Overview

overview

10

Static

static

3

ggpermV3/A...64.exe

windows11-21h2-x64

1

ggpermV3/F...er.bat

windows11-21h2-x64

ggpermV3/L...IS.exe

windows11-21h2-x64

10

ggpermV3/N...on.dll

windows11-21h2-x64

1

ggpermV3/S...UI.dll

windows11-21h2-x64

1

ggpermV3/T...er.exe

windows11-21h2-x64

ggpermV3/a...64.sys

windows11-21h2-x64

1

ggpermV3/m...er.bat

windows11-21h2-x64

1

ggpermV3/s...er.exe

windows11-21h2-x64

1

ggpermV3/s...er.exe

windows11-21h2-x64

1

ggpermV3/woof.bat

windows11-21h2-x64

8

Analysis

  • max time kernel
    400s
  • max time network
    401s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20-02-2024 17:48

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    ggpermV3/Final_Cleaner.bat

  • Size

    107KB

  • MD5

    98f1a0eebcb5f4798662a40323b05a7e

  • SHA1

    068e288005c04b8d859c44d3767613a8036bdb11

  • SHA256

    00023ce602db623e47de1029595339eec4ee5019c6017236c9b721cac0ae4032

  • SHA512

    6cfda16ce56b1173b91bd86c0f977f022a0b01a77142a15f66d865ee3f00ffee6aa2df7571edcccac41f7d680a9c4c536991abd91e86a00b083b8f9f37a39cf7

  • SSDEEP

    768:S/KZzmezF/svUsfg8gVhCBL1oPYdxCA1n5xpoL8oPlRPrPEPupL5LvLpLjLgwJyo:Kg8gUDRnvplQL5LvLpLjLnn

Score
10/10
evasionpersistenceransomwaretrojan

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Drops desktop.ini file(s) 2 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Windows directory 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 3 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ggpermV3\Final_Cleaner.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3796
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:5044
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteClient-Win64-Shipping_BE.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3656
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im FortniteLauncher.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2988
    • C:\Windows\system32\taskkill.exe
      taskkill /f /im EpicGamesLauncher.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:4236
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\ggpermV3\Final_Cleaner.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4412
      • C:\Windows\system32\findstr.exe
        findstr /b ::: "C:\Users\Admin\AppData\Local\Temp\ggpermV3\Final_Cleaner.bat"
        3⤵
          PID:4936
      • C:\Windows\system32\reg.exe
        reg delete "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /f
        2⤵
        • Modifies registry class
        PID:1412
      • C:\Windows\system32\reg.exe
        reg delete "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags" /f
        2⤵
          PID:1388
        • C:\Windows\system32\reg.exe
          reg delete "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU" /f
          2⤵
          • Modifies registry class
          PID:4364
        • C:\Windows\system32\reg.exe
          reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags" /f
          2⤵
            PID:3156
          • C:\Windows\system32\reg.exe
            reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\BagMRU" /f
            2⤵
              PID:1656
            • C:\Windows\system32\reg.exe
              reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /f
              2⤵
                PID:2736
              • C:\Windows\system32\reg.exe
                reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted" /f
                2⤵
                  PID:4316
                • C:\Windows\system32\reg.exe
                  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache" /f
                  2⤵
                    PID:3144
                  • C:\Windows\system32\reg.exe
                    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU" /f
                    2⤵
                      PID:392
                    • C:\Windows\system32\reg.exe
                      reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU" /f
                      2⤵
                        PID:2800
                      • C:\Windows\system32\reg.exe
                        reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRULegacy" /f
                        2⤵
                          PID:4684
                        • C:\Windows\system32\reg.exe
                          reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU" /f
                          2⤵
                            PID:2584
                          • C:\Windows\system32\reg.exe
                            reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist" /f
                            2⤵
                              PID:1632
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                            1⤵
                            • Enumerates system info in registry
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            • Suspicious use of WriteProcessMemory
                            PID:2352
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffcb263cb8,0x7fffcb263cc8,0x7fffcb263cd8
                              2⤵
                                PID:1900
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1644 /prefetch:2
                                2⤵
                                  PID:3152
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4624
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
                                  2⤵
                                    PID:2480
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
                                    2⤵
                                      PID:2816
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
                                      2⤵
                                        PID:3160
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
                                        2⤵
                                          PID:2672
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
                                          2⤵
                                            PID:2520
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                                            2⤵
                                              PID:4856
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                                              2⤵
                                                PID:1108
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
                                                2⤵
                                                  PID:4316
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
                                                  2⤵
                                                    PID:3040
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
                                                    2⤵
                                                      PID:1772
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 /prefetch:8
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:1856
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
                                                      2⤵
                                                        PID:1956
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5156 /prefetch:8
                                                        2⤵
                                                        • Modifies registry class
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:4132
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5392 /prefetch:8
                                                        2⤵
                                                          PID:3488
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                                                          2⤵
                                                            PID:1920
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:3924
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
                                                            2⤵
                                                              PID:2484
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
                                                              2⤵
                                                                PID:1800
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
                                                                2⤵
                                                                  PID:4480
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1752,4446028203271619126,9452470404408970714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
                                                                  2⤵
                                                                  • NTFS ADS
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:2268
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:2692
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:4768
                                                                  • C:\Windows\System32\rundll32.exe
                                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                    1⤵
                                                                      PID:4752
                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"
                                                                      1⤵
                                                                      • Modifies WinLogon for persistence
                                                                      • UAC bypass
                                                                      • Disables RegEdit via registry modification
                                                                      • Drops desktop.ini file(s)
                                                                      • Sets desktop wallpaper using registry
                                                                      • Drops file in Windows directory
                                                                      • NTFS ADS
                                                                      PID:2148
                                                                    • C:\Windows\system32\LogonUI.exe
                                                                      "LogonUI.exe" /flags:0x4 /state0:0xa3a2d055 /state1:0x41c64e6d
                                                                      1⤵
                                                                      • Modifies data under HKEY_USERS
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:3616

                                                                    Network

                                                                    MITRE ATT&CK Enterprise v15

                                                                    Replay Monitor

                                                                    Loading Replay Monitor...

                                                                    Downloads

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                      Filesize

                                                                      152B

                                                                      MD5

                                                                      4aa37444d26e81e6f3837eb15bcaa892

                                                                      SHA1

                                                                      3d00127097989429f311f33daa8380ad7af4cb56

                                                                      SHA256

                                                                      ab703e5dfb5b92527f094fad6ec479839375907700be9a2fd1c3cb9105f9e655

                                                                      SHA512

                                                                      f21a34c234433a688602b2b56d6844f224641bea45b8585f77f4853e192107a65c5e104e10cd86c1d97ff41a22fd05d65224993803b22113ed0b517e686c5176

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9766cca3-e67b-45c6-a5ee-ebbfbea68658.tmp
                                                                      Filesize

                                                                      853B

                                                                      MD5

                                                                      bbfb7a5f3da6ede55c8912da3ddd0678

                                                                      SHA1

                                                                      f932184985c3ea588d2168720607cde91aafed24

                                                                      SHA256

                                                                      a2aacb5aeab7114296a84a004392e31a726710eff21b420c2e90469d1f0b3f04

                                                                      SHA512

                                                                      0fdf143dc76468610dd64cabb155279f42d94eb942e9dcb5700d0baafde6dbbd26b67ebf8da9a9194b63b1d351e150c447aa402f7bd1c18e2d0321fdabbc1d6e

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                      Filesize

                                                                      3KB

                                                                      MD5

                                                                      aab448ff97565115ec5f54fabf1e2b3b

                                                                      SHA1

                                                                      22f29bd939620b70b1655a8147f0ca1211ce07aa

                                                                      SHA256

                                                                      41ef673d6b790f09bed4357dabf31e47a4539ff8ffed51ac59eef67380e612ad

                                                                      SHA512

                                                                      5c0b5e7f2d81da04fef9364c1a704097667ea0e50e801df0fc0f2cdac621d71c2e268e2bbf9ea3f42e2a18e4ffc448d9871d6c9c6f1c2a62a5c07a7d6393e097

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      5d6e536e39eadc52934194f787b26b2e

                                                                      SHA1

                                                                      772fb63cd8905556c0eca1b87d339abf537cebbe

                                                                      SHA256

                                                                      c49b40629f520288c4a0cde19a9949df0db3e564f8114889c1b9f1ebdfcd88de

                                                                      SHA512

                                                                      a63fb09745c5aa08f6cacee47845bace31a6e3ed0b143f4af6bd52b2a5d175f09f82d893f7a1bf7d5ea412730e1df7174c188610315b917bfb43f085db6325aa

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                      Filesize

                                                                      111B

                                                                      MD5

                                                                      285252a2f6327d41eab203dc2f402c67

                                                                      SHA1

                                                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                      SHA256

                                                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                      SHA512

                                                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      5KB

                                                                      MD5

                                                                      1a9b88874040ae5ff37d52b6c0348d1e

                                                                      SHA1

                                                                      da56e4ae1912ace67121f40742271a5c19e48d76

                                                                      SHA256

                                                                      09343cb209c431589417199f16daa6f30be1679f63a6e6f0771dcc31fac7d943

                                                                      SHA512

                                                                      cdb08f12de395a04bc60c2d647db928f898334c993b1aa1d986d5ca799b83224469246a7520b2f748cf65809ff203a43207786e76fc9bd0e2867421276a8c682

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      5KB

                                                                      MD5

                                                                      1fd8cf4de5e482d252d3267a7e9cf9a7

                                                                      SHA1

                                                                      7d4688c9db4d4b2d6078ed8dffdecf80c976f137

                                                                      SHA256

                                                                      810cd6e0ccc83ecc2af7c8fd48e7874be4a7796787312d5ccd152b903c619a3b

                                                                      SHA512

                                                                      df82e3f754aee063bda904ed0a2702f36b21e1c1c97bbc833dfac65dbf65bb6fe92e8eca5bece536b7c8e4d6ef0e4e10f7b751b8352fb1d65fc5443d78873145

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      5KB

                                                                      MD5

                                                                      b7212ceebe525325e8acbd131823f916

                                                                      SHA1

                                                                      5598f671d45db4561780803d21da77bf575bb8ef

                                                                      SHA256

                                                                      5b09cab980b3ca8a777bb4c7418f51ea29d83292a8aeb6dea357e73213a61cd7

                                                                      SHA512

                                                                      ac7705875ec77186a25e840642496acf33191a1883ce6e24281b2d0640cc67b5f0a74a557dbe589a3763ae64d21c8598b86184c769eda1e1e47b8f527cd74986

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      5KB

                                                                      MD5

                                                                      3437fa20eb4d51a44f6820cf56b086f8

                                                                      SHA1

                                                                      f53de4321b472d2907a3bc96783cde56ef324c44

                                                                      SHA256

                                                                      8179cfa6f217508554e905d0f91e43a80b1680fb024d75b2d33f3ad617d3fe12

                                                                      SHA512

                                                                      c8ada45122daace1316d4ce3e0761396e0b638ed20b1acf41fc1bf96cd756834ad5c144eb17d1bd3fe1f8ac9515d8b930fc10e6b5e7b62221fb48525e607e80c

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      5KB

                                                                      MD5

                                                                      3579467fe481e6f6bd4a56c0f2b1b44d

                                                                      SHA1

                                                                      64e4d533f6f21583345f2a6b0beb1f10ecb17699

                                                                      SHA256

                                                                      0416e1890b7913eaed0a765c071965abd7d290d6db09024f804720b46e1cc59d

                                                                      SHA512

                                                                      383ba2fe6fc91653587d435cebf56887d577ac44af2de2681caccbbb1a984f77b23d634548e533352f428401f9f1910453d4cdd70097119acc63c08afab9ae2c

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                      Filesize

                                                                      25KB

                                                                      MD5

                                                                      40833cdbd5d7994ce8fa41b927a81b3c

                                                                      SHA1

                                                                      7d0113a707e380a6c12a7581af0184b6e49ba481

                                                                      SHA256

                                                                      857a656a5e259b4671d5778cf4c93bf038e060b195cb7e9fb3d9c5bf25c8f2f7

                                                                      SHA512

                                                                      38d77bf562e1abeffd91ada2832a160d29509ed748751f43de43c5846c9fffab53884fe31b19ee7336c36557d726b9ff17dcdda0f311d8f04407e44748f2f4e7

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      7a33591ed4c82213a0fdda1980dded1c

                                                                      SHA1

                                                                      deab5dd262da109265a72ed9014649cdd06d201e

                                                                      SHA256

                                                                      7906097b0370cae65a88a00b1ff62ae8602b151ff3ad505885e0a4c4b5ee563a

                                                                      SHA512

                                                                      3c52a40dd54153fccf94ce218c3f01400486986af6731644dee8e41df4a37531f132d0fdf86dc8132371c0272e298199fbf2143e54623c80ced7a26d2a817010

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5cf739.TMP
                                                                      Filesize

                                                                      538B

                                                                      MD5

                                                                      faa1a993a2f0a1ab833848956a23285d

                                                                      SHA1

                                                                      11038cce948f38c9f51637f1a9e127fc784fdfe0

                                                                      SHA256

                                                                      e92beec6a604db03f30c9c2e0762e2686e63314fcdfb814c0345e02da6758870

                                                                      SHA512

                                                                      a72d17c2f982fb369d9f3d243e00ac73a49bb1730c0c9776f88323dca8a6e9bc75a5b2766d855a650bd3fb93d442e694fb69da8e03e26b0faaf1fe930b678392

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                      Filesize

                                                                      16B

                                                                      MD5

                                                                      206702161f94c5cd39fadd03f4014d98

                                                                      SHA1

                                                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                      SHA256

                                                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                      SHA512

                                                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                      Filesize

                                                                      16B

                                                                      MD5

                                                                      46295cac801e5d4857d09837238a6394

                                                                      SHA1

                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                      SHA256

                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                      SHA512

                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                      Filesize

                                                                      10KB

                                                                      MD5

                                                                      92d38e2cea4d3457b266a59f429ec699

                                                                      SHA1

                                                                      f1d9d9ecc0df934369f473b4059ad802a5b0736b

                                                                      SHA256

                                                                      ee574174f573899e916064653e41484df55b323665334808a6f42ec2476b1eba

                                                                      SHA512

                                                                      56cd1f054bf03fc5ba998eb9111fb8f0c2db256321d131515db89bc8bac3d8c8214723db43657a08ca3115f0f3026ce46bebf724b1fd3d2166d2ddf22fb58240

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                      Filesize

                                                                      10KB

                                                                      MD5

                                                                      d87c2fa0495acb56e85a59a27ad2141f

                                                                      SHA1

                                                                      1952f25a6eb527968afb6fb35cb76c5d2f0cbe04

                                                                      SHA256

                                                                      e90da4da71fcf4e8b422af0e3924010de090b7d08b8391854b460815864646aa

                                                                      SHA512

                                                                      9070ad434b74362f98e3f46208fbdc23fa917f23551400179a8f1d21914441396b4c7f3895fca92d0215243367e73be38f4c46c90a0c9c19a211828bcc1da272

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                      Filesize

                                                                      11KB

                                                                      MD5

                                                                      df13fcf78646e55e2b8189a928329411

                                                                      SHA1

                                                                      1a1c79b5917bc27c2fad09d190df9465c53927c2

                                                                      SHA256

                                                                      1230dbb733b8d5a7ab170ac054bb7090ec33eb3f896035165ce9cb8782a1c667

                                                                      SHA512

                                                                      8524560d173673b9808a13755c9bb89093164442a1f79f38034f03b175069aee5e5dedfa3a4724023af51d5f5f88b36d8df338f140fb56c317f1b235f098d676

                                                                      Download Submit

                                                                    • C:\Users\Admin\Downloads\NoEscape.exe.zip
                                                                      Filesize

                                                                      13.5MB

                                                                      MD5

                                                                      660708319a500f1865fa9d2fadfa712d

                                                                      SHA1

                                                                      b2ae3aef17095ab26410e0f1792a379a4a2966f8

                                                                      SHA256

                                                                      542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c

                                                                      SHA512

                                                                      18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517

                                                                      Download Submit

                                                                    • C:\Users\Admin\Downloads\NoEscape.exe.zip:Zone.Identifier
                                                                      Filesize

                                                                      26B

                                                                      MD5

                                                                      fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                      SHA1

                                                                      d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                      SHA256

                                                                      eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                      SHA512

                                                                      aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                      Download Submit

                                                                    • C:\Users\Public\Desktop\Ⅳሂཱུᖂ঑᷏็⃎ⷕ⍖ഓ᛬ᢼჂ῵ᇕ⪞ର⯍␗⢢ᰩॶょܸؕ⪔⥚⟰ᩤჂ
                                                                      Filesize

                                                                      666B

                                                                      MD5

                                                                      e49f0a8effa6380b4518a8064f6d240b

                                                                      SHA1

                                                                      ba62ffe370e186b7f980922067ac68613521bd51

                                                                      SHA256

                                                                      8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

                                                                      SHA512

                                                                      de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

                                                                      Download Submit

                                                                    • \??\pipe\LOCAL\crashpad_2352_BJPLHSPGCXOVSJYG
                                                                      MD5

                                                                      d41d8cd98f00b204e9800998ecf8427e

                                                                      SHA1

                                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                      SHA256

                                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                      SHA512

                                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                      Download Submit

                                                                    • memory/2148-430-0x0000000000400000-0x00000000005CC000-memory.dmp

                                                                      Filesize

                                                                      1.8MB

                                                                      Download

                                                                    • memory/2148-431-0x0000000000400000-0x00000000005CC000-memory.dmp

                                                                      Filesize

                                                                      1.8MB

                                                                      Download

                                                                    • memory/2148-608-0x0000000000400000-0x00000000005CC000-memory.dmp

                                                                      Filesize

                                                                      1.8MB

                                                                      Download