Overview

overview

10

Static

static

10

SatanCDD.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10/01/2025, 03:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    SatanCDD.exe

  • Size

    132KB

  • MD5

    3c97c62c8d17b8afa1c67791b101ac1f

  • SHA1

    b426fcd8a1258346949f2bcd3fdf997e93b9b3a4

  • SHA256

    7edc963b7d439ffe6f659b5aaa4c511446a7fc4eb0aca7ec2010e43686807103

  • SHA512

    09556f4f9e7de7e319c5be661eebcf925670fe736a84804457855eceeedfcd821091054183edc11ee7b94fa75e9f10bead2e96fd71e36d3c69614fa4b0d05094

  • SSDEEP

    3072:Ao/apr9lf9wIe3330+hbC7rOwyXS6XNmnqCbU47rrm:Yr9lfqIenf6LYNQv

Score
10/10
chaosdefense_evasiondiscoveryevasionexecutionimpactransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\Documents\Warning.txt

Ransom Note
Your files has been encrypted By SatanCDD and you won't be able to decrypt them without our help What can I do to get my files back You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer The price for the software is $5,981 Dollars can be made in Bitcoin only Please Contact Us At Gmail: [email protected] Or if you want Join us in Private Group here is link: http://mzg4llxp4kaf4qq5s4hlentf45rjda3mzev3j6hlh2endarc2k6z6oyd.onion/satancd-room PIN: 3699 But First off Please Install Tor Browser: https://www.torproject.org/ja/download/ Payment informationAmount: 0.064 BTC Bitcoin Address: bc1qmxj6genhefmsqjntu8239j0evxr7z7zm0dhqqm
URLs

http://mzg4llxp4kaf4qq5s4hlentf45rjda3mzev3j6hlh2endarc2k6z6oyd.onion/satancd-room

Signatures

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos
  • Chaos Ransomware 2 IoCs
  • Chaos family
    chaos
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
    ransomwareevasion
  • Deletes backup catalog 3 TTPs 1 IoCs

    Uses wbadmin.exe to inhibit system recovery.

    ransomware
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 34 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 37 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\SatanCDD.exe
    "C:\Users\Admin\AppData\Local\Temp\SatanCDD.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4016
    • C:\Users\Admin\AppData\Roaming\SatanCDD.exe
      "C:\Users\Admin\AppData\Roaming\SatanCDD.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • Sets desktop wallpaper using registry
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4428
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4896
        • C:\Windows\system32\vssadmin.exe
          vssadmin delete shadows /all /quiet
          4⤵
          • Interacts with shadow copies
          PID:3736
        • C:\Windows\System32\Wbem\WMIC.exe
          wmic shadowcopy delete
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3132
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4548
        • C:\Windows\system32\bcdedit.exe
          bcdedit /set {default} bootstatuspolicy ignoreallfailures
          4⤵
          • Modifies boot configuration data using bcdedit
          PID:2564
        • C:\Windows\system32\bcdedit.exe
          bcdedit /set {default} recoveryenabled no
          4⤵
          • Modifies boot configuration data using bcdedit
          PID:1032
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4220
        • C:\Windows\system32\wbadmin.exe
          wbadmin delete catalog -quiet
          4⤵
          • Deletes backup catalog
          PID:3240
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Warning.txt
        3⤵
        • Opens file in notepad (likely ransom note)
        PID:4500
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5088
  • C:\Windows\system32\wbengine.exe
    "C:\Windows\system32\wbengine.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1904
  • C:\Windows\System32\vdsldr.exe
    C:\Windows\System32\vdsldr.exe -Embedding
    1⤵
      PID:5056
    • C:\Windows\System32\vds.exe
      C:\Windows\System32\vds.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:784
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3704
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2344
    • C:\Windows\system32\BackgroundTransferHost.exe
      "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
      1⤵
      • Modifies registry class
      PID:3240
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
      1⤵
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2336
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:5312
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffd4e2ecc40,0x7ffd4e2ecc4c,0x7ffd4e2ecc58
        2⤵
          PID:5464
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1800 /prefetch:2
          2⤵
            PID:5584
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2128 /prefetch:3
            2⤵
              PID:5804
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2404 /prefetch:8
              2⤵
                PID:5864
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3160 /prefetch:1
                2⤵
                  PID:4952
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3184 /prefetch:1
                  2⤵
                    PID:1584
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4112,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4444 /prefetch:1
                    2⤵
                      PID:4264
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4744 /prefetch:8
                      2⤵
                        PID:956
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4768 /prefetch:8
                        2⤵
                          PID:5192
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4628,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4140 /prefetch:8
                          2⤵
                            PID:5288
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4992 /prefetch:8
                            2⤵
                              PID:5588
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5152 /prefetch:8
                              2⤵
                                PID:5764
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4764 /prefetch:8
                                2⤵
                                  PID:5372
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4652,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5288 /prefetch:2
                                  2⤵
                                    PID:5216
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4896,i,15138966304906128482,9514773046433270248,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3092 /prefetch:1
                                    2⤵
                                      PID:800
                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                    1⤵
                                      PID:4504
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                      1⤵
                                        PID:4244

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                        Filesize

                                        649B

                                        MD5

                                        119adc39fd7fb5269b3d0b8d9d0ac155

                                        SHA1

                                        798163549e0d73419eca13cbef41cd1d36dbe348

                                        SHA256

                                        4883cd9cf86a6e599814150f6494d6feabe01142f105bd5d9a8571ed12bfe9bc

                                        SHA512

                                        1eafa087e46a6b3bcd0716e557937a5759f8f736196c66e6c63c115bea3c5b2c5f8b7b38e835a9c8c0b35dfe9d72230f1a435f8dd1257ada274ad7381f6326f4

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        216B

                                        MD5

                                        645d1186c1a04f95bfeae7f5e21f30ad

                                        SHA1

                                        12669a1a322a2fefc5f04d19c714b1e290627059

                                        SHA256

                                        6c1156168245461e53e98437cef75e5e916f844b96b2f3283a4f82e9dcf373d3

                                        SHA512

                                        857f6bc376c266718aef502444b9491fcef5670cc69bd0bc9391697c4905f3c19f1e2ae70e1e8b3f75e8b0802ab571fbb0645a2ceb1a7851c515389ea556f13f

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
                                        Filesize

                                        264KB

                                        MD5

                                        f50f89a0a91564d0b8a211f8921aa7de

                                        SHA1

                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                        SHA256

                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                        SHA512

                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
                                        Filesize

                                        851B

                                        MD5

                                        07ffbe5f24ca348723ff8c6c488abfb8

                                        SHA1

                                        6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                        SHA256

                                        6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                        SHA512

                                        7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
                                        Filesize

                                        854B

                                        MD5

                                        4ec1df2da46182103d2ffc3b92d20ca5

                                        SHA1

                                        fb9d1ba3710cf31a87165317c6edc110e98994ce

                                        SHA256

                                        6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                        SHA512

                                        939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                        Filesize

                                        524B

                                        MD5

                                        008c270693744e7ca53739b470f24ef9

                                        SHA1

                                        70d859c9ac424221f023bb691fa5d8c42ec59224

                                        SHA256

                                        ecab5e5b00ed8dab6befa178f3fec0065396275acf02cbdb5ccb502aed7470e2

                                        SHA512

                                        2104f5d964cdb03646ba7585e9d9c6f802fa8e00bace520c846628b19981d016b37713d5d8efb2a03996fa9999d48fff88f714e52351c713bf9a18741b975f00

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\bc0a5dbd-9540-4e78-80f2-06ca8b564f0a.tmp
                                        Filesize

                                        1KB

                                        MD5

                                        26838bf66e68d5cc26ffb640be3b8da8

                                        SHA1

                                        4889d669a0fb32a9b2af5c99020888fdbcccd284

                                        SHA256

                                        2f58ad466291741e433d5656a88c3871a5bc1972e0794af4ddb2be01d575d9dc

                                        SHA512

                                        fb7e65b4483240888f9e487fe90c9b367a29a27d65780ab5f666ae6a403bf4bfea5b784c1f836a968ac05f006f69581a92b41994d6e36da397fd20fa158cb17b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                        Filesize

                                        9KB

                                        MD5

                                        19be5bdc768495b4933527fc872a1e88

                                        SHA1

                                        2efbb727f81716a7bf772144e52b915ea0b951d8

                                        SHA256

                                        c6661687649ae33d9830f2dbb042126a118150202c3e0efb0c5512ce754ca65c

                                        SHA512

                                        f27bb282c029c20da5472172c0933b98df276757b448bbfe7ae2e6fcfe0868b9a8c746b4002b3eca64eb9c0408d07c972e429da27ce9e8fac83881aa89d59e4f

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                        Filesize

                                        9KB

                                        MD5

                                        d71010b9695ef7564db8ad02176c6783

                                        SHA1

                                        b1c4bd373efa2f5dad2bd7dd9618b853db25f293

                                        SHA256

                                        02f6b16df8c7c869fb44f585b6409c672d54134f6a1e06d2d1fff580071db579

                                        SHA512

                                        2f6095f7de74755e9704215265ed5455debbd66d221e4ad93a620115a0c33bf05168cfa8b871a94c55443095c28d275746973ef175616ce5391afbbdbd5b6d97

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                        Filesize

                                        15KB

                                        MD5

                                        723c56f9c5698b0f49d66e7810e631f3

                                        SHA1

                                        71f401cbb967c84e48bf577716b417d6d3a2c5a4

                                        SHA256

                                        48f04e5a5f79bc8d878e44a6ad682ef48d6e7287d54a9d454772ab31956aacdf

                                        SHA512

                                        2e29b66208526f6225184d3063336f12ec4aa19dee3bddb77849ba8de4563eecda692b59c58862a86ec9485a8a7ebd3d230baa7e30ee2ebe5444c076eddf8f0b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                        Filesize

                                        72B

                                        MD5

                                        4f20573325d9b4169cdbeaaf9375018d

                                        SHA1

                                        4dd095dc67635db361ae008ebfae3423572c363d

                                        SHA256

                                        5026ee318a1365dea60266a3540a2fdf06937d99c14352928ba61373af8435a6

                                        SHA512

                                        611dfbe57c24b95bb61cca2061268446fde9d78f80be442180fcf209dda9780875c4b5923d66ac299e94ee679daad43778ae41ff584b8a927c095a1347eb1b05

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                        Filesize

                                        234KB

                                        MD5

                                        144516e3f839d77457dba00dddeca5bc

                                        SHA1

                                        e8ea787a00c8c0fe1ee3f33dac6dab885e3d61cc

                                        SHA256

                                        836e9b2021d5d2b2715020ed979439475e29b433e8213b8a09fdcefa28c18794

                                        SHA512

                                        16d91f164211ebe1213e7af90805e6a5f41dc9e4de0251a660ccec90e5a03bf59c23ffaac15068e314fbf3d3ac4b9ac488438090681fc28b855fa3d054303bc0

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                        Filesize

                                        234KB

                                        MD5

                                        3c14a40724ce7b25557ac7b0c31724a5

                                        SHA1

                                        98396e1c9bb3a69fed7773d078fc6a14658eb8b2

                                        SHA256

                                        59b57d4a07229e8eaaa9e0de112dc595bf10af323e6715241db716c04f9bd26d

                                        SHA512

                                        dd33b525d0694d2b950e295026a028bd1f512e5ac1577a8c7f21629245a7c641e043efb422874b1b7b776201309fa50f56a35c27753587fef223110d9886c826

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SatanCDD.exe.log
                                        Filesize

                                        226B

                                        MD5

                                        4ae344179932dc8e2c6fe2079f9753ef

                                        SHA1

                                        60eacc624412b1f34809780769e3b212f138ea9c

                                        SHA256

                                        3063de3898a9b34e19f8cf0beeec2b8bd6bd05896b52abd73f4703d07b8a7cd4

                                        SHA512

                                        fadfe2b83f1af8fdc50430325f69d6172d2c1e889ca3800b3b83e5535d5970c32e9a176b48563275a0630d56c96d9f88df148fd6b2d281f0fc58129e5f4dba19

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\489c6ef4-89f7-4ce9-aca1-5b3df97051a9.down_data
                                        Filesize

                                        555KB

                                        MD5

                                        5683c0028832cae4ef93ca39c8ac5029

                                        SHA1

                                        248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                        SHA256

                                        855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                        SHA512

                                        aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SNF4KQJV\www.bing[1].xml
                                        Filesize

                                        8KB

                                        MD5

                                        b13e9c863ee399c443868cfdede9f6a6

                                        SHA1

                                        8b9895c3fed0ec45bdc85fab14be9c06e7ebd380

                                        SHA256

                                        b82d9f7df964b6e0e50a2d313ae0f94cc6bcd10e88d2d8870feeaf2db47cc14a

                                        SHA512

                                        b8c14a2154f05db92dd613cfdfea9cca5e31ce73ff692c92c8fe024f166e337de1527c5271ce7f3168baa127b189c3c26cfb0e02e9e706cf99deb30684580c3f

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SNF4KQJV\www.bing[1].xml
                                        Filesize

                                        12KB

                                        MD5

                                        3d55649de124e80eb16c6220d87d3186

                                        SHA1

                                        8e75021415a3b46838e830d7f777d15f0a04a79e

                                        SHA256

                                        03e6269c81c0ddf4dfeab5d7fb47bb0d02b21b9271117f5979481bf9714ee41d

                                        SHA512

                                        7ddc5e0e405a563d034f9b8684a5521d3d6f48813d464f45c61d9dc678f053ecf8aef00cc696dc87b16b7d9aa480be98c26c997b67ac54d99d9e3574a129eecd

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SNF4KQJV\www.bing[1].xml
                                        Filesize

                                        7KB

                                        MD5

                                        b3219605afd04d430d1663a3b3908a98

                                        SHA1

                                        0e0944e53e1c0befc9da45da73b56cf470a054b9

                                        SHA256

                                        18ab52d55e8d2b7d25084a2456f4c4706147c69cd11905ecaf8aa96e8d816f08

                                        SHA512

                                        3168ef36820feed8d35cd3cdb7d47aee094bd98c9b764822ecfa56399e3f37ff33152ea65e69cd102b08a9a9b1e821718ae05155ff39d29d4ca9bb56611a9f3b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SNF4KQJV\www.bing[1].xml
                                        Filesize

                                        3KB

                                        MD5

                                        d25ea098f6a263b4512c7b9016f01b4e

                                        SHA1

                                        b450bd2c129c3461003dad7f26a31768936a4470

                                        SHA256

                                        d1103da4fd1b4bbd1afd8a5afe4c6afd84894fc3230111285585203f7a617ef3

                                        SHA512

                                        1d36d13cc2a7a0fca98d30a8fa0605239eba40c5681e7a1c2362d48cffd4d31c0d6eac33951d52314e27754a135229f236b55a7b2259872701e6505caa23d3d5

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SNF4KQJV\www.bing[1].xml
                                        Filesize

                                        8KB

                                        MD5

                                        39677d21cf8960ceb79b72338afd8ccd

                                        SHA1

                                        602a3cc65f95db0bdc8f63a81f4594e49f3fb446

                                        SHA256

                                        303f76478df9a4267f4d5e2225717d252a00add4b940b5811e8ff5bbbada016a

                                        SHA512

                                        96d27fc3ad051459752d703e25c33f18ead9a6b9f2aaa1035d34f4596b0e10945aa187dc9a64747b48b46a0a268911abc927a9b2db746b6cc1206cca9465b59f

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                        Filesize

                                        9KB

                                        MD5

                                        338cf7970a396d3b7ee815c4d8001e44

                                        SHA1

                                        88ff132017ac21346d7faef225936c93a6716214

                                        SHA256

                                        bf00cbcf4b58d5edcb79d18f72cad387ef2591afd2bb08cd378c317658fb6a9a

                                        SHA512

                                        1328e7fcbc85011d347643fe35ba8ddb26a49b53d38cc1832e786933d5d72e3ec67201b12dea2ecb634b9e3d4b1a6528a5e0d475ce0d8171a0563699d3ecd524

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                        Filesize

                                        9KB

                                        MD5

                                        d643cf35aabeda22a6ff767d70f4c1d7

                                        SHA1

                                        5276dbf5ffe7c518d770196afe28a0401709a0c9

                                        SHA256

                                        d5412c3737a8a855c99f195a9feb6866961ea75ee7a5430462a74dc4401ae3ea

                                        SHA512

                                        b1b5fad0c37526457b3947960a21a2bc4780c603acd9414c76b0cfe3d75edd7008c11a363417e51801065f0f712efcefa7058952d4c9220ef621536cd0061ac6

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir5312_1697786149\5dbb04d6-3a3e-4de3-9d03-b1a1824f4d50.tmp
                                        Filesize

                                        150KB

                                        MD5

                                        14937b985303ecce4196154a24fc369a

                                        SHA1

                                        ecfe89e11a8d08ce0c8745ff5735d5edad683730

                                        SHA256

                                        71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

                                        SHA512

                                        1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir5312_1697786149\CRX_INSTALL\_locales\en\messages.json
                                        Filesize

                                        711B

                                        MD5

                                        558659936250e03cc14b60ebf648aa09

                                        SHA1

                                        32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                        SHA256

                                        2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                        SHA512

                                        1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\SatanCDD.exe
                                        Filesize

                                        132KB

                                        MD5

                                        3c97c62c8d17b8afa1c67791b101ac1f

                                        SHA1

                                        b426fcd8a1258346949f2bcd3fdf997e93b9b3a4

                                        SHA256

                                        7edc963b7d439ffe6f659b5aaa4c511446a7fc4eb0aca7ec2010e43686807103

                                        SHA512

                                        09556f4f9e7de7e319c5be661eebcf925670fe736a84804457855eceeedfcd821091054183edc11ee7b94fa75e9f10bead2e96fd71e36d3c69614fa4b0d05094

                                        Download Submit

                                      • C:\Users\Admin\Documents\Warning.txt
                                        Filesize

                                        747B

                                        MD5

                                        0e0b48c5f86752229e1dd5dff7b9dab1

                                        SHA1

                                        97859476a3971222a50b696d40e950704e5df272

                                        SHA256

                                        92255629912994ab639f295f50d0633071940555654c88a72d1dc6d7dd52bae8

                                        SHA512

                                        565094353ee18e3a7aa87d6842889ee878f1b4a71d765ce10e7d80052b23e401ce97c01ede56c43da4864529424d8d4de96a52774b3b984bf4de4cd4dfd91bff

                                        Download Submit

                                      • memory/2336-551-0x000001A9AE440000-0x000001A9AE460000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/2336-711-0x000001A9B2320000-0x000001A9B2420000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/2336-1590-0x000001A9B1B60000-0x000001A9B1B80000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/2336-550-0x000001A9AE520000-0x000001A9AE620000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/2336-549-0x000001A9ADB40000-0x000001A9ADB60000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/2336-486-0x000001A98B560000-0x000001A98B660000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/2336-1618-0x000001A9AF060000-0x000001A9AF080000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/2336-709-0x000001A9AFED0000-0x000001A9AFEF0000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/2336-1620-0x000001A98B560000-0x000001A98B660000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/2336-1576-0x000001A9ADBA0000-0x000001A9ADCA0000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/4016-0-0x00007FFD65783000-0x00007FFD65785000-memory.dmp

                                        Filesize

                                        8KB

                                        Download

                                      • memory/4016-2-0x00007FFD65783000-0x00007FFD65785000-memory.dmp

                                        Filesize

                                        8KB

                                        Download

                                      • memory/4016-1-0x0000000000D90000-0x0000000000DB8000-memory.dmp

                                        Filesize

                                        160KB

                                        Download

                                      • memory/4428-24-0x00007FFD65780000-0x00007FFD66242000-memory.dmp

                                        Filesize

                                        10.8MB

                                        Download

                                      • memory/4428-16-0x00007FFD65780000-0x00007FFD66242000-memory.dmp

                                        Filesize

                                        10.8MB

                                        Download

                                      • memory/4428-451-0x00007FFD65780000-0x00007FFD66242000-memory.dmp

                                        Filesize

                                        10.8MB

                                        Download