Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/E...

windows10-2004-x64

Resubmissions

19/02/2024, 16:03

240219-thbb4aga25 10

19/02/2024, 15:59

240219-tfg2vsfh53 6

19/02/2024, 15:56

240219-tdfe9afg83 6

Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/02/2024, 16:03

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://github.com/Endermanch/MalwareDatabase

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Drops desktop.ini file(s) 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Windows directory 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4168
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb757f46f8,0x7ffb757f4708,0x7ffb757f4718
      2⤵
        PID:1040
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2240
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        2⤵
          PID:3264
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
          2⤵
            PID:664
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
            2⤵
              PID:3240
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              2⤵
                PID:452
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
                2⤵
                  PID:408
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2380
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                  2⤵
                    PID:3008
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2304
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4136 /prefetch:8
                    2⤵
                      PID:2116
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
                      2⤵
                        PID:4584
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
                        2⤵
                          PID:2348
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
                          2⤵
                            PID:3208
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2278486074564892745,2002050039115636307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
                            2⤵
                              PID:5020
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4652
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2488
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:3508
                                • C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe
                                  "C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe"
                                  1⤵
                                  • Modifies WinLogon for persistence
                                  • UAC bypass
                                  • Disables RegEdit via registry modification
                                  • Drops desktop.ini file(s)
                                  • Sets desktop wallpaper using registry
                                  • Drops file in Windows directory
                                  PID:4760
                                • C:\Windows\system32\LogonUI.exe
                                  "LogonUI.exe" /flags:0x4 /state0:0xa39a1055 /state1:0x41c64e6d
                                  1⤵
                                  • Modifies data under HKEY_USERS
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4800

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  fa070c9c9ab8d902ee4f3342d217275f

                                  SHA1

                                  ac69818312a7eba53586295c5b04eefeb5c73903

                                  SHA256

                                  245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

                                  SHA512

                                  df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  2KB

                                  MD5

                                  5f3b6c9eb13e90c4112d97d7bbb2c943

                                  SHA1

                                  12461b90d6b13775b31188618f545df4ed38d54d

                                  SHA256

                                  24f4290a5e604ee1d4832cc78eda55cf6677ae62b78de663769e188319bf2469

                                  SHA512

                                  5b90bed41f54a0cbe74a17d3663fe766939f709bb47c4b407bdce2a5b7662b9ac9fcdcfa19fef08063442c5d2b446950076f3acd969bbf3c76cde88d5bb4aa33

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  579B

                                  MD5

                                  d6e3bf37c442b2d39e58f791930e5310

                                  SHA1

                                  8320df56dcc995ad18a087e3bce42bb574653689

                                  SHA256

                                  ce37006c5534f3037bcaf0609401c0e0e7b35625d49aff65bc1e9577e01a95b0

                                  SHA512

                                  7f59b78af656aa8f9bf3152dae5056586c5d79f35cefc29699f57c5832a4cc2ebfe6bd9ecc7587fccde524a4ea31d4e4aa9b8a0d50279ca6a52883b70bf2da28

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  111B

                                  MD5

                                  285252a2f6327d41eab203dc2f402c67

                                  SHA1

                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                  SHA256

                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                  SHA512

                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  36aad0167d4935b2dffd16caf3770908

                                  SHA1

                                  9dcdb2f073edc3301a64c8b4b6828f3e7098b5aa

                                  SHA256

                                  d935fd4df6d83b791ce0533377849d036c8ea57183fd7ebd4c759b86f487907d

                                  SHA512

                                  e72ad8270c4cbb1a11a986a9883b7e371b3019556821692828b27ae9a8987e295c24f517bd4803e0be35560fc5a2ddfe59dfc6d88b55c04e09610212531a3863

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  776544f9b25847bf294cdf0dc0f0ed79

                                  SHA1

                                  8bae0b32e31b7fbe773deb6221f5f28bec06bb05

                                  SHA256

                                  a5ab0bdf8ba5b894615637fa602b48b168312e68559bf1958d0e76c7d39e9bb1

                                  SHA512

                                  5ad0d7e76cc3b5eb9e2da39d4cdfb98e47e5358c393462e2c4e861ee5183783abd06a58f427a3bf3d5994227359cb8009c876f383a3625acfaee65139af40a15

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  da22e691cf8d39a53cfb88b0e5b4e79d

                                  SHA1

                                  1b2bdc153437feb11255557538549f2a5767fdea

                                  SHA256

                                  9c1bbea7b946862f1f79806b772ed934b672288459fa74fef1a0e674cf4fe8e4

                                  SHA512

                                  627a87db49b1c6d3721705b30cd23b3333cbceed3551501530e4dc283a77665715f78ba18f7f92420ddd534f20559a9ee3054b80c1adb25502d3d136e4de9ac8

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  d119fa164f9ea2dd0f2395616b20a26a

                                  SHA1

                                  88e594327bd61e2599300b421dcef7b8b68b8fd0

                                  SHA256

                                  018018d934159a16fc4b83e7a30ce9973487725cd0c6b000b931b1886fa63336

                                  SHA512

                                  0f9ca9f1e63b133b316d8fc624bc486582482b95eae9f0967f0d211c512c8804045ba9bedf42ece442c35f0651e6f7fcb736fbedbc0733e0a98925b1b249332c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  a269b7bfcdb846029dc6852e7070b106

                                  SHA1

                                  367279b2e07cea32f46fe16b4aaed644dd35f5dd

                                  SHA256

                                  f5cfe565cf1af1d6f2c08bcdea44f36af0b7d0b4e67108917ffbda2e880556be

                                  SHA512

                                  478b53c419e8dc4f7b11f69e8fe1c0df2ff3b9803bdea22e0582e5d2dd840ef2f21385a7d7c18e7bf69d216d5810ac758ac516240941704c5549b27b0bab76d2

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                  Filesize

                                  24KB

                                  MD5

                                  917dedf44ae3675e549e7b7ffc2c8ccd

                                  SHA1

                                  b7604eb16f0366e698943afbcf0c070d197271c0

                                  SHA256

                                  9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

                                  SHA512

                                  9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                  Filesize

                                  1KB

                                  MD5

                                  0eef62bbff55478be42b5be01d6caeb6

                                  SHA1

                                  152a6f5ed6e746b370f57a4eb10d27d4ee385da7

                                  SHA256

                                  eb1284d938fb1ad2434a02dbb999d44c9872914055c03adc74c344beb437e3e5

                                  SHA512

                                  565d89dcaf4300136ef212ee106c1b1d7c85d31b891ca6dd9a4273dcd14e19aace911144df8515c7c612c1955e691cbe8ef29a5580061d53c7457caa3d218bde

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                  Filesize

                                  1KB

                                  MD5

                                  bd92912bde9a5cc6ab231acd2e073dd7

                                  SHA1

                                  82c52b68d1a524cdc0744e8668a22a7e8a2e2052

                                  SHA256

                                  d5623750a2d4ef6957822ef3bf9b83284ccaeb38940c5d9a88dc8a89cc4430c9

                                  SHA512

                                  4a1ff8fd8b7b49e7575eb6894d7a782d89cac7df6f22c7fd1227844ba08674b1bbd7f122bb594ad13ee7430265c956638dd5131d9ffe215b1a3a5f875dc3cb32

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cc29.TMP
                                  Filesize

                                  1KB

                                  MD5

                                  e754a9daf206b8aed38a4bdb2675c14d

                                  SHA1

                                  87348aca617d11e7931534f10b65b86e3f51e244

                                  SHA256

                                  499489430e936e28b794632d912c6f06ac36192fc1908390f0c341f2e948546e

                                  SHA512

                                  4d539d64748a4116bc9d7e88faee4a6d9b94cc3611b788e6bb2dbadc56e5c4602547e27004a9cb4a7506d7f087bee8276b570a937da839e15c0a4d3dcafc053a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  12KB

                                  MD5

                                  a6d4659bc9d3edd363bfcde19dd7ff27

                                  SHA1

                                  3388e8fa4a48749011d47b39f1b1a16bce9d7fec

                                  SHA256

                                  690eb04af22c7560a994cc73fb396eaaf1070ca6dfd8573074be607b52fb786a

                                  SHA512

                                  777c17e42848c27ec578156a0ae295727fe6cf9647a04481ab9125e566e8c11d6b6f0ef82cc6ea4e30e193122392c567b7a06be35261d9dd4e2985090fa79651

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  8f4c06fe8b9d622e7a9f6fc0701b7395

                                  SHA1

                                  395f012bae65ea3d3a969edcf8cdec919b82754a

                                  SHA256

                                  425e0fedbe0893881230f0e8b563df152f771d0c34e38cc4e31c3c79f0a5d99b

                                  SHA512

                                  f398d93d976dc4b1d846d3dae1ce1a1de095bfff3cd2d78058f179de697018f5a3286c7067a88f56e92c383d1af31aff66902804c83ac2965c265ba72244d7a2

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  d26705c47b769727fdc9041f587262d5

                                  SHA1

                                  31b58fad0e12ebc8b97ff8b6cdedd02b65ca9666

                                  SHA256

                                  2e3333b1b61d6e00aeb9d19971c2f691e804dfa982dc5947e4311b54ba97d6ea

                                  SHA512

                                  07d77419774a30c3f01b692ff1f74e974c181046d8f2a1e1f2be64a7b3e9eb9e2eb771fefb5e11a1d33d0173be66ba4764b814c53bd865405cc47b54eb45de73

                                  Download Submit

                                • C:\Users\Admin\Downloads\NoEscape.zip
                                  Filesize

                                  616KB

                                  MD5

                                  ef4fdf65fc90bfda8d1d2ae6d20aff60

                                  SHA1

                                  9431227836440c78f12bfb2cb3247d59f4d4640b

                                  SHA256

                                  47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

                                  SHA512

                                  6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

                                  Download Submit

                                • C:\Users\Public\Desktop\ᢛ⌖׵ۇᘽ᥹࠭␙◐ޥ՜៲⛴ษⰃᙳᔥᘡ〔ិ⚆ぐݥऻᙚ⧘ᲄᄫ᭎຅ᴄ᣻
                                  Filesize

                                  666B

                                  MD5

                                  e49f0a8effa6380b4518a8064f6d240b

                                  SHA1

                                  ba62ffe370e186b7f980922067ac68613521bd51

                                  SHA256

                                  8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

                                  SHA512

                                  de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

                                  Download Submit

                                • memory/4760-346-0x0000000000400000-0x00000000005CC000-memory.dmp

                                  Filesize

                                  1.8MB

                                  Download

                                • memory/4760-347-0x0000000000400000-0x00000000005CC000-memory.dmp

                                  Filesize

                                  1.8MB

                                  Download

                                • memory/4760-532-0x0000000000400000-0x00000000005CC000-memory.dmp

                                  Filesize

                                  1.8MB

                                  Download