47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

Analysis

max time kernel
180s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-04-2023 10:58

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

NoEscape.zip
Size

616KB
MD5

ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1

9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256

47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512

6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9
SSDEEP

12288:1PQuO1JLx2auoA82iqOxdOc7XPkmpOw6mqc5m937hnTMktj1H:1PVqJx2auYqw7dOw6mql3nNBd

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe"	NoEscape.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	NoEscape.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	NoEscape.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	NoEscape.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	NoEscape.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png"	NoEscape.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\winnt32.exe	NoEscape.exe
File opened for modification	C:\Windows\winnt32.exe	NoEscape.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "15"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133249140467829657"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
4772	msedge.exe
4772	msedge.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1308	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 4804	4772	msedge.exe	95
PID 4772 wrote to memory of 4804	4772	msedge.exe	95
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 1844	4772	msedge.exe	97
PID 4772 wrote to memory of 2708	4772	msedge.exe	96
PID 4772 wrote to memory of 2708	4772	msedge.exe	96
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98
PID 4772 wrote to memory of 3732	4772	msedge.exe	98

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\NoEscape.zip
1⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://temp/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9661f46f8,0x7ff9661f4708,0x7ff9661f4718
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17504625634596918788,4659621791463916446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17504625634596918788,4659621791463916446,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17504625634596918788,4659621791463916446,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17504625634596918788,4659621791463916446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17504625634596918788,4659621791463916446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17504625634596918788,4659621791463916446,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17504625634596918788,4659621791463916446,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff968bf9758,0x7ff968bf9768,0x7ff968bf9778
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1896,i,12517905070221078928,17817450579317658681,131072 /prefetch:2
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1896,i,12517905070221078928,17817450579317658681,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1896,i,12517905070221078928,17817450579317658681,131072 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1896,i,12517905070221078928,17817450579317658681,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1824 --field-trial-handle=1896,i,12517905070221078928,17817450579317658681,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1896,i,12517905070221078928,17817450579317658681,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1896,i,12517905070221078928,17817450579317658681,131072 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1896,i,12517905070221078928,17817450579317658681,131072 /prefetch:8
  2⤵
  PID:1968

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff968bf9758,0x7ff968bf9768,0x7ff968bf9778
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2008 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5300 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3832 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3376 --field-trial-handle=2384,i,11839985436477267929,4936671168836109773,131072 /prefetch:1
  2⤵
  PID:3912

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:532

C:\Users\Admin\Desktop\NoEscape.exe
"C:\Users\Admin\Desktop\NoEscape.exe"
1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Windows directory
PID:2368

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3947855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Winlogon Helper DLL

T1004

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\45ecaf79-a59b-4e3e-b20d-ffe350ae9b46.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
da09ff86b968d8b152cd6f093312e3d6

SHA1
da54ba4fc518d2baa37361291101b833a785774b

SHA256
b3c0f42524567b05181fd47994131f028de683d763f0645dcaca11b17369f0cc

SHA512
027a7b5cd9f7f71c357890ec9a04c68b744653f4199612a326eaeec75b9d9888eef338ad050fa48ea96e28b298aed6bd8fd880fc6ed7c265601421617d247ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
c726414894ed44aee83116630777de98

SHA1
068a1a6a92b47aa869a01220e22317a9c180504d

SHA256
f683c33a7e3c3c3c984741c36577ec7df1bc76176c29d428e7818d83ead309cf

SHA512
646b4e283d33f4f2784edd11adec8b8ae99908b795514a676ef03accba59d2d59662599138ff89f005a8106710cf18aae16ebed62222db18b9f8782b662a59cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
b880d140f5d07f709fb7fb177af24353

SHA1
9bcc49309076cad2783236482c632e530119bc03

SHA256
286713b3e4eec255dc2aefc16afec3c978829acda5996f015c3827192f2d9783

SHA512
f277010f8d5ecb823e9d4a7ba593d93ee9eddb999ae5bf5db4e3e456e62682c98f2a6c7266972770d565182021035a8ad9aa912b9c95d864990eba9fc5708d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
8e9b2745e51806d910d44264d65a9cce

SHA1
c16072d4a66165133f99643b9e30c3830406ceb8

SHA256
3504381f76bdbde7b3d4a44842c11aee10b41dfdd818e52980f9210b027dc17a

SHA512
b23dff2d6cd9697f7e583451a3102039b3d6d56782fa77042ee479075f67595fd9168c6667587333113fcbe6403c96c0a49e749a09b8745be3a78d9a5912fbff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ceaddfd5f51b6276f833008909dcec03

SHA1
5cd93acaf7b081bc333b8059a7f8a6e674a5feac

SHA256
7b985c511437140d50bdabf68cecafeb531ecf6b6f535239dcf49ea6a63d0990

SHA512
396d2f2c9077ca1592af3f6e576fb1ad010f288cbd74938ef577e1613e46fe1070f8150babdfdd9ec9f5d309410a5b44cef7709d27f2b16a03f977d77cace1c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
05ffb1bb89c88fedf393909c01340ebd

SHA1
4d874c1ab0653fa83e756a15680131cb48aaeb98

SHA256
535c3e4775e76ea9b0c852ba4f87269b9e684aff23ac531b50f9fcddfe14504f

SHA512
5744ea2c2ab499c85adb855031ae3c95d9eb3b262fa923364d30fa2d05ca766cc33588fba9c90e9f633a9a353b84d6bc2df1814ce64bc0c537b1a982ee3e7889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
2c92019b044e195d79fcd7a028456422

SHA1
9608a76596583512fb0a1980356f1e9719249f86

SHA256
02a4ab71584f49ab573b3d888aa8f76d093618507a834394c0c1161aec3d246f

SHA512
14df3867975171e9b65cd9b98dc185006afcf05ea2acb079be5748de052dcc2ca566bb52f14705c8bd1188fdfbdf502b41973b5e45558b7f94167f58a9b4fcb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
52b6731deffe4e610bdde92df0f48e2c

SHA1
4181ad882480f86ff22bcac1097b9146c1fea41f

SHA256
32f171194e5e800580909681125bd748a257f81ca52d71e45d4772f3a9bd4083

SHA512
317c62a3b9609c7f19eb5c1a74d6ed44d5577bd26d258e78e2013c6a1ebe3f8bd7bf5d259542c5d2b1cbdc6255f91daa569b7392b80d66d6dae112559f300355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
778B

MD5
452b5a4d85defc6e1cee6bf38e95b9c2

SHA1
40e492db32edfc2c249f947348d6173ecb4b5807

SHA256
d700c253b0b9fe4d6369e0312f70fd547f0bcd4174fe6b6524e4767c98c32748

SHA512
9f78be5758aa0d739f58c191c5cea2001cc6e7cacd85c49c0f536fab3ababfeedc9bc1dcc64c445847997a7d56bd7d982de2687e8921de693194e21220022664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
778B

MD5
452b5a4d85defc6e1cee6bf38e95b9c2

SHA1
40e492db32edfc2c249f947348d6173ecb4b5807

SHA256
d700c253b0b9fe4d6369e0312f70fd547f0bcd4174fe6b6524e4767c98c32748

SHA512
9f78be5758aa0d739f58c191c5cea2001cc6e7cacd85c49c0f536fab3ababfeedc9bc1dcc64c445847997a7d56bd7d982de2687e8921de693194e21220022664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6e48ebdf55d22a57814228c498565f20

SHA1
eca7170fdaf91ee99a811784ff0bf6ef1ca112ea

SHA256
4444c1c9471048db2c98a3c82411c8c89daac371ba5dbe3a23575e351a67b8a9

SHA512
95894ea266793a17a667a0466c92be32eb576c1aa800fc689e68ee201309b372a28420683fc44ab7577a6c9b9dc7b1e8b532a1e505f6de8343b059acf519b794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6e48ebdf55d22a57814228c498565f20

SHA1
eca7170fdaf91ee99a811784ff0bf6ef1ca112ea

SHA256
4444c1c9471048db2c98a3c82411c8c89daac371ba5dbe3a23575e351a67b8a9

SHA512
95894ea266793a17a667a0466c92be32eb576c1aa800fc689e68ee201309b372a28420683fc44ab7577a6c9b9dc7b1e8b532a1e505f6de8343b059acf519b794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
73512ba54ec56dbca47366641a33a3c6

SHA1
08d0b236124bb7d0e3c8476c0d7f1f1c49b2f896

SHA256
b0c50cfe38a415e7e39d9d2c4a629d1923dd0ac43e5ba8908ffeec52affb6ae6

SHA512
76e2ee17a8341c3dd9c6e4bf5bd56ae8a2cd57fd6674b55adea7854348a1e298c44e2520e970999f1ec9c3b160af30035e0e348f46ae81b334fc7b9826cef14f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
690746a71eeb5234135b71fd1358c465

SHA1
762c5d5b6f69b6e240ed22fa277f5c06996cb905

SHA256
c0e0c6d2a116db5b121435825674db7d31fd94d6563a44921500cbf736b56972

SHA512
6ade6980e62356112d8a68a2b9a547b8065292a15f1d48e9a2f2b8709a512f7564c74f4e7cc8f08906ccda65992b36c8d3becfb803b9e094b30f8a7b07315ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b5e0fc45be2131ca58ac5046900e3fdc

SHA1
d0b62475bf1998df298f082167e49c3ed47114ba

SHA256
d67a795f503500231b4218dc1365f01793b9783521c956a6a543c84e2a8ced2a

SHA512
196bff359d4b5a6dc4e34a778b4313ac9cd3c053d20d99db58ef6bc776105626d619d254560c6bc71fd872c91917203ba376bbb61215f156ab894976e10e4d52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e4fc3a4cb63deb27e51c47aa328a09c8

SHA1
e296cb3b92fc89a1605aed5e72489ea222bb33a8

SHA256
54e935cc823630e0d5eb29e20f390c977848418ef6775641d5dc01977c081842

SHA512
7bfbd7721ec88ddc497d8a48d283e84a8055522d55572aeb2ae354187df6d7196b2191fd728eab726567d501a8749362b4e7aaf4106c5bc68edac57bef45da04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e4fc3a4cb63deb27e51c47aa328a09c8

SHA1
e296cb3b92fc89a1605aed5e72489ea222bb33a8

SHA256
54e935cc823630e0d5eb29e20f390c977848418ef6775641d5dc01977c081842

SHA512
7bfbd7721ec88ddc497d8a48d283e84a8055522d55572aeb2ae354187df6d7196b2191fd728eab726567d501a8749362b4e7aaf4106c5bc68edac57bef45da04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b26a97c572039ab42b1a5c539f94e60c

SHA1
74b4701c10925735a46285049666a630d2439bc5

SHA256
24bc06cb39420e3eaa34f9777a884e7b2ec8788c0775b69b661cdc2dae2974a7

SHA512
4fe464c9e595478d68297950184d7d80a63584be8e107fac915d2b027d317cbf6db4e30fea0ed30d252059e563b06217d43928188637c2d0fb03dc9926ecce2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
96f3e6c84fb7595c6b0db76f8383ef2b

SHA1
5e17923fa39368440fd51f8bdf7464d037bf28d3

SHA256
889f1d71d6f132b041469190238aff902761b387bf6e4812e11980b8a1c8fac4

SHA512
be9563dba353f35b63b901facbb2271ac9c3aa2c9762dc182e83d5c0a7df2e3242496b4526e0be635e272db58b547e765d36d13dfb3f64cb46ca0d3d14296b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
51d226809c687ef48c1e0c67d585470a

SHA1
60564f8f2f213490f53d1ff1de28eaa8fcec7d18

SHA256
9a132906a812c7533035571b1fd585898e860d3277905fd5956b5ad2358d6634

SHA512
607ae3d12517de73eb692a8e582aa8fab66bc5038a48c9ff728c4ac370b810b0cebe2bd05637eb8d584070e75c52e669952785347231594a0c481fb8f7c9abbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d5632e22c501d8a76580a8623e1abbc6

SHA1
374dfe4faab3d243b31f32c3c551225e401a5681

SHA256
4e3e681467793fa02dc747373a01ca3adf825356e80b971dfeaf1b861dc27fa1

SHA512
a7e415d937a02da9a67880c01415425eb763eb83bf5b995a0ea3112d47e36ce3c9b30698a85e6691d3de903bcec82044fbd0efaaf61bd1943b243d5eec4ed4bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587441.TMP

Filesize
120B

MD5
2e34770ba5cc9a63926b74a9ffc1a032

SHA1
8ebab9b29706a6ef34f5455aabe246f9f424bc4f

SHA256
9a2701ce624e7271ce4afc3710f3f129c3ecd0354a8d8dea57d2b7b4c5af831f

SHA512
39c0dec942120c187ee5cebfdf48dfc8da317496ceaf8a1e089977098b7498ae3b4e07322064fb11371c5b994245c128b70a04fd6b164cb966bca6b3008b63e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
12bedf688a18270151d9c7e18b923510

SHA1
999002e31245509a1bf989bc7560f42c4c1f5e80

SHA256
18883f13cbac6786ef57be35d72ec950e9a386dad7b8cd33d2e4d901859142be

SHA512
d817a60421d82e089331522ee03442c5f48dc21a259396337a8c83c05586803ebff50d60a4e335717299422d511790235de530fabbec2b6783d5ab52b6720da0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13324914026561193

Filesize
4KB

MD5
15749a3338db9112fd929d7b6fc5a410

SHA1
e017a8773d37410cc89266fdf06dfc70c4dc21b9

SHA256
bde6c5ef654ebdd596d16288696bf219f4530031efad648cfce648d0ebaa2b9f

SHA512
b6f32d22ebd9e6d5524c8d4cd7d833293ccc529243b8d1029a6507c9320bbda49916916f9ed06eb0a233ceb284da78d5f80b854f9d8ea4b0f9716989318f92bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
f48bf9239e37cfe759d9cdb167752c06

SHA1
a54ed5434ec67892eabbdde9effea8abfa9e7803

SHA256
1d77f9cd2200c7bca49a7c391419049b30afb2ba71c918f63adfd2b97a61d1bf

SHA512
b49fdfc1434c04479f1bf599af23ee6b45e26f290338eeac8806f681c69eb633ca6328460ceea64ead8a99f748fc3aa114c5cd533d88fec8da90fa1ee68720a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
19ae40f073cb5d000449a18751050bf8

SHA1
c1486ea23accad94ed2fd31bf73f23827aa7c072

SHA256
83f65b802d1162dd2f195954084a7af2ba47304d5ec50938aa74b75dd4d401e2

SHA512
e2d41f6d9f244de39d6eb023c218a09b0c8074df19ff4bb048db693da50d3f36a5141de55e34e516d83b80be8ec62e34c74c468dd43edb14c841a0197c936f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
57B

MD5
41c7d1373de8e7bd508c548a70910e51

SHA1
f919499049571c75c7eb73fdaaa5198e6dd641b6

SHA256
99c59cbe7db56d56a286485635e4467004641c6275e708887dd35728eb05109a

SHA512
c30cb4ea2478fd816b4a160626b08cb63d2b9dc50eab694607d44d05117e6af8dd707bf4e14cf001cf69007a654ade55149a61ed07f9de6a9a2edcb51afa0773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
e7f2877b96db9d7652b39000d4b99144

SHA1
fd06913f1c8b48057f71297631106fae3e7218ec

SHA256
cdc40659f2d8e4544b19e3cc464b02e62d5d1d3e6f28a7afff07c9c9a09bbdd1

SHA512
e7dccadc3f96c2cdb921879fc3cea67022335b310689e256074c85e6bb385cdfa42977232a9bee2ae9a7bc0e8416a75f172b814f6db5b82d5bf421faf54ad886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
252B

MD5
548b88009c391c755cf4489e91db2076

SHA1
8e85c6dd4adb412ec357a78cc3717edc19bba1f4

SHA256
09924217836b8263b510fd56557c93a527a493d9661b7df2c353a85684cdcb87

SHA512
730e5dda9d2664c21f5915dcf6d654b93d7dfce6e1d31926209cc7957e44854f0b5562dbe449be435ff8e29c04cb93344f06377ceecc31ea9259869478c3dc75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
8788929eedebdb78e0e2fc1c92333f70

SHA1
1067b96e19f24f108e22a895325032f0f990b0c3

SHA256
07c0aa9ffaa3b87baf7d4b641955ff8c7506435a2f55cfaf095d15bd9e3b59a6

SHA512
f494e7065b81d4f849e78cfc2a0c87622adc0e88a74e95e1436cf5411c8f4f85258d6792909c83d76e46ab9919ad96c06b4b5b43b56c795b77e3927595acf95e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
fc890119572935e2bd4c7cd757f83881

SHA1
43459caac5e5210ba60d1c8e2d58d128df3e9062

SHA256
1a2be445807ea2b2446f914c57ba351f0c33bca079915f3a76e5130e09835fd2

SHA512
efb88f7d60c5d02cf9e467a928057f6538d03720e0cf01e5a4170e8ce6b4e4fb6ddb38e91625396d1f4f7d012bf118d7100cbe6b12bbfa19208c81a1d0a847d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
6710b15454dd6b6e55961f0d4c82c85e

SHA1
5553301a4c4ea2652f0fa2954a256db38c08a3fa

SHA256
e04cd75aee08422475fa7a6da583215feea78c5eebcdcee705a9364452462a01

SHA512
daadbbc2cea8cc109e04b64cbdbb636115393d5c7a63d81a6873e47b4a3105ce22e96935452d154d45b5859356736f662c8ba7881f679bab5c7a4e7efb1f3a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
bc099d86b3c1a4abe2bfb041b05c00bf

SHA1
415ba9029c8958fc08d282bed04f8f95697ba613

SHA256
78915556802e382d71715e422b6f53ecfafb6d9bfad3bdedb057ac4764bad806

SHA512
88aad39117a43d75271c28e5c71623195c051fdab225ced7642dc602c5481cf625cb58ecdf6008c0ad0c7f6551c320d611166e034333f7d9f3d07ebc874ffe98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
6710b15454dd6b6e55961f0d4c82c85e

SHA1
5553301a4c4ea2652f0fa2954a256db38c08a3fa

SHA256
e04cd75aee08422475fa7a6da583215feea78c5eebcdcee705a9364452462a01

SHA512
daadbbc2cea8cc109e04b64cbdbb636115393d5c7a63d81a6873e47b4a3105ce22e96935452d154d45b5859356736f662c8ba7881f679bab5c7a4e7efb1f3a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
95ab585d57004ab7a212dff98608028f

SHA1
b0bea5a8a1284baded873be5b7c0bc2347b2692e

SHA256
4753aa4552fc381efbf7223320e9bfd1d4712aa2b44e5ce039db9cb4bceb11ab

SHA512
7fa39368e62895599448d0d0f82bafbccf391fd18c827da20f64e1379ef94ee990128d5ef2e2d6efd4dcb2b97e4daa4eaadacddb985294905dd2c38380624e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\21b131e5-e69b-46f0-8bb4-1701e60540a8.tmp

Filesize
9KB

MD5
5ddd64cf7afcee968c2362a6378f9e5a

SHA1
52cfad7f796d6840428cd81abdc3ad7eba55b0d2

SHA256
e315eac48734ab8f1ed6b0c9999e8d3e72d127ba0d9945a1ad17e855c0314ea0

SHA512
e02ced3f36a47ceda678e6db75a56f40788fb7c3f4a69c743bc68114332e2f21e53b999d209cdd572f6f3d67601879ef0878a20e425ccde68af5407b8159a540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
1663ee1068e7e47c308515c2a4ce7ec6

SHA1
9e80b44de6eb13de893e983e10c06e6b66c3d731

SHA256
68d0994088f0357205da5c29e160c296c8828e5bc039f8c11fd032eab07ec413

SHA512
eee1e6cc531cf20251147ca46ce5354be0d419640d7e86f86f1bbcee95f363ffa1226089531ac586769da7bd34c8b7da080fec12fc2e4dc860b3e84f015d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
5dc3ec513893685097ad4705a5413415

SHA1
10597ab4edfe50d402ea4de713494f4ea83c25ac

SHA256
35a86079b23d6c40d9e5eeebef3f3332a184287ca80b194636167a71b212514c

SHA512
d80c2e26f024bb51278efa1302c0d5d4a171f7ea0c0bd6589fe7747746c080fde987f57ba8f37134ddec71a35018b1745ad297ad7cc8bee914b74a8428487170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
176697f76190bfed4307856fc6206f86

SHA1
0f6cfe23e7ea342a82248aad1d67a926e94d2fc7

SHA256
ad4dda6b4e2d39a197b6c9ccb4f1af5a4e0b4d53d2b96a43b35fee54fc1160e2

SHA512
6b06c2db8c5a4378ea8da851220815cac39fd25ede107086bfaec3664c010c6bd0c40e71e7a4262527baed7a756aefa98cca3686496d0b4027e7d4c4065c126f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
4afd61e69646be8c2c55666363833c30

SHA1
ff6bc6be22679621236be49ec785ac556b727497

SHA256
24d6b14da823f08f8f024ce4dc9e7813841393d44c35bd52534816fe46e6ffc6

SHA512
940d4f9fb51d227dc233ad749de20f12c9a6787f35ade8f1342dd2c4997968949e63a1cba5b612f5af66aadbcd5ccb6c031a6761740a19cbeaf443be1ed71ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Public\Desktop\ⴐ⧜⹏⨔ⴁᲈṏ⬞ᐘ᭔⢋࿙ᑳ◃Ⱗ┏࡞⟚ፄ᭢

Filesize
666B

MD5
e49f0a8effa6380b4518a8064f6d240b

SHA1
ba62ffe370e186b7f980922067ac68613521bd51

SHA256
8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

SHA512
de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

Download Submit
memory/2368-810-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/2368-986-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads