6a2ef81132e27e538d59e4e49ca1bc79abf88a568c4f1099ee867a8b167962da

Resubmissions

07/05/2023, 21:46

230507-1mxjfsfh72 10

Analysis

max time kernel
119s
max time network
127s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
07/05/2023, 21:46

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

hfw0xBaK.html
Size

2KB
MD5

df74ae4f1c9b9e49871bf744653cb29c
SHA1

0ab311fb063c1e45bf7c9c638d801aa9d158d4e7
SHA256

6a2ef81132e27e538d59e4e49ca1bc79abf88a568c4f1099ee867a8b167962da
SHA512

a715e9917244099fc8f1fd7b4f7d4ba0a8021de129a5bcd930b1d21715ae56611522f399fa0321e8ee8ca45e07de20a694edcebcaf59c4d8cc4864e039778af7

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe"	NoEscape.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	NoEscape.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	NoEscape.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	NoEscape.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	NoEscape.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png"	NoEscape.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\winnt32.exe	NoEscape.exe
File opened for modification	C:\Windows\winnt32.exe	NoEscape.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133279768480833448"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2308	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 3636	3048	chrome.exe	66
PID 3048 wrote to memory of 3636	3048	chrome.exe	66
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4496	3048	chrome.exe	68
PID 3048 wrote to memory of 4680	3048	chrome.exe	69
PID 3048 wrote to memory of 4680	3048	chrome.exe	69
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72
PID 3048 wrote to memory of 1544	3048	chrome.exe	72

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\hfw0xBaK.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xac,0xd8,0x7ffea8da9758,0x7ffea8da9768,0x7ffea8da9778
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:2
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4308 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4652 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:8
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5100 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5204 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2312 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5200 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4632 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4816 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:8
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5084 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1712,i,7063184886583658047,14423082324658310734,131072 /prefetch:8
  2⤵
  PID:4104

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3028

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2b8
1⤵
PID:4932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe"
1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Windows directory
PID:4080

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3ad0055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1db52ac9-ac1a-4876-ad93-8d8ebf7b56ec.tmp

Filesize
149KB

MD5
72b632361c6e5917102f89b9507db8ce

SHA1
ad0805c4baffdf3e69dd8356293216bed6038ef2

SHA256
3fc160b257705674991e27098acec36f9159df9e6eab92d7b30a07a9a3150159

SHA512
0b88767b64d10117630c27165bbde45628be170a04c2e00d9d3216041e07a417f7756bbef4d7b35d054cce736ff26ad786ce71bf3b97e8926313b0512a8b90da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
47KB

MD5
b76305a3195a2b17053c2e38a8d957d3

SHA1
16dac0d2ba3f6f8c2056a09dd76298c75d093c24

SHA256
913f002e9c004a2a8ab88454ca408d76d15346c544593d6883b5dcf24c4aafc4

SHA512
a8153834112da8164b9d7f0f2dea038ca160cbe17769db34b1ea7527729e87ca82da0ad95290a2d44f95d020e6f57c6d1632c4aa85f4146243ef355d3727da47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
728KB

MD5
0469f93b1c77d69a83af62e14dff48c1

SHA1
c369643b6cd35f7075c6ad64368a6ea76906ac2a

SHA256
07d58cb5f6dc944bc893ee7d3c0832b930fb56674575d2574781260f8142fa6e

SHA512
4742680ff0bca44a41f7e64e336402f1e508318d6d5f2256e8581e46aa9ec95c64bbad9acadfddaf4703baead69166ab19be346d5e1e50da14c1e5b011173c35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
32KB

MD5
6623147e3400c2c5f18507216679973e

SHA1
48d117319ac326595ee527a2f171167db402698d

SHA256
e3abe48686cc19ad5584bf4b0321d1acf288d6393711c8b726ec94b52075b144

SHA512
31c68606d9836926d92a3af99176f56ec918907124afe4e7c00d35095053342afed9fe0543bd4ae2782e82e9db315d0aa3d2fedf52255a4dde23b4eef1c611b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
29d5db801b9d0ed8c33dd14775f220eb

SHA1
16c4213bb789129ca726f3a9e796d4a566540e88

SHA256
febed6d14c0a0fb0ef8926edfec45aa7b39d8d3385e99381a285f1ef11e82ebd

SHA512
0bd8a00b7eeb84490d4cfcc720c325049b2adbe3f890b8d4a635c364e7b7a9c95f04b2a69d8007c5164b5ca44e8093b5a4ef419538c92671bac0f4ad67e628b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
701B

MD5
4995f4338a5e611fb37b1a44c00e90dd

SHA1
b9455542732855cdb91ab53d98fca20afe28a043

SHA256
17132fb580d3f054b1c3c2ea58dd897eb09846b3a3fb66e4dec092ec2dc9ad62

SHA512
23ad8fa271215f3ecbafee9469620740e501291e4e2e9b54b8ee165f34aec629998ae9b2c8c482e4358ab2b38f49e56a1619b2b680bcf1952f33f2820083624a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b769c058cfc93baddad80383037b1801

SHA1
97ba0690009c16ba38a73a2b473c0a8c144a7eff

SHA256
c19bffd07ae7e71bff2887a0d5c47ed38c0b7507d32ff222f5172b177010d447

SHA512
dfd7b702e3f7b5008459df23a684f6855768f52e92c3d33aac920e68c5f8e3ad403e537dc8dfd87f1f2ebdc8adb34767e8c894da267c0d44f0dd3afcd820f931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fb4d338eec21718cee5770dae56b933d

SHA1
59eafe5361f392d85a846a3f3cfc07bdc4ae8edc

SHA256
758530d5cafb6600a2076ee5a05a56aa616ee31229b5dfd18d7c4848bc26ec94

SHA512
303919d64040eb4a85748b66621ef2a9ec4e59a57ddf7bf7ca89feb6c2d81b512304b1c2ecec44c37f52e2cfb6a06ebf2910a1757359d0d0d0217a0150cc5b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4489bf03301f0ea950e6e679b753f5df

SHA1
608dba8196453d6dac0ebb10b2293ce78b6bf58e

SHA256
a0db2e1ada1771d3b65c3ab0958e47e5a4ec23667bd0b80e343d25f8b9de302e

SHA512
a821c12328e47856bd52d50e4bdb516c83be01976632b1d4dfb6b2500711244920391017b417bc6514e2f6af9bb6a17bc5f6272069b1a3718983387197689046

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
218ae46fb566fdded4f815da2c61945a

SHA1
2124d65ec287ab21ad3bc792ff470a4405d09293

SHA256
1e9f392a31fbaef8c7788d26e4a39e6a154bca03d56a5523e91cdc9a75e4858a

SHA512
93d30acda0394d2342fc7c8328945c122da068650e49fff4284cbcff2a8ea3cd06b2852c800ead9e6b6eb4473d52afc3e70e7866ce608f30963cd7eea4626d45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c7d5b623e0deecd3e2e85bd05a0b86fd

SHA1
af4c35ba87efd094fb5d1fdf7d61cd9b28256670

SHA256
de059102eee9a367d1d05a2d2597f221985aa08421ca5cfc34f94c867e27836f

SHA512
68fb3af556c7df5472294bf65f5a34bb615aa54a684dc1d6c70385fda4b389ba1da236ab6be1afe5c1c03480b7c2bba69276db50f1da4ebbbe87206350f78879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
47145d98d72ed23a2361eb4929d5e122

SHA1
bd8ec42d0a68c58bb930839b716ccb0f29139ee5

SHA256
5b0a9d9d5bdcb75e726adb7f05909bcce91f3b7bb2b0dac63bff94605147f46d

SHA512
4a204f958d917ea5d64939d8c25f7a02b173ea6b35e13420ca0a4da0a906c7e7064e092b05820062cf3e6b8723523796843fed009cd3a9bd1e5f84f493c7eabb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f9a44a648cafa462a6adefa18dbb2542

SHA1
59c797ccab648364e5742822089a125e71fcb40e

SHA256
7490f8494a35675100ea67de01e45e036398062752b5233e625b21c7adca9ed0

SHA512
1e58beb521c700dbf412d004927a50735fa1d2347d4bed6a1d482bb789c67e81d3de7975feca393dfbfa386a97f316f033cf91c267a59b5d1f7243dbb92c09d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a4490817-7b52-4612-ba09-0b628d5c15dc\index-dir\the-real-index

Filesize
624B

MD5
2d76d01982293772f131de25f39824ea

SHA1
e5ef6d84d9f717932065828203f959c72de1af52

SHA256
4b938cc76e74eff06405252b1a693c550eb177b2f4cf387576587dfe424bcd03

SHA512
23ca8055aa753a12983abbabe840b8d13560d0f6e316e0b5194a1c5174512987e653fb7fb8b5bde6116d4e62c60d2798a8e986c8df0c8e90d6ac2a9df7abcd26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a4490817-7b52-4612-ba09-0b628d5c15dc\index-dir\the-real-index~RFe583c58.TMP

Filesize
48B

MD5
78f96ce1f7f4f24b0e0780b620e2b0ab

SHA1
98cb52ffc50d3d168ea7f4d2557792b91dcb0857

SHA256
2037fd740fa8d4e7646acdcd465ad6c249520df99f3694f5017daf18f019a30a

SHA512
e3ef935557605440fc556072c5a034e99ff3d407a84a1480b8430b846c5ca92b53877ddccf7e03206239a0aad891597c345d15a9adc1f2ada085c1f517ff8fcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
83a60990cf79689a01a6fa06e9f0b3b0

SHA1
dea1bb2cf2be1928b015b759a3cdabe779c5fcb4

SHA256
184a0c732439c01f96ad1b497d2021b1727c5abc05e1816a268f4aef0bb88dfc

SHA512
b899f078d99e7a610765db71520b6e79e9481afeab4e72dc3ea22815239c097ed442ef81c0e62bea6cbfe90eb4228fec53c885b9a5781f90daa20567e9d27cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
55f2b37fc65a70d7b3e2957b401a36df

SHA1
d12119d2be133fad80d4c5ac4e866f612f4b97d3

SHA256
013bec59f4940722b8be2cd26e97eef48247dea12422d65b4b651908c053ac62

SHA512
7ff744695158e9241d6740e3e4b9d8a40f5f7671609bd4dc3d9080a02ee6a02997e0b8fbf3b0ece2ee736c4a3c0ccb59b52d43baa525bb16c2c76cae3c8f5c3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
f0bbd0e6caec98a86bd795003c5a3990

SHA1
e3729f3791af27f4bd22f379dae3f3451ec66943

SHA256
5a455fb231b0a982e1e99212fc58dbf40a47383e328dbb5c64d8d8e2b026fea0

SHA512
3d7b567950555d7a8292779ff5e82a70756be0ea727b85c3d0033053e606d0b0996303a7dd424cbbff650cec8c12f14fad953390aaed88c4c81ba48e68120ac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57a42f.TMP

Filesize
120B

MD5
f8cdf2ccc122fc2031ed89caf8e2b9fa

SHA1
d9d84035d65aae0999c7c1cced72a3825d296d77

SHA256
537ac6bbda5ebf9c432400b790884f9ada4edd24e12acacfc82797a60b753b7a

SHA512
3286ee51b7c8238b6c2b01bb3905c9f20683add65fab6bdcad28281811dbf3ed36226d6ffdde7a59d45b9e1aa83025adb0d396577049f51e4fe8711419855000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1c05b4f122f6aebaa27f2f503f1003d4

SHA1
698b87b4139fcee7a2433321d8e4d90ad0fdd8ce

SHA256
effd02bc08eb52c8921e6d996b865624d721007f1d0c1244d030f06792442bb9

SHA512
0fdd9cd66f3a2316f5a752cfab25440759a2c36eeb8f78ef33331f57385b358959ef32eefc5feb2ef13f616955a6822730c2a3c8c62401ceb6634941ab82b9a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5821cb.TMP

Filesize
48B

MD5
a9fa32a2069a8ef4b26af04ade38d95f

SHA1
1a14c3787667a920201b49e43d60e5523e8e4aca

SHA256
347dc581e3f484a33714b00b8c5e6b8c616415421de596df3db31c65293ec4c7

SHA512
638498248928bc155d2a0c05d6e66a220434239402936c189b8c66b49ad154e3e3605fe115c86bddec256c95e50cee54baaea1beae64eb08924d01c8d2d2aaaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3048_1450235175\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
77b185780bd92fe18f8d382139877893

SHA1
9bd9a7f9c1b8a9c8e9da1fc1904378599c84acaf

SHA256
c7cb1b91445b82be40340abc3f751411231d54f1034d7324474ec8fbdc2f7763

SHA512
75bbd70151c5bffe76c50a32c8c476959fea6eb995c704ea93937a7a22bd760945ba6adb885bb6f0296d7a5016d4d1124441f74fd3d3fdde0588bea2b91fa7dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
9d2320b25071cfc6037dd31cd64ee52d

SHA1
10a39b37bbdca613e3ae2b4e5c86bcf8c78ebcc4

SHA256
d45aa878f9d170bbfd7e8604c49af4ff95ff2122a9173401b2dc55d132156e2a

SHA512
9b98dac0a1e22de470d1204d7fea5572cb6d7b3fd9aa38fb7605b3c115ab1b14feefc816e1425a670ed3c1549691b7810b131b47fe1bd0a79e86c8c90fe9d920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
3b5d6802f0e062eac5ee074405c95610

SHA1
c91b0ca3eef136750ea6daed8b6bdd379ce83485

SHA256
d8de16970356921af7add2335c0de70835891c6ef133ec5e5e9f49d37329c776

SHA512
d749d8f8970f671b002be74f30f8cedad3f75e68d825bc865105208392ec348dda03a77225cd3567d71ca4c9d3a923df1e277365f2fc3f5f120963cf85164a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
9ee3c92eac809faabaecb4b8acc26348

SHA1
00ab2ed1ecdcfdbc094a9c5e749fe8131329a715

SHA256
d9c08264feb47f6bdabf8ebd73ae255a205cebe9805d3edbc430b2d3e556edcb

SHA512
ad8ab0e449af71d1963be10ef690e7726929df3786e72e45575be080b85390cb92e830f6635985db2b87caece882c57ee4362bdc29fcf19511a93de61dd4f824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5836f9.TMP

Filesize
94KB

MD5
57f2f57c4a9894b0eecb916a1b6ad3fa

SHA1
f214ef0f4caf5227256d2cc0d5a866a26f6400e0

SHA256
223aae7e6e90452c1f57f9b74156a974bc9501827ace50bc806e051b3ed13ea2

SHA512
cf1d603b0775edc6bbeba12a5add9c45ec8611c87826be4bd7a89000e96e48acf1bade9f94cfdd1e13ccd8577c276a25fc3586981823996fed83207643b9fd63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\NoEscape.zip

Filesize
616KB

MD5
ef4fdf65fc90bfda8d1d2ae6d20aff60

SHA1
9431227836440c78f12bfb2cb3247d59f4d4640b

SHA256
47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

SHA512
6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

Download Submit
C:\Users\Public\Desktop\⋦ᣈይ╕⏋្؃᯸ᧃᯮᄐ╍࿜ᅏỄ⠬╕ᜌे₸⡀ⲥᮩ

Filesize
666B

MD5
e49f0a8effa6380b4518a8064f6d240b

SHA1
ba62ffe370e186b7f980922067ac68613521bd51

SHA256
8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

SHA512
de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

Download Submit
memory/4080-694-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4080-870-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads