e9eef6033b6923bdbb598211bb984e5ec980189bc737f8424e118f1274917041

Resubmissions

01/07/2023, 10:41

230701-mreybagf83 3

01/07/2023, 10:38

230701-mpsfmagf76 3

01/07/2023, 10:34

230701-mml6tshg8w 10

Analysis

max time kernel
170s
max time network
172s
platform
windows10-1703_x64
resource
win10-20230621-en
resource tags

arch:x64arch:x86image:win10-20230621-enlocale:en-usos:windows10-1703-x64system
submitted
01/07/2023, 10:34

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Monogram-YC-Logo-Design-by-Greenlines-Studios.jpg
Size

76KB
MD5

fcbe6ecf5fa25564adcc5a3694e6c492
SHA1

d04ff259ef996fb6b89f7f906b882c82854a9079
SHA256

e9eef6033b6923bdbb598211bb984e5ec980189bc737f8424e118f1274917041
SHA512

9203d849315190e9d259957181ba9c4f99cc8c99e241837e880e84c7a3be0e9c4872d5a86f1160b3d0affbbdfb5cd5142112de4616bc90bf39d682d2871f025a
SSDEEP

768:iMkobGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGqDO+ZP/pj2WoUlaFF:lMq+Z3pj2WllaFgbLrdlHwxEmqjBc3

Score

10^/10

evasion persistence ransomware trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\launch.exe"	reg.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3592352177-2971570228-3741369827-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	reg.exe

Sets file to hidden 1 TTPs 2 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1158

pid	Process
684	attrib.exe
60	attrib.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3592352177-2971570228-3741369827-1000\Control Panel\Desktop\wallpaper = "C:\\hello.jpg"	reg.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\msg.exe	No Escape.exe
File created	C:\Program Files (x86)\mypc.exe	No Escape.exe
File created	C:\Program Files (x86)\shaking.exe	No Escape.exe
File created	C:\Program Files (x86)\	No Escape.exe
File opened for modification	C:\Program Files (x86)\	No Escape.exe
File created	C:\Program Files (x86)\erode.exe	No Escape.exe
File created	C:\Program Files (x86)\hello.bat	No Escape.exe
File created	C:\Program Files (x86)\launch.exe	No Escape.exe
File created	C:\Program Files (x86)\mover.exe	No Escape.exe
File created	C:\Program Files (x86)\date.txt	No Escape.exe
File created	C:\Program Files (x86)\hello.jpg	No Escape.exe
File created	C:\Program Files (x86)\hello.reg	No Escape.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133326813496211047"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3592352177-2971570228-3741369827-1000_Classes\Local Settings	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
1824	reg.exe

Runs .reg file with regedit 1 IoCs

pid	Process
2692	regedit.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
3204	chrome.exe
3204	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: 33	5036	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5036	AUDIODG.EXE
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe
Token: SeShutdownPrivilege	4648	chrome.exe
Token: SeCreatePagefilePrivilege	4648	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe
4648	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
224	No Escape.exe
5076	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 2128	4648	chrome.exe	69
PID 4648 wrote to memory of 2128	4648	chrome.exe	69
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 2720	4648	chrome.exe	72
PID 4648 wrote to memory of 4556	4648	chrome.exe	71
PID 4648 wrote to memory of 4556	4648	chrome.exe	71
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73
PID 4648 wrote to memory of 1956	4648	chrome.exe	73

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1158

pid	Process
60	attrib.exe
684	attrib.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Monogram-YC-Logo-Design-by-Greenlines-Studios.jpg
1⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd6f069758,0x7ffd6f069768,0x7ffd6f069778
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:2
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4412 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:772
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff734de7688,0x7ff734de7698,0x7ff734de76a8
    3⤵
    PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3684 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3232 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4936 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4500 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3316 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4376 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4632 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5516 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5532 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5852 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5704 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4396 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6048 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6160 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6492 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1504 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5724 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6116 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6456 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5620 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=1060 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5524 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6920 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7080 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1760,i,2984880182049326178,6800918147418686434,131072 /prefetch:8
  2⤵
  PID:4356

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x34c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Temp1_NO-ESCAPE-main.zip\NO-ESCAPE-main\No Escape.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_NO-ESCAPE-main.zip\NO-ESCAPE-main\No Escape.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:224
- C:\Windows\System32\wscript.exe
  "C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\D414.tmp\D425.tmp\D426.vbs //Nologo
  2⤵
  PID:3376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\hello.bat" "
    3⤵
    PID:4404
  - - C:\Windows\system32\attrib.exe
      attrib +s +h C:\msg.exe
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:60
  - - C:\Windows\system32\attrib.exe
      attrib +s +h C:\launch.exe
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:684
  - - C:\Windows\regedit.exe
      regedit /s hello.reg
      4⤵
      Runs .reg file with regedit
      PID:2692
  - - C:\Windows\system32\reg.exe
      reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System /v DisableLogonBackgroundImage /t REG_DWORD /d 1
      4⤵
      PID:1224
  - - C:\Windows\system32\reg.exe
      reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /t REG_SZ /d C:\Windows\system32\userinit.exe,C:\launch.exe /f
      4⤵
      Modifies WinLogon for persistence
      PID:4332
  - - C:\Windows\system32\reg.exe
      reg add "HKEY_CURRENT_USER\control panel\desktop" /v wallpaper /t REG_SZ /d C:\hello.jpg /f
      4⤵
      Sets desktop wallpaper using registry
      PID:4756
  - - C:\Windows\system32\reg.exe
      reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop /v NoChangingWallPaper /t REG_DWORD /d 1
      4⤵
      PID:4492
  - - C:\Windows\system32\reg.exe
      reg ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
      4⤵
      UAC bypass
      PID:3844
  - - C:\Windows\system32\reg.exe
      reg add HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 2
      4⤵
      PID:396
  - - C:\Windows\system32\reg.exe
      REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f
      4⤵
      Disables RegEdit via registry modification
      Modifies registry key
      PID:1824
  - - C:\Windows\system32\net.exe
      net user Admin death
      4⤵
      PID:992
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user Admin death
        5⤵
        
        PID:1584
  - - C:\Windows\system32\shutdown.exe
      shutdown /t 0 /r
      4⤵
      PID:2636

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3ad6855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5076

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Winlogon Helper DLL

T1004

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Hidden Files and Directories

T1158

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\date.txt

Filesize
120B

MD5
255a8e245b6ad378558b90cbe3dbc3d0

SHA1
6eb73f9f2034c113a2a6b1aab9a440a21928cfc2

SHA256
d3195bde888f9b8a71f2eb840222f1586b652d0ede9f39841a180ead03633ca9

SHA512
67e03d7bffa0dec32535b6da46d5b7f38d94a7c9a231aa2fa625b81485d41c1ecac95b08fe5b7a605fcfe1c7e37c55ee716c9045df90ea6e030b86e52ec09edf

Download Submit
C:\Program Files (x86)\hello.bat

Filesize
1KB

MD5
b86fddd2b764f079615be5d4dc3e158d

SHA1
2510479054db1fe52cc2dcd3c7033d91204cb367

SHA256
2b2114784d15b0b0d5475256851b4d0d4da7181198c2a93a304ecedb98eaf091

SHA512
915363bc9f6e665358c8d25f5f5f51d64c53cb755be999013217162b126705ce641ea809047bc84511db7e3e383b848ec3932924baa8926d51a51d0037a5ca63

Download Submit
C:\Program Files (x86)\hello.jpg

Filesize
110KB

MD5
057ea45c364eb2994808a47b118556a2

SHA1
1d48c9c15ea5548af1475b5a369a4f7b8db42858

SHA256
6e1115188aa00fb5ff031899100bacb0d34819707e069bca3eb53935ebb39836

SHA512
582c7ecf2d0c33c8706ff3f39aa926780aa8f0dc0ff5d563905a5100254b81b89def22206abee0871ab339a3d463de9e6ec1782d92198e8f386f173654b6e760

Download Submit
C:\Program Files (x86)\hello.reg

Filesize
3KB

MD5
81427e9d5d10657b9edffd22e7b405bb

SHA1
f27ab62f77f827dbb32c66a35ac48006c47f4374

SHA256
bb21001c1c468e6e372d836952c3efb7fbdc98e9a20a1bfdcc4beb1b7a1e7f83

SHA512
b0ee65bcef13be7c17db6e06b96cd44774fcebe6f4a411b0073493ff53f795e3b7c49e921c3bd2e41256638bc161f5218d1c51b589c3e10164f8f2c0d1db1592

Download Submit
C:\Program Files (x86)\launch.exe

Filesize
92KB

MD5
b4acc41d0e55b299ffeec11a8a20cf08

SHA1
bbee20882bdd9dcd24b54b6af6c48cf5efc8c6fa

SHA256
34bc0d5b6029a74b9cda56b72434ec1b55b6742ff5ef832d36027a987a63cd42

SHA512
d4fa9900d703ea12d508929718433f97581a23b63458e5070ff7749871a7f60889db45098ec2972687b864ba97ab4fc307e8c80c4450dee79c0a5738818d2794

Download Submit
C:\Program Files (x86)\msg.exe

Filesize
9KB

MD5
331a0667b11e02330357565427dc1175

SHA1
d84c1ae0bf2c8ca1f433f0086ca86e07f61204c2

SHA256
fc7174e44a1d34040c3bc05ce24e648742a38a3accce22e8300d7059e4d12431

SHA512
1c47f0438dce58d473d93c10f233650df3e86d7e762a08b3a933da37683e76a079d275db4a1b4028d903f7e43f487173ba8bb25c4cff6f3e1161d0a5b2b18cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
53KB

MD5
908f31d9161795706460bdfe9198329e

SHA1
be109906a6f29f66183eb3279a5c10341104f928

SHA256
144d8ca174b9d23cf9c86310cc8b8389d3c20959d13cbf68d5686158ea2495f2

SHA512
95732f15a85c1b4221fd040941472c557a236d9cda760a3975db33eb0e1cd81994606de76563e8913ff15ff7b8c247ef4f891205abc1b3dfd6157d910637eb60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
315KB

MD5
3cc1032b63576ac67164f3ec6f371bbd

SHA1
c2b3983d4642501f8de2d84f5ac20147850b73cc

SHA256
f376275d1f9d6a6588a9654a57b8c1e468ef5e4d26d7a0d8bc67db512c13d93c

SHA512
9e90afbd5d826bf8d2d28b5cec13c9499b16f4f97b002093cb0ec6abf59d2e3eb5a08728096b9e80484968f9c4c65917120cd7d8482f52799a2be678674bd89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
81KB

MD5
364ff857eb2a46bada3c7d44edac3b4c

SHA1
ef142cbbf65ecc3a8c39edd4fdfb0413cc8859ab

SHA256
1f0d6d39a58c909e3abefd51c5834eca2386d26e35a3af2c79d9f91b15456c5d

SHA512
15b437efd217502ea18d788d02865162033439dc03b171e720931d3c72e1d50fb2c60462841a797f4511748add95b8c9c6e6a1b4115aa9407cfcd6a4d3b984fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
69KB

MD5
987edae1041cf0d45c2887f6455cb66a

SHA1
8c467f6d7b8c761acaa50ddf4d30b3c7eac6e0ae

SHA256
b18d4fb20951e267ed35ba9b72a16e300bdfe7286077acb9afbf2e97a4deefe4

SHA512
4d4b2a72f0b25113b079935a186994e9d2cbda85497acb555b7073e395a8eed5eb85743f22cda2c9f6bf6877408d3950da1d15aa6f3ee3a72c23c9b1fc10a76e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
39KB

MD5
8877fbc3201048f22d98ad32e400ca4a

SHA1
993343bbecb3479a01a76d4bd3594d5b73a129bd

SHA256
22f8221159c3f919338da3a842d9a50171ddc5ac805be6239bd63e0db78046af

SHA512
3dfb36cd2d15347eaa3c7ae29bfa6aa61638e9739174f0559a3a0c676108ccc1a6028f58dad093d6b90cac72b4468eb1d88b6414339555c9f872a5638271d9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
46KB

MD5
0f11827f750f4a8d71b486957c09f0f7

SHA1
94489cb784261166cdfd931a619fd63f0a5e30ac

SHA256
8d2c2973c9c90385de7e32eddbe44af5927d95d1a0a40aad3ffc2dcb04190638

SHA512
52062f28244b706a790f91e94a5a8d36ff26542ebd8e55039571bbf5784e6da0fa8785e9d0e418eab0bea24771420c31e4666a58a65f9491cdf5c7aaf2c8eaf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
747KB

MD5
6aec9f39c47688401865a16fd2998254

SHA1
90d1694f68389d5b200be5b5510d87e97434895c

SHA256
06372ddcac56fb63fc3c1c6ef26680296f693575195f126041ee6305f59a4b68

SHA512
c7d9482cae22d5f80dfae7b8307b657a9bbca9775ec830e776463e23218a4c8a676427beb2f52598d155e60f74870bab7d126152a7b5ee5500d81cd923ce48f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
51KB

MD5
189e10419aaaa0c60183bb7c3d8c6d38

SHA1
dbca0bc64c98459232794a12a828656aec859072

SHA256
06a810fefa124f62182001337269d75f02a88304981d10f258ffbdd3d35ee04a

SHA512
706dedc09fe4ba4bda5619ddbf057cafc7cf7b9ca17bd0ab3fa3142a597fff49c43eb0ea72308d0ec1c7d25d0c585246c30e34415b1f321bee68ff1395831b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000075

Filesize
171KB

MD5
7a88e1edbba1ad7bd345eb14f1377a59

SHA1
b299cf2eacc2d17d1f2fbda9391079b6f05fb022

SHA256
3f6aa29738172f431b8e2af2e39cba0c2f91583d7bc23f988c7b7b35975bef2c

SHA512
48870540a5e7aedf4513610e23dad5d37ff48dde92909345771f7235d4526893e65d11915b46191e62dbe6e9bed4626215703fc90932bdebed356568c1557f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f38089f8d990775b480080bccc179c10

SHA1
da1ccf37e3ae87e821845a6c7b1b201ad88161ec

SHA256
1e8687730f4e72efa9980cd9668cfb2053cfc00024d287fb3485b3add83cc2d5

SHA512
b86b9833754b26e4b43572c0e9c80f74937305dd59d6ef88fb01e340ce88cf87ffcffb8247d2e163e03aa5d401cb9ed1e145c7b006060c1e1c932d03d450cddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7ae8b89d-115e-4794-85be-5c89726896b2.tmp

Filesize
874B

MD5
2155977e3d9793eafe9a3ecd0043cc57

SHA1
40edbba228ba2f948b07832c054de86ef6821ab6

SHA256
c100f4d5b3cd9a6e8dcb598115f243511a381a1ab66e63e08c38eff725d9fa34

SHA512
082f115871d54d189767c3147aa888a42f258e7144a1d9e1ecfb15f64d05e363df2bda4ed5d04e2a62abe4ea205bf77a87568f9f3da4efccf26e12d4b4c1d9f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a9ca343a90d121e670de21deb1b65e42

SHA1
7f8b3ec08a03087a0e38203e64af6251035b604d

SHA256
8044746ad0d4cf889d2fa8d8fee873ea369d06be35e969d625296dd978856aa5

SHA512
03d7ae8834a99e6939f0f17891efc7665937ac6a9e411ca4874794ff5b56215ec3dad89596d8cf1f405410ebf8fe4099491212e372d217fd9648095dffdd55ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
97c2d79d3c99dfc6c155995feb00474f

SHA1
38983aad543520171339899921154de73a3bd772

SHA256
5d30bc451713075435f1fb38b382c8a226bbbb1a938402c9d5b41fda61a3ad49

SHA512
6aa563a4430408ed84a55319f903ad135b0ba8ce09f9a37689f366b83d1f4f02e594a204339956e3ff9336d9302257cfa7e3b1ea3eccca166bb4621dc2816c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
6c33ba9ca0804cdbbf3a31683664c43d

SHA1
0dd67ba265b295a3c49861565c54f274073b3d91

SHA256
e6e9ae18c8ffce71eb205b29579984c29aa294be7ba04f64061377db44bdc39e

SHA512
cc0c1ec950274c522f50af0d00137ae9e67eabc4d9c744b6647830d08075b82aaa50fc82c3e7ae8306355ff9a59a517a8b00794f2155ea741e7e4f3909dcec3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0f96d5bb033165e6672011f70c4d0ede

SHA1
d0c1d6d70dc4c046372b721ff93173133e5e88d7

SHA256
705792d7aff99380638162749f9f0a9416c68928ff78833962f937767544748a

SHA512
d67f41df35f8df51f327c134ddded366fb02094f7d0573460cada6e3aed16427008c295b42dec5bd881e6036e762c4b215c83e63f42cc437a5807f5ee24c2f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
42e38f3df70db4bb13fd482d451b54bb

SHA1
40bb1302f2990f6d5211ff656632be21950f2c82

SHA256
a332d5574e06df8ceaeb055ad350f204b0d13502243f9bc398e3bc8a6b15e92f

SHA512
81333b84934f14083a7e1b0afa1f9c61a7629c0aea159042c87593141880c420dd9ee682f2b3460035acf09dafb33dad0c4643d1dd675901e562c9316a8d95bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3911bee583df3e0288cd2507c7c46546

SHA1
2c4b3fcb9c16f3a31aa11b968bb77569ce325073

SHA256
e7150d4105ed837cf733729e2eb4eb31954c10484b3494e89beb6ee39ef574b4

SHA512
5c6a4293b0817c2359f8c574b81d5f828b7ed7ff7e282c1e070d405e45fe5f439d397304f8a3da95d8be738af6b7fa8a1d68f1f3c909df0f82b11400bc4e8abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4beae25047dc8686c10696de602767d2

SHA1
d70f146be78b769985f289f59a860ebb0a511bc6

SHA256
6aa195fa4835e8252e073c2b3f014fde32bc372c648edf688324213dc42edbb9

SHA512
185d316da88a580bf20c5320176709d152761319970142723714122f6a437f7c99ae4f08fe93e1296e5e784ecd3bced9033b19575ac3073611d967680c679e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
aad3db07d4e896b26a207180e334f27f

SHA1
ad4ddc27aa690d1b064f77cc648f0344ac3b58e2

SHA256
5fe1ea82d9cccf9885e0d4bfbdb47ef93474c8f890be9c4bf0350a186ed62807

SHA512
ca4a71047f6f74d7925a20c76aa96457dd48e1e7b1becdff4d2bf681ed5a5ea3f923aa721bb6c4e7e78e66364fe80224ed483a9c91baae532ec16d600cfabb40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ab9e30a8c8c0242b36dd81c9c35f07d4

SHA1
0adb770296118b1b889455a2e92d937c5a339600

SHA256
390ebd2f0a5fcbd92790de6ab6e3a2dcf64f336411f90170e7f568f54329ba81

SHA512
c59e986ea29797f057895a923a347f8ca6e4e31ebbb241e75a41b0a9adfff38c9d202610c7bb206b837cbf14404ac8c84b0765a9385647107a3c95b059dbac8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c244b153cb206b90508a047a5d680c81

SHA1
4f1c4fa3cea80f8551e1e6062ccc50756dea0a04

SHA256
a311536b5c6759cf529ccc631f206dd10a88852da9d1e6e6c7af52667324d4d0

SHA512
075b7ac37f941e1e1c6aefec61fb6fd43da86e9fd6dd77f658d41ff21f8fd5564de0bdeac6ecc8f359aaeb46ff5c65512dea28dad78300d61edfb2f577618296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ca64046df87fd790bf3a51f694d2806

SHA1
d516d786bafd2dfbd15730e882f710ccd03043a3

SHA256
24c63f1e1739141171a9cdbb78d6ffff5374f3eafb92eb5fba16b6d5145d6734

SHA512
bcfc31b34ba8ec4c8f2e6d7f4f92b069fdbbf3511114fb3a77f6ccfdc333457ea11f4cc802d794b0b07a66fcb9cc75b57b9c7052a4e04d7f419ec3739bae8d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c27a29c96c06b5fd7c1a6f2e88dd87a2

SHA1
4acb3dfd408c6196bec8e816687ac37380616000

SHA256
0a673d90148533462bab60f12a8f7e0cbdf8f7cea93fbc077ab02ed7de4729d5

SHA512
009c0efc3b6e9d2b6689c653854256c028ecbab8456aad90a5f8254d34f1be24529319a0c2970eb98a95f10efc59f81879d6eb06e8f2e0da774972af358f2901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9f9c5c8d30b28429d55ff173373e2971

SHA1
1bf6fda935ed692de4d61d095732d9457285bb12

SHA256
b1c24ad9db527dc3a0d0d5b159925c8f063c40a5665ed3aa9454927f95183420

SHA512
c1a2874ccbbbb6b02ffc8877d2cfe5a5e097bf40f756e49d81d10d87877de975fcbf7b514bf6d1c9da9eba706a476a6825dbc3a8d7efb102bcdc1e85764869fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4d60d3c1c2b43796ab2f12391dac2f97

SHA1
a11933fcc70fa9fd36af9f68ac2046af72cff42b

SHA256
51207986b5c057ccf7203299bd379ce1b06487b568e1ad4d4263fe5e24404aec

SHA512
0aaaf0f6f0b04d2c366a45e932b1c75557a12e4d40ae92b8ec447e9d20b7f049f2a1031efe1f3b0d5d2cd83f2cd90efcae50d5c74900fe7b0a320cf4ac58256e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fa08eda04886481c6170c31fedef3ed2

SHA1
2d06ea919150171ccecd59edf135f0e8fc9a9144

SHA256
49df7f1d0a425e37221baccfaf3f54ae814a0270ee989a2cef63eea89395e113

SHA512
29b9431a146d817bcaf6bf6a4bab00f77a2ab52313db6cd739f436617a8052fa1418d3a3b976192bdc16524231cdeeb72deb410a353b313bc653b33f12e5dcdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a14786c061702587246b9c587568d8b9

SHA1
54e10e61b952f33f9cf1d010f76e3dd7bb12113d

SHA256
415c44c364c84e8d43f30e57881b5fe86cab6f034eb82e96caf537feb0c3cac3

SHA512
92d0b3c2d06f5cc3a494271bad06bf6fbf16b7e7bf75659a273724e9e5cd133e44476cb513e223b8649d578b5334174dd8ba529c52e3ce52d66964d39bb7ca30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b227cddce0560f2c2bffd54b718341b0

SHA1
7b6e2c39a9031fec7440eafd48767d164318c63e

SHA256
ac5fcbd374f55c7857828e0ae373b43e08b72577dd9ba7eabf09e3f32a1bad0a

SHA512
ffc8a6c76c7ff327495f0bc384beea24cad48b40b798c8968ed0421ea463d7002c8d12f8357896289b82071c9e3fa64b3df432d16e1779e3d9ec39ccef982a0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f92b608e433a370240a5f84a421de0f4

SHA1
a3d576722e23faef6b3d9ef3dbf62a3138a44504

SHA256
81ee8902f587e6c6f537846d4a7258f69066fd76466dcc8dba6f91c0ddba5269

SHA512
c9802979a5ca7be53287e3ae3dc5dd6069c481d50d4bf08be66ff6dcb8ec561379f87e8b7c2919d612693ca70d15725a88e4e6db7ffa11beb92f7488b7976be6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
0e96d4baa7dac69d5d9e4ac61f61902c

SHA1
ad3dfb4c25a6b1ee9c1eb08b46f50d19d34e5795

SHA256
287fc8677d04beb9a919c23ce0461b56dec7cdf53ae6c68f2acc31ce5acc53d7

SHA512
aa7f80cada33aad875b96665721201dcef7213b06b16958b89c672e021fcac8245af1d1c9f7dafbf964f3a28b651d29225478555cfa59d0e39a14d5339694c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6912b31c-d583-4246-b620-e49741fdd438\index-dir\the-real-index

Filesize
624B

MD5
e1488cc03391f38faacb4c0c80475f0c

SHA1
0419fb10a1f2932d0a3638b6474477fb9f0705e0

SHA256
d4521469f08d1bb60ce4afa83c58a7a1bf52bb515e928bef98f95930eff2a75c

SHA512
8633ef8d4a083e07d7db7a077b2a78cd4b5ac99ef9674594e15090b385ea9ceffac3a0b112b0b20c3709a554c2d084d8e6b515020df920dca102ef3673aab419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6912b31c-d583-4246-b620-e49741fdd438\index-dir\the-real-index~RFe5764a5.TMP

Filesize
48B

MD5
e366a07f860077b4b912995a91f0f77e

SHA1
6ca32e8b191dc24843d9dfe988dac3007f73f67c

SHA256
f311ed6d464be61208f09c2a351ca9d3346c3b62cc67afa8b003a5d398b48c37

SHA512
415ea7bfae29a411c87f3fd842774a5e0f2e34a2ced377c69ffd14ce70c49a0aab0423f6691626cb73d3f564367ee31f47d82842eac844ce556bd35894d20bdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\788dbb46-6cfd-4195-a427-b9cbf8459671\index-dir\the-real-index

Filesize
2KB

MD5
a0ffa535bad8ae9a5c562e398910c35b

SHA1
b1178ad24030eeb99ddbd92ad4d2cda1ba4124d7

SHA256
f15d5175b86906d3bcb83dd1bbab1730576f7877f0d77fd74a464fecc18aa5c0

SHA512
156516cb96129b1bc5f28287ef0c78bfac9e7e1155c8d8db8c0ad15edabcc65d8b5f5270009c560e7bcc4a7d36a4cc892c3f546ebed9e75af856963fa61e180b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\788dbb46-6cfd-4195-a427-b9cbf8459671\index-dir\the-real-index

Filesize
2KB

MD5
f83db0f31c534410f25d756576af3b1c

SHA1
c9d13a1e3aef463e106fe339cd58b84fcac8d03f

SHA256
ebf2d19b34e4147a7407b11672680eaff3b7789b9b98ad361e299527f8efcf9a

SHA512
6dc892b31f3278d75e7ed9884e04ce25438d616a2f029d5c9d0d7c895e07569db42a933b4ac7f9d19cfe799770e06aba58b31f112247c48ba43b854b6ccffa4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\788dbb46-6cfd-4195-a427-b9cbf8459671\index-dir\the-real-index~RFe576503.TMP

Filesize
48B

MD5
8cb6d11ee10ea1f31071e30961fdfc6e

SHA1
9359880bb0b84c7572448aaa53439595b4a47bf4

SHA256
6f2a7ef065557d8f17c4fc63581ae20b8fddbfd42e68bef8826e1f3f8ae23673

SHA512
5c622391fdfae990db5f8c250a509d7be1a3dd3c7939c30bfed8595afaa7bc74e672674d214785fa3d0473b5dbcbaece4d0e3abb8b7e6d8250d23417bfcbdd39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cb92d13c-6c1f-4a56-a1de-1f8b5d374754\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
84bd334894d326d04c71bb4103904a54

SHA1
96b2f518b1b04c93f741e57d937c06c3e6ae351f

SHA256
c1bb9a9bb7beaad97bb592d8b278ccb3f737a40c0352f2930ff574a77870fa30

SHA512
78f48152a4af1dc75d727ac7b93e313ec5fa2b989079edd5f79398e590b779195d318c2daf4a69370c1b57af3bae8adfddc5b90e3affcccbc6588738d95e2af7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
636a3743a64a5ad52640625892202ba9

SHA1
de94c62f2b50e754533a34f437f52078426880bd

SHA256
917f5f6261455cfb7f30a3c2c2ddc6fc9d24a09e372d840444b450c2853f6bac

SHA512
a2dee7b406932d1e81767abe880806b0d022aa2d4e578f14e5d0eaf17507f45743d867cae42edcc63ca09e606333e978e3e0524a043906d805fdb4d315fe2160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
247B

MD5
3ee8704b11c32df7437dcea194cfcbc1

SHA1
c2b388098ef2f3fbfc2a671db27ce8b322af765e

SHA256
dfb3c6a8e90dc429e89943999e8693dfa9042f09fe305e65a928dda4338d5c0d

SHA512
5bcac021fe70b24ae25e5c8a083ce77c70c2c775e3cd58ca96b09546b3a5515ae81893faa3cc91755d69fdd6aae29c1fb7138a31d46eb247da2bde4d00844dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
cb85395e0250a2bd45205d6735cba933

SHA1
61b6b22d23f57ae3bc099622f73f8a2298d64b22

SHA256
7b5c265d950a749229d5f88fd9c250f635e19ee80995c1bd770c31425993d0bc

SHA512
b5b51d910240785ab8b50303fc3ce3c4c637a4b85cec4bd755641143e60124efe78a5cd1359d55ced6749e3d540f3edad9621aebf9b026f4a37759048cf9b326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
5bc897c1fc047ff235b68c35ec1855fa

