02cac49e4af6f17998533c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb25d4b21ca95ab0cd3b6e49082b82e1

SHA1
4f5b9c52bb6b73c5c8a52f0c3b57515b9445eca7

SHA256
1605f8c83c52f6186cf56c735b7ba330bc17a9bdafd7184fdd94a63094653fc9

SHA512
abca8eedffb4c771a784123a89e29d6e755a9733fde21787157073d88599ff33651bef4fbcdb84c4d2dc0c2f42d17f796b7fb45e8c040f574086b70067a57126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b9d8ebbc70ebff44f480d8efa9f2f80

SHA1
4e772a1b061d79960d7d7dd3b532926e13364bfa

SHA256
50b0da64bf210548581835ef8b2d8a21cbfeef85234bd04bb2794bdb7acdfc40

SHA512
15391f81bcd7c68b78b5815a5f314a02d40d4db7b6028438d5bfcc2b8fbddeb514d79eb37817e41ef777dca6919bed7eb330bd9c1c8bcee5b941f9d4e1957fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b74b52e7d56ccd0e47440bede580104

SHA1
73d8e538753c604b77721dd4eaf81d2190f040a6

SHA256
ffe94f685b4be8d867f30c52169d30d879e0459f43e26f2df767f50cd8e08d49

SHA512
c24728d362a59da58e61a609da04d4050daa962f8647ead30b3cff2a06bd826b224eccb7370356a9ed7ea2e0ba9bda0e29b5fce39105ef413c143dc20c6cdea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
76c117193a16fc91504055da03a4e2d5

SHA1
6ad4b18bc87dc87a37afd2d9c9955bd820ca5be4

SHA256
0564eee112e2a640a04ea596b0a2a3d4ffc1c2b9272dad2ce5109fb531cb7fe0

SHA512
2db4356305bbb1fae05cb44407c8dc96964ee696756c127f3d4cd24837dd43432e0a6002b78f8def6350720d4526c6af8e7a976397e09f9c759754bf2f6bf509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce82c4220bd8cc4b065351bd20cb1ace

SHA1
4f06b5c76ba10e36167d010d1a86bc8fa4f666b1

SHA256
1e9ad8a476f52c9d7d2b4c55b122b05a06718f44f16211f760a447d1d271a2a3

SHA512
007f97a9de70bedb5a9d2ac6f04860c3616d6d46f04c7dba723da78dd07e386a5b38baf5536d276b31d00a35a0bae340123994a155ebaede652ea93269412fe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
528223268629bb8a208dc672b7b88121

SHA1
bfa7f80724421bd56c033b87a0976682d2b3c868

SHA256
e1bf8252f246fdabc7bd13dc4e2b652cd1e8f33cb0e3a6bd8132be250949d43d

SHA512
06aa82a0a31ae455d0b639ea47288fe7390f14073c0503b91218cbeb7a06113782dd0e072fff8ea1d3faaa9a86bd34c1bcdae0c25df6ccf8ee1815fa35f413d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e4ebe68dcb0fe032ae862a34990434f

SHA1
f7b38b93b3fe570c7c4148ebe7da9dda003ea881

SHA256
65631cf2605ed1e225cb28a10707c005e727b4440dad4def76911d49f3469a41

SHA512
bba7ead64dc3aed4b3745a5fdeedc71cb9ed9adc5f7a0d0fc29f4751acf523aa21bd629eb2eefc325fb69ebc5be1e75962e68a88d58bf5602400b70081a173a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
17ca9264c9b5418292852c166edf8690

SHA1
48763a1eb689590fe7b9a83cda618efc196fe70c

SHA256
f322964568183883d2b908b991c11d441353af47adbd12b66ad2d7ca7bdcf5f7

SHA512
6d85b78ac3e6e006af4537c3ef1b51088b1f93d918e8c211d31b9f5c19eedce40dfd121d61ca2040377417090ff511ca4b2060a8b509ce235b81f8c73dc02e3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
29d6ace2d1b3c8fefcc7733dbcb8697a

SHA1
b12660f5820655272c38eac604261bb87af9cc58

SHA256
dbb948b022b05d06b22ffb181ec4991c55e0aee0b0c586b8c16cab144af3d52b

SHA512
6ca8e94444a04f9840ad528664e34474a072beabc6a779779bee944ff8cce07470c170372d26e5355add8d783f2df556457c6c29a71a8628d5592c5ef141c8d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5041098247563b1f86de1db30872f9d0

SHA1
507f175215bb25acf59cfb4eb6df12c0081e2bab

SHA256
55183e6c5032f68aa7b19fbf22c9d9a6a85c74f9570100a2a2f7f71c46593e51

SHA512
ebf19a0c1381b07cf2a2149d4f4588248f2919d86a5f0bb62d16fc64be625601e92df81b636f60319ef6e682c7334c6b4cff2e3c7b5f9d80703e977f5f0efebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b5efa705441be322a31e531643a5e69

SHA1
9fe6fbf082bdbcd98ee71aa64d245e5d0658d034

SHA256
832d2e72ab4e43cef9df99c42e0183f00ccf329dd6060b7a5809b0f48a381aec

SHA512
1e6a497fb54928b50b6c119474b4e4de790bdb691310a1801b5a7449d0f15a0b9bf0b72a5b04f4334d4ca5e23f3a81386ad0c44f9b0d45b989fa8fa60f3ada42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
417d04bdb6c274a5f3cfaee9e88d5cbe

SHA1
a2c0dc4d151886075a21c21ac0ad939e8e549a94

SHA256
8cce7e70a76af1b6c203947c2250e126813f2ae38704f51af7a5504e42b2f390

SHA512
f9aa655bd19f08af0039668cd662f94c915a4dff3216b76c4cb0ee97b2f3907afca53b7fa00312d7e8edd55c87b6c856ef3dc2ee50f38ac8653cf026f263adb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e20fcf066845d059fd141b9398207b5

SHA1
41f4321c6b4f94084df2af396586507c8df41da4

SHA256
989fb2c2b7427cbc9e008de4205b6cc23b1b8d62d55c9aae3d1eee7a9b64b206

SHA512
deeedc0f4afeaf66ca387aa6f17d4702632f85b275eb18ee92f734096388f2382fa501eb79f016e56494706de7705d6c652a21a1ee053bc51791f3969f6f7192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7ad8fa08d7be539b0cb0173927d6bb8f

SHA1
cc4a5e420dd4c2c51803e6b380b858d916583f1a

SHA256
6824d2092892fa6b21f9d35e4ef2351a22497c0966f66bd0fffced7cdcf43a74

SHA512
6e66dc0f810bca480a499efe3064ad36c97f59f4aad243958b9543dd7834b7c001e91bf95ccf6cf7ddfed31353b1b478d3f4c70d890ac9ae941224ce1563855a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6aa67786344bd5f85622b959ac2e8a23

SHA1
ffe8150b92793375c3df236c393c366652051129

SHA256
039235068dfb1d7243091a71cf2ed5107dd8e7918fa71dbee06003e413b95e21

SHA512
435f7d71b195858a1e638d40eb878fab5f1c1878a4926ad78629ec2851a6a4d689baf8a8f959ac907ead356785d81c3c84c68d5b9cb8ca2be3cde150b776d87d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a37f98759c7b3cac4aa1c99d66d5dbbf

SHA1
641ca6e664598e38e58db7a8c113484b845728a0

SHA256
31ebad3b759d45e9266b08213d5687a5e85f51c86e17391477c3eeb354a4b8fb

SHA512
5c7a83db3ba1fa72e7a9e289b94a38aa41d6a39fc6ecf02d3e45aab22fd69f0e088939ff8907f6b3431eefbf9e3a86d0f4c18a221dca8c7ceeeaf551636aacc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bcb733f028bc63ec4cfe3fd386535f06

SHA1
1e820ed5d0a36c170d47fdff7298ef1f8bc57079

SHA256
9010c4ce46f1a8d77ca77a08e353f4f71f67a24df01111fcab969cc29ac8f7bc

SHA512
6faf6f2ced46d37c26d4f1ce2c7e607f1b07745bfca242fc334fb93e7f4d00b6b91f3f23adb1e1ff34fe1bbba5ac21ea0297f902f9b4861fad72ed192c1d7102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
343ed3941b7044c183d186d21eb637d0

SHA1
5dddc25390299bd8f0a6800aaa1301729169d639

SHA256
9bebcd4152b2b37c5ead429f44235a44391a7f656a9aa4d915470c966fec7b94

SHA512
62ac19af2b9e3d642454676b2b803cf18b6b26f9fa0056718a78066af5a0d68456f99d9cf807bf955b9788003330df19ae405dfdb5a60fd5eac70420c9cc73d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a5662552e6ffefb6224b8d7ac95761a8

SHA1
44727e0e80d67d3a4f6595fbed2e49e630e8e940

SHA256
0be1aa97da3e0122d611be79f33d4f711c5d63133c9d15d7b427d230d91dd878

SHA512
036ad22be6824d6e1885aa6f853bd3010d5b93f87676d4806686e33581c540ed05dc0cb179b4a448b16c3e201af6f23eb187fec895d452422d329251259d8749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a80c511b5b75363a9b8a61697ad98c3d

SHA1
edbb42c9aad763f32468079a5714b13efa70ae08

SHA256
32647f6fa885764ddddaa7544993998f12690a9da75a780d5a58ed694d9975a5

SHA512
59aaba17aedea61a482c89780794cc9f8392b52a2167aaa46a71b41f51eb170d2391ac5303a10aebc5009f4a7aaff81f2cfab17e2680b74bb0324d2a17844080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1acddca791f7f06197546a1c8aa1f278

SHA1
d4ea76eb4085f974f1a7e6090acf5df10658d9f9

SHA256
5ef7d5880332961a6ce4cc8aa6974a4eb237b8726fa384d6631d0f5056309745

SHA512
583ad19a411d0a1ee656fd51f351d9c4589da87ff38186104c30d54295587aa568d3f610b0b3ad0439a01314539d79dc7166441d3c91bd6d77367d4900abe62e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7145383cc6a4dfc4464807c45b40fbe0

SHA1
e2bd59f37b2e54705067306a1b7f3d2454ad1d58

SHA256
a4c3f00eb110793af7a41fc0c64be180dadd2a46999c66530564bcb0944732f7

SHA512
344f4e5f19323b64de013635f0d65fa2561e2041a8854f2266dd705f42ce24cc8b3de0e449b841d08e9567138eb1f17668c6742cca60fc281f54b2dded667ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fce9efa8ce52542807f1839025ac611b

SHA1
c89f55e71751dd74f16af1006007e22ce132abe8

SHA256
c5c3948a7fd2119efd599164964e797494247bb6ed4e43df342086ae0cae7d85

SHA512
ce0ebb43e103f4010b7be93efa9b635628c0e6a8d62fa199965874e8410ab3d70668998826f72c108ee385b74f48ad95db20248c93c8861a2eb4cb44269ccd74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1685ee2c06bbeb11e9de461f4b24adc4

SHA1
ec1135648dc0b2991d4c78b6f782b416718faa87

SHA256
0fbe8cb87481264243e9c288b1b42c927b30f2410c465e8e4786ccc80287426f

SHA512
aa8e2d74ceabbad7e113f9940a116bc4b478fb4787fb760f9a8ceade9420091869811cb13af914617ca08ed10685b24ad056cffd2b61e4dc0c50bd8e818e006d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09a3228525df7d9b043b48c7870b1c60

SHA1
39f87222ae47072bf8de07501dcc29f897a26095

SHA256
8d686236ea44eb7ff51510365a01329693f398123b4e31a31e54e82a9b11e6ae

SHA512
68620ea3874af76b61d186da9a3128c04c7830dd7cf17684efba5ea1d0134ee574b15b9d80ef9757771a050c56ced32694d4c3088b3cf1e41e316730b521a395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
00a583d3ce4174ff550d91c490b9fa1d

SHA1
60f30885bf4feb43e7587ae566f9a2b392b9dad9

SHA256
31ae2b06e12bdec27963c6a22fa03ab30fb51da7f1ca7bd0149a4e5b6ddd0b28

SHA512
dd296956b4bce8698f7d80905c11dae8e97655989569eb45299ff3f2d307aef9808998b422e3a597d251005b9db7bc12ce615dd0b62c73035e7a81f03f61ff5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3db8231cebc24a8ea913e6c4d366717d

SHA1
10b38397cbd500630d57e5f64b471c8c5f3dd96a

SHA256
125122418a0ad7bc67ea96a43cf94e92239ba869441d321ba02ae7f28be5b412

SHA512
731abd95f3eeac66766a221cc5a26580eef9a9aafe389a8ece2e1b8c5c40a31e32548686a22ad34b6df0ca65ca2e04bd46f94d2fc570bee3adfd041bb623cf07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
581a10308e91c399d0c58e1f7849011e

SHA1
2e26636e2392115249650b5675b8dd2db2cd523e

SHA256
b97589dd0b389383c094761f2acb3f765bf5f17b79c6433b043496035fc6923b

SHA512
02327328d670780d29c2de09492408b7dd1e1c147d962b6b975646442ce990f50d0a4fba9742a2fabfe49c1173f9f2e00761820a8ffcedfddc1f16f55d2d5112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9ab114dbb3fa915381ae58db66e22a09

SHA1
d82b3fa4a596f32e41889829fc784ec33609760f

SHA256
46d0b7f1a65a1430faafe5753a0d45781e16830047094ecacb2a3bd5823af31d

SHA512
35b778e05e85ff9cff1e63bdeed4d8e62f595921f0dca2767f713ad2099278adf3fe38eb71d2ed0a74339ee14beb7a6e1118b8ffe56672208f20d8cf81ca1dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
67f4d57dd294c0114dfbb3c5697e4e07

SHA1
b7efe0d48017aba6955c4e8b432bc2af75563cee

SHA256
f20da4973461522dd077c1be387cd070069d8d294682a185d82436ad390111f7

SHA512
e523baf97610ca6cf08cb911afd7315ca4700c747c716799450d928b3a722f50d3d3b15883c0c928faf40cbd4dc7c8bc94e88732b68a678392ef4b36d7449640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f67bc4e41d4c509bbfe1263b6232b6f

SHA1
6d88dcb6fa531e4f6835c1f23bbc50c0d6152801

SHA256
c2e2ca922f7ac027df9ceb9d2ae06caf2c3f1cbaf5d4bd83d669c411c58726a4

SHA512
2fdb48bfd27fc7acae7d204f372efc215896c8a690fa9b9c1c2aeb34789c4926e3760784ca10083141f4dd908935cbe1dd22ea166a08fa1db3296582d1c7adf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8cb232b27ae78479f5229bb16f8ae9f8

SHA1
e3d9db5c6e7ab27464f6d943a7ac60acd80bb555

SHA256
c03289fe61cecbace83c034db1a76792485fd1371419f1679f3a52c711dda71a

SHA512
fc97a2c29eb5852dddfc9c2a8a243b072ce091ff7da3248a78d7d85c753dfa1eea933da782d0d03e15f8efa988d2e7d609d89449c0b9bee674fa5472cdba9939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
158daf89f7ff23244eae08889948443d

SHA1
eed0528b0ab8af401b3efb0b35fe3848418f6674

SHA256
3fb6c0416d989156e497f5a0b5e62210f2a2a0f7726a3a16e78a4f9087ad7afd

SHA512
ffa1dfb5afed58e3304e90a018bd0af8404b1b7874a26b166809c5441a4aeb6c378b0a4cf15ff56519d2db61f961119b23ba158b976274aa0bc479593dde5f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
74b9ac273a9f26f41e974e7c8257d469

SHA1
27e4e423cc5846cef2fea548278775a24e6c8df7

SHA256
5bb271bcd987d5d83fe78083efbcbeb83e10cbc31a484e98ec697764db4ca62d

SHA512
dc3fd4a8b3338c99eb426f0b3dcdb091bb34cf5f92436c0e74ddce4996c667282d8b88d7e54a23dc17edd7b21a8a016cab19f48292f83c9efb5b97541b9b8fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8c0af9870d81e25d5c77a3c82ff6a723

SHA1
5cab890bc7e43f17523a9139a049377b0e524079

SHA256
cc9d5a0f6e62ac71866a355ea6403930fbc4cc27a3da35751330171de1135f70

SHA512
3a272f80bfeb4e57f1f46a2671e99faf66afe6ba91ae9e9560b78267ff7b0cc297b2270e1c16c05a377117f0efb68d484d77d60a16055f9290cd004111b8a542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aaece95f4c4d75e408dd9e25b14e59b7

SHA1
f55de24af237251bfe36cca75102662d85100901

SHA256
6b1496feddf8f8fe6d04b123abd6a8b9f4c8fd7e1937d5a793f9157a271152ba

SHA512
c1437dcc18b2c7d927becc207251498ced5893af2fc5330004c07daa01d8222a10633cf308ec8c7c8f2d2c57d7b546480b2c07332dfa39584293d330188eabda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
21fdfe74f23a8c59c9af57c361ce330e

SHA1
24d5a027aa396586432f553e9527439f3ca39908

SHA256
899a50a9829e4dc92f0378e136fa3494858e30f4a405b9a99510a36905536ea4

SHA512
93154f951aa504b1081a0691e56150ee85b184a203dfb268d59847a6d535feefc19be4cf0874a52bfd1ddd449b1b02ec751272845893141649da643778007385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f918fb25ca18dc46eb9b0e70b037cd8

SHA1
e5da2acbc8943b271c817774d849d146f59832f7

SHA256
9dbfaf9e59c449735bb2ba03545d65dafc9e21359484735f6478217287656960

SHA512
8d3b71a4e00b19688e9eb305afbcb32c68fa52bb28f571822bb53efa6bdd5dcf55cbe07dedae6813cd406d276c4334583fc69e6d73db45348bee1285e380be7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
01021b4331b7b1757bdcaa393419e0d7

SHA1
289e6188a2296140360cd552de428df4fccb03dc

SHA256
54be728bd1a5cf5c683dbbd17357cc6bd3cbead202776759ee26e1d8f3ff2f0d

SHA512
608211a81e9a8c2d49dceb109d2c43b8cf4a3f056f6997c79a86e38206771686ba75e6581ae915c5f4a78a374fbd0682c133f190234e98c726fdebfaf3fb501d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8083c201bbf39a49d4f213775d1dbe24

SHA1
c55bc49becee51de732cc2196e044ba3f67783c7

SHA256
cf2a158714809feeaeac2c7995b5df7eb4d0d34562f47c8c1f666edcd6f1b6a9

SHA512
d15ac5ffe9936234c7fc8589e064b5963c19f3cc3c1359a76b9ffcbba3f7a1d73e947b16b620c69c4dba4ba8d462028848a779dcbf6005df9ce422bb90274e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4b5e190c6165b81339edc638fae4900c

SHA1
cc52464c3166fdf6c07519cd73a17582f1a4ad64

SHA256
c8ee5742df0623cf9ddb07b50d6d1e955f83c9fbe9e2ede732e5544a2fc7e682

SHA512
9c42a252494b5cfd5cc73f43aa02440918e6ab5705c66c34c85653cb19c6c002088b5bfb39a8a40b2a77e0830ba25f12cff77dc14ede615638996aa25bc5d1a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ae19772afcc4f8ea777d1cc4ef0fcb28

SHA1
3cfce21e5faf19cb6f30b8dd4713737802222a09

SHA256
7491a1eb12511dd83d8fc6aa99114c3e893762c45ac59220f987637a4da0eaeb

SHA512
160b9b02f9ac17c20c3a338e41cd94b422906aa09ef27f14f820d6a5147e92840c257aa79d8c35c28287862cfcd1f98bae74254d81261060cee38d1f4b7971d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61ce164963555659a79d2720646af9a2

SHA1
bb78002ea1f68d8ecdfc49180f72688297e6a11c

SHA256
5b68f377dfd68c6eaa2c53f47657ec6a690e2a647e28e94bef6e6b5260408b8c

SHA512
dcc78cb78dd3bbe78afd87c3286b7c4f7e2178378c090b0654d1a6e53e57945abe5dd558c2de142b07c3496d58ccc82d54bc4fc82c69497be7da858897502c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4079ba24433457c9f2e402ac1eda2561

SHA1
d4b0bd03c1327fd008184a17baa87b042482a8cd

SHA256
07f0a61b134938055f05772832f5b89d713257a631f144aded0cc5ae7639dc23

SHA512
2d0266158c89c12b4f1fbf283932558034535044615ca1c1b249d7529d718ac70452c85b8fe4c8150a64bd42f3cdd2fc7c508b85000aa91776ac6c84f2c4a40b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e7dd8ee527ca686a0501763cecefb7e2

SHA1
d81b0800e6db8eb4a6a17941f2f0e574973c478a

SHA256
515f02d95ab1ab2c3db12110fab2b5088a1300063e14ef653230304ad2e9d291

SHA512
d6e60cb47565ba5e167072819fabd5cd55b3baadd31b2b3cb99609ed372694d93bba44430f289b0abc19a360d9e9cfe07fb03bfaa63597762785b44efd66913d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2f6081d79432ef93e899274f03efeb7

SHA1
d73522390d6d6e1faed7c2fc66c3b93bcff094cc

SHA256
44f29575a0b8fce83a03a502b9dc07466aa25d208b069ad78d177b2af1af433a

SHA512
60d39f5e2a48f764fe407a77726054a50810b96a6ebcd5cf3ed7988350bd3ab762c5a8923d5299d59263394e84905c9db5b810ec6b15743853a7114122129673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16708934f21d73ac82d73d67ec91d202

SHA1
e324b058b426e3c95e5cbf6cb267fe33f262a606

SHA256
8be3a456320332782bf2b32bb077e550097d493b7f0b23ff3ae64f2e65a35f33

SHA512
7b3d6a7bc95f352613c7de7930a0d8a8eb6988215ec549e26cbb7c5c01bde4a21dbe4a57c06deb8e325a49f6baea5735451994f7ad635177467a32e17425b89b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dd26ab153fe0a3262230dfdd14d00bc2

SHA1
0d6de0b2f64c0a3e27d44dc694551794db8c2cb3

SHA256
81ce205879e105ef76020593f077094e006aa59ca003125e44bd9730c5769bf4

SHA512
7c1b2eb3e9fb65fcefbe3602d8bf7c3bd494af30c9948d6ebccc6682c13e6aef571f7c3d17897522ea494de4ab2c031cc982660499d454b1464f461aa057f360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ebffb9a2aa467994c41d57ab20e0e928

SHA1
bdf216c8e24df9f0d551f9a461478a45a17020f8

SHA256
4f9bd29ff38ced1f3c8142cf962e793b75a496e0aaca8b7c2a301ff1c5a3192d

SHA512
0de4b9dfdc0d5c54ae24d4c204760d492a75c3d0b0eca4bc771d5f3fa3a4925064853412e4725dabb49811935cf814fad4da60a56942db6522da36937a626dd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cc0daf882e8363a28c43a2dc3760ca33

SHA1
f4ca0667966d556c4503f932017c7c771f5da16b

SHA256
394c6204be9303bb4899bca7410ca66891650341abb1b9a22aa08fb5db0ae3e8

SHA512
bf16afd0267e705a60557801b39af224c50f26e483d1c23a6352debcd50e80e88a8dec149e11ca60f437d2dc878e24ca9b929c7d979ba274c99f2cc117784765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14877b099a163a9ceaf4492e0367c723

SHA1
cb9408022c5c67e6e36f7996952db1dbace4c8ec

SHA256
918d60d91f4875cea8176e05f77679ca398c954a4086917196096b4792a533c5

SHA512
171a556c592bd44a011cf831ada4e39fc29d1d721ca0251219af2b66ca953ffffa76bc2f4eb62cff96c9f8ca2fc36fbd88c832e86efe4c243d9d32f2a1d4947a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb0bbc132eab625e3f2220ac7b138d9d

SHA1
0f34354988ecc34fb8bc417576a90fa7c6fdb9f0

SHA256
a0e5c2462a18a522d12f859bebfc81691aedad01a2b749352964b474b7ebafbf

SHA512
3975206c777160bd20824327fea4cdd5e44ceea6778b03d55b2d4c7e10d6a3a586a728890521284725a3e334d75dda907247a39f7335d50c607218921e44e653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f3dfa60e4da2512075e9eb49ffabd0a1

SHA1
02d8ca2484a29d93d556928fcdea7216b70866f8

SHA256
734c54c47d33f2df296dacbe0c31e4f26f02b5f35dbbece9f4044c493996ebac

SHA512
afee42e95122f22970f5fc5e1871f2b8b5251e2d051e6adcfc569b752a52a25988477f02692b4752e31d68985fa7ec573a9ca491e76ad19713dc422712b6ee6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dadb908270b2cf8f2122f1e7ccec3562

SHA1
daac35992da3d1a6058f1a9e1b4aed303749f0c9

SHA256
6c7e56644b3e08d3e61ba77b3d14e5a00894537f01eceacdb15da7faea3b2115

SHA512
361f458cda6a7df20b5bc098acdc233132a60502f1bf6ab9d8acccdf16958af79a5d46d9a8ae6c4fd6e1f1c622b49e1ac76c6fedf27a52beac5b8cdc0f605d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0cc32e0eb2f9ef7c1c347d735182ff70

SHA1
9762c0136a85f2858511dd5d1a26f669a6ca0a57

SHA256
9c5fefc8d1539ea2bf652c61e911e7f5d52415a28289f8ac76bbc6d9c54684c0

SHA512
c8b703400330b10d22d40b98c3fcec50c409fb3dddc99d70be9d6a874dd930d7c0da2533b6850bba71cf47222f9b8d0a0445239f3e935b5609dde64a6daa57d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ec71f03a1360d823fc4e0206e14c71c6

SHA1
6516cac9150c3721c9da15dd1217d31565ecff9c

SHA256
30ae3ff7098441dc8684e107fe0174deb448cbbbe3ab8b91c994411e35ee40a4

SHA512
c2341cdc40a9e77cc10fdc4a1f18671176c9a58fe08d083c2a8e8bdfe25a76b16f4c46308a6abe401a42ac6eb5508342e383864d9da1afeba5116d0049b89f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
679cd20ee5289311b3d979070b65b78c

SHA1
3718de6a66c029864659fdd62e8d14a603098bc2

SHA256
32bdb1a73feef062ee7266bc94a2da2cc58ca7aa6fc3dd662b827f4196147242

SHA512
e01b0eafc64fe9549b73de6dd671b5b9dff35c59ff424b08117ecb46e2a2ff7110b001781b5e8457d8c61cc5765a3333f3212a00255edac30088fbbfd53f9cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b8003fae94ce4c52c955e8c090c2632

SHA1
69759099a4be832a332b89620307b88384b241a4

SHA256
5237aa38561bb53c8582f2b079fb86d144205c8bf115101292b591c0f0a18f28

SHA512
b5408193b69647348376b0feee59b20560757b3be8c079727fb104220abcc22a45420c4093be3345b68b2e76d2c89ae3af52d81d523c89f76cefc426e3087bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb27078a4e797a6eafe09c10fce1a6fb

SHA1
8b4d3a7748eaead128bfae161919e206f3257a71

SHA256
337715fc64af68e30a6900b4f9312f0fa4cfc210800418c60815b7f13281deed

SHA512
f7f244559e3a5f1abcb8595223080a1185eaa844bec97e0cfade34bf0251b3f63c2e00d0d523500da37acebff60c2002d3075a7e61ec4549a583e74ca566b4c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f8430b9930b0417bd476eaad3fed639c

SHA1
35dc4a136f68e9fdf2751a5e62dc7b68cadf4a37

SHA256
d627c51729b28068ed4b2b37eae70be01ff7fd6d3a0f1ea0fb879fb97d6af18d

SHA512
33b0f33611a8496ee0d2aa6c447f95b37477e12121c11eee7c8ab915d86ea50400dcb890f5482f6da0decd5024611c9007687fffe5d8cd1d0a57bc7e6c2b287b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ebfa955bb114c2bfe425bb09844f3be8

SHA1
3cbd8a489491187a38556c2596331cc688448539

SHA256
b3d70804a2756e6d7050062922977b6cb1a3c144bbd35e3ded985dd9347b7b80

SHA512
0b78c32fc3b29b5f6328bcfe9510eb38548b67adebbe19bb50a52b7776eb54106ac96296e4f64e9c8ffb81d9a2415b400bf18471277a35a0937ed7c9b2f4fe87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
99eb8881e7f201ba1d3d30c334a158ea

SHA1
be9949d4a91fe36688f61dee476d7eb204f4c056

SHA256
8a885ac350dc16d7b8758021d7620ece9d9c82711faaf4f1093dda24a6708fdf

SHA512
6758dfa171242fe2aa53cbaa428761ca10a62de7640e6fa0d7e12c177f6ba7571a791a53bae528d76238aa89d9477eb37de0e727b3eecc95419bc47f434b170c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
01dd4d42edb61c9fda462329225a7b5e

SHA1
e5bf77ced7b53bb6c11a2131dab471ec241c0bc8

SHA256
0f9a4b3712b4ae9691c6b364f5fa1052a15e02f46b9ab08f88536b6beca003cb

SHA512
09c396c4caf037b5a236296f6cbc761d148eaa9806237c6dad06007cf03fcd114530385d969d3603041a65c30c2aec4fb94a5f53c96726c4969f6b02c1fdbe45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
fceccbca71b0dfd77e59308ff05b1e02

SHA1
120cccff91d5cf6d54e7d97d1e139627821801a3

SHA256
6a160958dcde9836ae65e2e286646b205e838d399e0180c950298436de40cac4

SHA512
41500c85e401942b69c3b5451981d6b0159bcdc5d40507081e70b7d1064bc848db82cfc5bfd9a92a1963594fb4b553b6898e253a42b8baa102b9920c72ddb774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4751d5d6c2014a3819b86987c2b5de12

SHA1
550b56d8b1c296fd9b246a84f5d1f2f3218d6e71

SHA256
b41c2e12faabfe5617b30b1f764b391016b9d93bd248af74202ffae207b9709a

SHA512
f298da24eadd4b272d59a9310680a0778e3d2c4c9f5ed901b2a08651e9716ffa80fb486562a835e8cf1b783ec6482d61222cca0b3cf9af9f3ffc1427f12d7c27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e7aab4f93f8cb12687f90da55f4b8c0

SHA1
41afc634fea012e3e2067cbe8fbf4560b2a772bf

SHA256
8c3f0ee36612b8bd11567b270ef83d397448abdde7875848090715c24ad0007d

SHA512
317a0ba0287434f23bbae34cb9fc0a585a3864d7c8ff212b601acadf28b8b783042302144fc58f9ae5656cfecd73e15bbf612b5ffb9793a0aa96ee2bd0d9c598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0cceb94b-69e3-47e0-8059-03c81146475a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
d4fcafa2b052d2899dba4c920ca4cc19

SHA1
b6317089fe2e440dd252380eb46e899073f99fe7

SHA256
55c694fe848987703fc8269e6533e23a6f7421505c9e99693b8ca25d6b95d099

SHA512
fd213ae94e5c3e4b4d5e4bcf1451b5420081ba10b9a211235af3d445f18c23df47fb87af13f40e3de888e9f095dc557b10194bebcafc8a07d85f9827569ac150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
af45470c3ca444462b742b6747a893f0

SHA1
9011dd178cad67e5a6f29bd5ed50555a898204eb

SHA256
c9c2c2583685521e3077c8997621bc7fb6da380b5d5b16e385f5a1a3f016f968

SHA512
cefe983910a2e5b3ffc9cd6747873f8a1cbc3858335a21ffcd6c8baaa2cc3c71b7b33ec6cffdca6ca7d61e3d4945da4ece8b01181f0af0356e810630fed5869f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
31952d1ab369126b1296838173defc62

SHA1
c45f1df474ea0c60ee16dbebbf64568d6058f180

SHA256
386b4d0c2daf33b504168aef13a22993080cd7a549f0ba000cf94c720c7a89c4

SHA512
62fd3ba13c11c53350312553fabf75d1c7c4554f9e9d543010cbceeaa4d01202ea0136359570853e95facd7dcb7e0762b3e5182fddb0c2343f10bc24e5b2088e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5edd68bdedd4af23b05be1c83ef91f94

SHA1
a6326e536da2ea18bff8a827e8308da8bfaa7623

SHA256
540c812f9003e15d66c078910d631500ae66172c02450e8f57b3e1cc4f577fb3

SHA512
979082bfd6454073a618beef54361d6089d5d53e6ca5909d4d9930c192bc55e19f513be69efe7be44061a25e4bf2f4aa7143ed534c6b23662af1f5eec71b41ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
346810d380ce7a844bd872791a4c7db2

SHA1
dfe7dc4f0a963bd438016a8b101daf944f24de85

SHA256
e4d2c89420fd4735f5281074c653560e57758f172857df6d519fcba836c1e111

SHA512
ef1181e8ed7ef8497a7b6cf81ba22f448034e4c8a0785f064a879c0261e60b2ce4f95f27088d55289422267d3e1bf66aed8797e2630fd593dab97a6f2baecbfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a7fad34b461a286cda4b1ec2a08fc87

SHA1
5ff05a1d85091bc6923c9e5107dd3a8486225477

SHA256
00fb024a757128fd61e935e0377774381de252a704fa869ca7b73db97c35b6c4

SHA512
d6a3fd63ac11e836064e25e223fede5dc939ee88101bc13b7aefea851d5d01ace3655407dbd34ff7f0e4d259e1bde8f1ddb9ba4205a252b49cb16fad527793c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
448b32b284d3f0d2c793def26fcad7f0

SHA1
da0f8049194b2ac3c15ca8d77fce528da4be6331

SHA256
f475e9b6cbf45a9dd711221574315a337ca22d0196954eb3265269e78d51ccdb

SHA512
99112ce01a59b13e120938ad7f925770181ac949087811cdc8b93fd55bc3ba3fa318212aa9d2ab016bb650f225c528f383162fbf450a7fab4b4b79d692ab00c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
29ce62ec5cfbafe157123b324991f6f9

SHA1
2f2cb86265848c757aa72fc21f7abd4ae33081c3

SHA256
612944ad909bbd7d087ffe075ae726fcd7401f9b8bfc4e6ba53da2564b677d6b

SHA512
65fa7d59d6f1e18b6adce415ab8b6ca0c61fc8a2a0cb4720e242395f2f4052bc871162115176e5f21b4117091e2f25a16378f6540551860a8ba90c2acea14e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13367604929945373

Filesize
1KB

MD5
06cb5e41236d5609e5aeec42f1b2bc3b

SHA1
281c0bd3db684accfb74af2aeb393d5c6ac4bbe2

SHA256
4dd9d5d33b143aa7ac6872f3d679a56f9550da2c082db20d24a8588ed2a323e8

SHA512
4ebd12213525d64c6c4a9d7859afc24c84cb3e394682e8846d30146a89d9532628960b9c7caa29c0e5de473acb4a4fd0c878ba76c4937c692c4ea4e6d4542756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367604930112373

Filesize
1KB

MD5
e7dd6e9062b9b052c021ab7cc0239472

SHA1
75833ddde30e1b097ad88cc11540dd1827c27e80

SHA256
45e8ff02de70cbac7f881d77b43b0867dc8fdcc9dfcb61fcd7bebf4fa85ad2ce

SHA512
82b367820d9f2db085c4c3d23207711004012a4e8bc9b77db14a28902c8a0e0a3cba3b951207fbfd8ba7a7195a4848d07977a6ba2075648dbb6181e879326b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
ffdff2bdd9583e99d55a6404024a9d9c

SHA1
6ff6354c122d1a53ce56d3e1fcfde315830385c5

SHA256
89f6328275f3cfb3a2e255d3d939bbccc3b8bd5b31cd85b5a4b7fafd149a6429

SHA512
77c67db5d3893df6f83642cb3e7649052364d27260529294f2692dcc04d7fb60318aeaebf85c3316de7a3d8641b7fbe76b1942f42609b0ad35b630b2d4b07577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
7042392d14bf1e3b61830b67cfda0735

SHA1
acaed846fd3bfd0b9c5d5b4dff97283cb0e7f96c

SHA256
4b5488f633768f9dbca562a65e8d96b2b0ecb08798d26446d2158731884d9cec

SHA512
9044fac9fd5115d444dde6babce8b7fb5c90bf486467989b63f063f201ff5511697c8e1b9ce93a4f3f1ef5a5d2b3b9adfb56f88ad6fb687d04352fad245a88b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
05d1619e043ad3784fd85cf0f99f8ec8

SHA1
ee0367ce12c796fa81499071a3f02cfb305c973f

SHA256
accca93bf8fd65510c6ac96340bb74bbe23d95cd9df281dd50ea1dfb8af307b9

SHA512
00c64397a4a7459f1d49c33a2cfbc1ef1b93e9727373a47029131dfbd5beef90adc65ac84fba7f6a6fdc326dc73b911ebbdd78773477b9c33c1f7226329a5bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
f05a31c8e43d0236ddb9a597d5193803

SHA1
abb12c93747435d49ce1edfb4497bbc44389cdcc

SHA256
41220d7613acba0037379ee6331bb4d42447174f2d5a85533c4bf366ac5d62d5

SHA512
5ec18db090610dd7b609dc19974eb776d9694e8a53ff3bc2d4f669b10593c0a5aa959f3bf41db073a9e542d4cac608e3f300580ee273141c5c750f60f9e6131c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
d8ef10d373972cf544593339e891106d

SHA1
d10d31b817db1b9a222cd17e3595da6eb80316c7

SHA256
a8d3ecf444a3533a22249da0c2a5739bb46f71073997db3d17ebd08d29990d6a

SHA512
1407af1b94ed14a41d4bd465c98c81b8dd75af19dd1d33a7ed0f9cc5a9a62115a72d158be38f92ac2f8b01a8efab321dc40fcb0cda23140c689a0581935848e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
a5aae4e4cd1d803840da0320c35170cc

SHA1
cc0008e2ce5deefe45f946233edfb984f0bf4ddd

SHA256
db80ad6db751d5a84fb40ac74cfde336231796b6a149acec77f089cf64b49000

SHA512
bbeb2ebf34ca0af540759c88f652d164486f0aee412234527fd6edfbd7b4745cc8f9cbd96bfc4a692eeb919510e4b1d2fa078d4365f9c666bddafdafaedacae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
327b4199dbeefe2e2889cd499360d237

SHA1
28a6920f1a2e4385181bdd3f0d7cdcd4d9752705

SHA256
d7dd108779d5cbdcf555111f8f0dbf20888fe3f0cbc9cd2d14e34afdd0127405

SHA512
1430bd2006a6a5fd3c43602aaab3f3519603013e5ffd945d73e9840c7eecf5039f500623d6c35fbc3c934ac68a92baea8e2d2de4ff355cf16f355b0e6498794e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
fa01822dc4c3998b8c2e1870b92663a7

SHA1
8950f58ccb89d95eeecc62eb65716ee249795886

SHA256
4a91210a41fc058b705ef4e7bfbb19755e30762a3c09cf06cd604b0aab5f91f6

SHA512
2fdacf2c10c000b631f4f97bd2991769c4873e2cbb5b4c5c7101a60870711d63dbda64b14b6d9070a9d9b6321ec0e2d36432e9140fd548d5ea19c01ef9d72290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5475499fa06e5cb5a71b1710a1e3d3a0

SHA1
1cf3bc793229d2701b95568ba344865c56fd9d30

SHA256
51e09b813f9ff57d52a310652dad14d1a6471af4ad18aa7f77d1452e4449eb1b

SHA512
aaf36b63d763336160e120548997e9736140251b49c444428a9c3cf31a02edfcb285657a23f3da283822da26557df495ec14eaf2014f0b73da794a459c3fe9f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
36b55a94511211320397bfaf46c9850a

SHA1
2714443612b8713d6f76e485256202662dea47af

SHA256
d6998b15313cbf0d5ebe0b61a290af3229ac6634dcae42e5e89ea71f99ea2fb9

SHA512
58e985a647b5170824097a50fbaf2e32462654e6fe7d08bcaddd7d591052a722fce701b8b87c55ea570998c634e931ee87d6e1c4b750a7776e510a3016f669bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
f2c2e3f2d71a9d94550a27275c10b4bb

SHA1
448e5524eda7f9a88cd345ad09c534d4b8278373

SHA256
d802c028943b19c3fad98246267ef0e9ddf8d5bbac15238b4ebdd26dd3984e94

SHA512
dc8a4e60875ff4cc0c7cc9d513e53d5f18ae9984198926b18d4561497bdbc111048c95f8154af9f1716aa0634dbaf2bb0ee1b2a46f19f4a728818c0d44887942

Download Submit
C:\Users\Admin\AppData\Local\Temp\!satana!.txt

Filesize
1KB

MD5
08d69f035749aa12432d96286fed0aaa

SHA1
743780526c193db29b40e81d11f5e5b241321665

SHA256
72f7f4135cf1b06f4b53debcecd4fb3da5137ddf7b2d0ae59c901133654b25c1

SHA512
9ccb87f26b825b42acb0edd1c70a982856d11edc83a8ae28d4696c81a9ebf6e500368ce0d21378a8735d30baf6648f9fa5eff9c0afc6551ae2fb07c17812e47f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tzb.exe

Filesize
72KB

MD5
108756f41d114eb93e136ba2feb838d0

SHA1
8c6b51923ee7da2f4642c7717db95fbb77d96164

SHA256
b38b4c1dcf6d6ecd1bbfc236b43c37c18044c2f42f11e5088384f4bd0751929c

SHA512
d13183e8ba4689475b0cb3f5cc7acbfba34a1ba661eb5988984647c2bd3e561cfa03f6267f60ae9fb2ca0783f26c105cdbcfc89def598c48968febef23c21aaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\tzb.exe:Zone.Identifier

Filesize
86B

MD5
df98628703f0cffd2704fa16ccc69d4e

SHA1
4bb8491eb44a8991058b71ef1eeb0d865ee055c7

SHA256
1d6c0da412b7a4df76d64cae7ed6ad600bc1ca19db7a79b52f619097e76c8fa6

SHA512
e51a356b78b6a56b2cb4541e91316189aaabb60699a76fcfb29e26294e36e7fedab3888989e6925ea86ba6654018030ed0c5ae75e75214c3864e1a89dd6d9e82

Download Submit
C:\Users\Admin\Downloads\Ransomware.Satana.zip.crdownload

Filesize
57KB

MD5
82f621944ee2639817400befabedffcf

SHA1
c183ae5ab43b9b3d3fabdb29859876c507a8d273

SHA256
4785c134b128df624760c02ad23c7e345a234a99828c3fecf58fbd6d5449897f

SHA512
7a2257af32b265596e9f864767f2b86fb439b846f7bffa4b9f477f2e54bc3ff2bb56a39db88b72a0112972959570afc697c3202839a836a6d10409a10985031b

Download Submit
C:\Users\Admin\Downloads\Ransomware.Satana.zip:Zone.Identifier

Filesize
124B

MD5
95357e6ff5c0361d88e91b19edd7a1ab

SHA1
19f4bb2f0115a3091066c7233e44cb98c456590c

SHA256
ca12d00e2bbc14bc2b791e94167bf0179788c916488336b5fd1ad9e217c4d076

SHA512
a889f3d9694c852cd504a3d9176b1484dbc1c819c67fba630ec39f73139f531780c54b507eb4d6d33b7eb27a49f2be866a1bde3c0b77a1af0996a9125d7a3de2

Download Submit
\??\pipe\crashpad_3684_CEHDTIMTUVNPKOGW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1156-548-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1156-545-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1156-546-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1156-549-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download