SHA1
b4cb1c4a77f1da94abfec65838bcc9ff2728f77e

SHA256
2a49ee4231e9df818907c9455b8b3e2768c1deaf31d986bfadabcc0c6724bb8e

SHA512
4883701fd22324f09315035572d299976451f4bc447be5a09d3433b1ae569686bf9a1b0d7622d1063f128cab2a4d077c00d28e0221cc6f38b3d930d0ab30d6b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
90d0cac32bbe5ca7d6a4077cf7955479

SHA1
c1fe94fa8a3e489250d82cffbd67144260e8e001

SHA256
828cf4072918be1f6feca617eb7f91882b88e6c8753a65a128894d837b39ff81

SHA512
c9501849606e25720b83a8cee3cf4c8d55a665fdac053f162612cd48153be0a79c68fded860032ef0b92a087ffa62261109c0fb237da2681f34a8c4cede47176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56c652.TMP

Filesize
119B

MD5
11b25fea277470e2181a1f302c9ff724

SHA1
d32a329e06995a0ac88d9bd196b2df554a30ebf1

SHA256
ee19225d5bfa47dfe80c9ff6d47bcc06dcfef29ef70f64cee2012fe7622c870e

SHA512
bfe01234b572ccc518bd55acf9d4ab2b3d2e7f4a420ace1d1dff5c48551fc7375bf355a870c347b2cc5465ffe89221de3b19191321d86b50011f76c891ea87dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
f2400ca91622504909a8374dbcec67a1

SHA1
05daf9d73c3d4bb7dec1978de5681b7e9c5ec07f

SHA256
16b0a6fa494137e88073338ffc4cbd76fd35e5ed3c5f2be4cc274a6528ea1f73

SHA512
a30887e75b599c192b6dfbfae0b7b18fff0ce9460ca3b9e9d2f6f7e071390a6d89ef462c703f01012f2a8af0d9958f53ab81befeb98fdc4d38eafffe6d9f3fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6c4e0175cce9f6bb4be901ef11c30aed

SHA1
1e7edfe341ecbb3c1185d24cb4e88be2085086ac

SHA256
00a262c81fefa534d16cf4ee932636733995d1025637b2938145d2fc9a196018

SHA512
aa5007023b199ab8da1bcdebdab3e20201cb41e2ae4bf514ccfcc8e005cfff8ef8d31e67221af0fc11c8550fb21cae4c19bfc8dc3e406787fc44e00f08b39590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57182b.TMP

Filesize
48B

MD5
71bd77df66dbbe3edbd9829160d4badd

SHA1
5bfa8de9d1f3e8dacc04e27ee1a407c52c1697ea

SHA256
6dd43fcf4e64a24f82163e50a5166efa894b5a6e76390db9ca217afc2e09c200

SHA512
07e36925b0ee9e2409280f767cf6d1a31a8fade7f29bf388b7ce2d8f86eff666f44c5228afaa9fd6691e2d927b242e26989605e3a7da136d9ae9014fa14dc2be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4648_1549312551\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
230d042f79f4dffaf2a6de732a64e3cd

SHA1
4378b00142871e8430cb5f4586a531cb2dbe0e00

SHA256
8a638d66c28e519a06580473a3d84bd06ced186ba26584c62cebeed4635073ef

SHA512
5dbdef2774bd5c12d1717ef42cbe84643b6f52812990c2d6a2f09b153106e4758944ce9d7b2d8a107fa1589c090d87a80c368e203e1273c1f85f42f712b558e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
48a6a72cc01a916c7a4dbdb4285341a2

SHA1
c09a32c4463ef28601d3070ceb2115535ba69629

SHA256
d584a36ef8b07f7e9ae44ed137f15b819dee39df7538530a895f5b562c675b0a

SHA512
c0c9d4d63c45797cd89a0a2c163fb5c187a3a6ce45eb19282873c9d2a4950c5a64c93c91e37ff5ebc75d841bc096417d6dd69e7f2cb91e464bdd2f2fb65e536e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
e282baa8fdcd2859065b9f206da6cf19

SHA1
80f579fd368e45c3826c0397aa045302fcd53e29

SHA256
c4a58282b97ea02f26524063ff89735628408606c6cacae49107e23a19c15522

SHA512
4e85bb858c733fe06ade3002c499824eae7f102baece40adaf96c43b6d177b7841ab327bf59e4c458190fa815887fb3f899279a44c24e5fab54ced1abef2840e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
f2ad692c7ef66c82cce34f1624a69490

SHA1
5dba89ed09873d8fa02e6b97f301d84c3453b62b

SHA256
1bfbacc589f256d56ceff2c443f8857c09e8aebeca8dd4033febe3cd7e403f87

SHA512
21a833868e5ec1b7bd01f5579d41ad877575ea3f539fba4600d7ca409293cf9b9714e420d68dac878dee681df6cc3429a46aed69f9992868b941855570ffd6b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
d8fb20b51b48513f7ca2d5a43916622f

SHA1
8e05112e84053eaab2022b1313eb1a33ae1bffb6

SHA256
46b5da7c53196b5399ddca07eb89493a4bc227bb7d4ee85a95e1971c65c6844f

SHA512
9adbb890d4780c2cb5b251b1a9ab44e27c397cb0fc0d56cf318f567e4d3a952774f77eff35cdc329323814d49187d422033e8b608787e65dc27c2d7644fa47e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
f552a2843b7dad195cb2ec62d3fd51fb

SHA1
07260dc38f07920b4e7d5c3e2061fe55c6f75c10

SHA256
3c4de323edcfdb8b957e06769dbdb3bf3b0ac1ae3d330134f0f290c6b0c47d96

SHA512
2b022c24a0e28a4efeabcf8dc4ca6d2edc91ce972dff424375d733925191294a1fe6c44605968b8f46f64373f2a8f9396c38b12186fb16898bc258719b1a59cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
3410be8c660d5d4423928c78d74c8318

SHA1
b5b554d3c4ff236fdca671d3a038f11d5f1367e5

SHA256
1925e4f30091aeb3df811912bb106b85762a25bc1845c5058594aac9dc955276

SHA512
5c590cc3e8534e49d45455ea618eba27c0d3012ba1644a182d893ea4c74eabee64a1f67e0fe69f69a84246bb0c4f8710e8582ffcd2b963521213ca80fd36c03e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
22f1f03d04623d2d04e1bdf3dc5c1e62

SHA1
16feea92b126829f1d59f7a60a0e4f902a3a33be

SHA256
381c491176bbe4dff109f36a01a29d78dcf34cdd0a55a1bae7aebbab167ad001

SHA512
2ba2eb5499408c44b28bb620312a0c966c0928fb486d623d18e8c7076379bab3d2d5787f9026531295b515d2c7a26eb03485fd24b77a5d88e64496327923175b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
db0811db8efb0e162b4e6aa9e696a89c

SHA1
29e2f2c0fa5c5204737486d46ae3eb50151cb43d

SHA256
828e31d8fd79cb4c8a17b08dc05627fc45477bdb96978ab9feb467d4c02039a6

SHA512
b1489219430c270df7f1c21c67fa688c17b3a239a24a8b8f4f3c4d0536da2f23aa37ce210626aa863e1323f24e14f755dbcb86c69fac537d466a338e6977f37d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
20265c9831d2e2700ef4399b09e7392f

SHA1
429ca05a9d370878a3d6dcc3ac4d91369e867982

SHA256
3a42790ae513794914bdb7e4844a43a3b2f98b137971d9272c52fb651d494859

SHA512
7d30b0e8b6818290a27b8e40020aca0372857c316d4a7fe22502a04f0d3a2ce184dbbc41cc85e37e588db49e3841849578eb7ca9e89b34b994ec3356a982759e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56fdbe.TMP

Filesize
93KB

MD5
9740a081e32451818ac2f06f5e817232

SHA1
cce1f2885e0bb43bf4d27353ec3a22fa69c5025c

SHA256
5bb885ea2fd85bd3c28ace6c8aabe621667b5c22edd9e8f8a8014ea42115d740

SHA512
955b92e9df9dac0c8325e68ea97e5dfd2129857c4597a35e92205762e1c24b2ab8aa0d913d675080dedea64d33f6d0275d6620b39ff8e9846a4ea8f5e1d6f916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d3a3a054-521e-4eb5-93cb-076de8b74ced.tmp

Filesize
172KB

MD5
a4aba22f4e544904139f00204e0c9462

SHA1
f1f786a648f9a20f99527c26ad93ad8ad17687a2

SHA256
0b0e04d2c355cebb12b6efde7485f4297d2a3a6ead0ed82895776c8ed1fb1083

SHA512
f1b7dd9c8aa637df37dadceaeffce7a8b27e852f8f514c5170e92bca19178e95ce6a23404f1a5ecd3000f7b5e16bee569fdeacb3ae07b010ffb7ed80709afd1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\D414.tmp\D425.tmp\D426.vbs

Filesize
588B

MD5
67706bca9ceaba11530e05d351487003

SHA1
3a5ed77f81b14093a5f18c4d46895bc7ea770fee

SHA256
190a0d994512ed000cf74bd40fb0502988c2ac48855b23a73fd905c0305fc30f

SHA512
902ac91678d85801a779acbc212c75beba72f8da996b0ed1b148a326c2dd635b88210f9a503fbbffa5271335483eae972e6a00acbc01ec013cf355c080444598

Download Submit
C:\Users\Admin\Downloads\NO-ESCAPE-main.zip

Filesize
732KB

MD5
9172731ba3f16b578bcb14000ccbccd4

SHA1
e7ab716661ed88ecf060dc5d53720877b141eac9

SHA256
ce0a32e35b7c79e7e2ffe7bd3c7566a6fb843341268ad50f4a594e56e17a5110

SHA512
3a35995b6dadf408ca69699220120bba5f70fb3c2a850165ab11dad03821c8ce316bf7e9662f8976e0bf659cdb9adf0c8d0d7beca22b59480e4830dc5e02666c

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads