ef81ac0d15b52e782d94a291b6b6541c64d5d09dad0be86cee462d8608527767

Analysis

max time kernel
1153s
max time network
1162s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
26/07/2024, 13:16

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Executor/README.txt
Size

649B
MD5

f934b73123b18b2aa05abffa15f3627f
SHA1

5d3e072bfa2fc2384ec015897d7e2b362179241d
SHA256

6119918c0a31c0f8cdd51c3f4a98f713e0e5c215bbf2658ab0d42d84f94cddf6
SHA512

b5a75b7ea2f65a96e0404e8b1f6da22181cf367deed2b0bab6e3ac77d53cd39ba27b1fed7596dfe781c9ab8bd1c5f6216aaebb54e9fef0234b71dcd019b16f4b

Score

10^/10

discovery evasion persistence ransomware trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe"	NoEscape.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	NoEscape.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	NoEscape.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	NoEscape.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	NoEscape.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
84	raw.githubusercontent.com
85	camo.githubusercontent.com
128	camo.githubusercontent.com
135	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png"	NoEscape.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\winnt32.exe	NoEscape.exe
File opened for modification	C:\Windows\winnt32.exe	NoEscape.exe
File created	C:\Windows\winnt32.exe\:Zone.Identifier:$DATA	NoEscape.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NoEscape.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "109"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664742556183438"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3666881604-935092360-1617577973-1000\{16AC02FC-5372-481E-865A-35693A327523}	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier	chrome.exe
File created	C:\Windows\winnt32.exe\:Zone.Identifier:$DATA	NoEscape.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3852	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5852	chrome.exe
5852	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe
3952	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe
Token: SeShutdownPrivilege	5852	chrome.exe
Token: SeCreatePagefilePrivilege	5852	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe
5852	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1976	MiniSearchHost.exe
5332	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 3852	2880	cmd.exe	82
PID 2880 wrote to memory of 3852	2880	cmd.exe	82
PID 5852 wrote to memory of 2728	5852	chrome.exe	88
PID 5852 wrote to memory of 2728	5852	chrome.exe	88
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 1396	5852	chrome.exe	89
PID 5852 wrote to memory of 4620	5852	chrome.exe	90
PID 5852 wrote to memory of 4620	5852	chrome.exe	90
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91
PID 5852 wrote to memory of 3136	5852	chrome.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Executor\README.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Executor\README.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x80,0x7fff81d2cc40,0x7fff81d2cc4c,0x7fff81d2cc58
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4924,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4596,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3844,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3444,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4476,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4324,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5304,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3604,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5400,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5420,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3404,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4748,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5624,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4752,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5664,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4572,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5052,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5736,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4524,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=868 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=1476,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5584,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5256,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5228,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5940,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5480,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5656,i,16979040461851674529,17141925453736129347,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  - NTFS ADS
  PID:844

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:2304

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:656

C:\Users\Admin\Desktop\NoEscape.exe
"C:\Users\Admin\Desktop\NoEscape.exe"
1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- NTFS ADS
PID:5676

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39c6855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8d04896ff5b17045fd5102153fa403e5

SHA1
65d713344240d6d726f65d923bdf6e6627a0bb76

SHA256
443f242d6d856a2874f416e3826329f9fabd104adea0a9a2af9ae25bd6a2d434

SHA512
b56b02f273160305e80b25c86cfb002cdee0073f5a1a5ca8bb4b4e07d284da7d4886cfab8708326793c3307923d33e848c4179e4b27282f5ebdf07e726c4d182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
bd2f09a265374a347b4b4584a6bf08b1

SHA1
b70ccb4774a15b15bf0e7dd77d08ebb7f5b2b2ad

SHA256
840d28066897973ff43bc7d1514b0b3067df1dda2af9f668c005cadc1fc58548

SHA512
1f4c07ddf72c80bef6af6774112ca1cd556230996c28b39c83027a2735137f47311b388973514fc65ecdfd7390ff80c3586564575c6a51027339fc1c21591664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
8fed4aad7f6485e67b93960191d5b85d

SHA1
e086bb70e2341b7462ab345b9a7d6dfb18c4034c

SHA256
f8b1f1d96b6bf2d1ded386f8a99e36cdcb70a78c3bdc272864bb68084a03055b

SHA512
30cccff58d80578ea5e80fd4892f7ca51ca78c1152f8c818c27515eb4218722c476c8ed52c073519af2088e720ff9e8fa3e703bb37649279ebab89387b20ebe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b7cd303b6f69852a0c3520f9270c18d0

SHA1
a6bed09ff3fe89a4c8ba7ccee0ca9c6a149033b4

SHA256
01cb54d717014fe56e9867f2d5dabce8315cdc876ff688a1d0e372b8f059eb71

SHA512
76706fd8aaecfed95f42f5eace5a686b7ebb253a18bce88a849b56e41f5ff77dabaf599bfad6fdb79bcffbaec4c7597fd4d7aa4dc526c6db78d1020fa33c2dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
636c31e36277ec9f896d06cc747e5a76

SHA1
919ac8b30eb7ddbbc1acf7fe2112cfccc43a5d1f

SHA256
1cde5d4e5c15db0e7841e3bead698ba3f5dc8f800d86599e63d605e059418094

SHA512
6f0bbc0a798abd8cd21ce22d5638c5c33b6d1410d6b3b9143dc36dc64fb2010705254f39b24c4b5773fd3af1dad81ee8713dab598df0f132390b06e58e6be602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
12224b1958d765f254c2c606554a1775

SHA1
dd3490d635b27f4503382a3d2d5d50c16781f9a6

SHA256
283ff32bca475224baf84297389826e0a3ef36698509e98b912fbad6e6147738

SHA512
969f85cb57d76d409a32b1817f1090578b90bed71bffa9f04d9f13c45721ddea64930f7483c3a709550d0db3bd6f88cff1d6acae022478ebc85e45f21bb175d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7f2f08ac7c04a23a7cfa5d8781ee8639

SHA1
2e4b853ca960893b91548809bd0658deb25c7c18

SHA256
d706fe4dc195fdfa4a705fac303ae9ed55b230879e6510e73fe087e92f4df417

SHA512
39d38db66eeed344f589c5f74128e647452bb09c0b16f553db6099cb540f97858d128aa76ee805c6d96fe077460f4175543b8dfbf412deeb95dc0921bf0df38a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fc7510b6e8c1f9951671236c0e759836

SHA1
e676220724022cec392cb415ee9501f78e06cb5c

SHA256
c70bf9436f2f6eed29965662b87dd42ab6d36561c8b32cb1612881e15d43a759

SHA512
525fdf8f3e04ae5a8a9c6de67ae330154ddc0758bd29c8c47c9c9361e1a3a1b4e4dd20164aee7bc924687531533d5b1c9ba70c6f9e59eaa396008b943798b0dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
485141ba20af118829fdabce55440e65

SHA1
50820e9d5bc04096035941cae87689ce21f247e2

SHA256
f3376cf87e369cd1e2c08e2e10e62f7d7643f11029420bd370f9ccf3c2b0219a

SHA512
2faab63a8b24ae378dcff9ef5cde83e81e9f4074267963cc236890a92e4d6ea57ea4a50ad74d9cba61a888b5b7fe38162092d17503d2ca0a5e4ded9dee508e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b3562c433e92a41b4adcd943bd4bb591

SHA1
774478c9f3261676d03889e5552440e28567b153

SHA256
37d96416e7d81fd349fd48880964b5d4c411009beaee8b5f9221297e56d04b4d

SHA512
0591b0326b3969c074afb7a16286b71598e366021e963e2f5e48f13ce068786e9935e00a6a65fcea7eb1b315890ac40e9b0088856a48ed91aae5b70898bc87ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6f908f4f3cb7a4e10846fd0e93ec71b8

SHA1
6bba1f108e6c715e948ce6b78ac68a1c4318e0a4

SHA256
971914d8317df0732016c153c15ae17f8c0189a6c50b13cff7c4616de03cfe44

SHA512
445875b0a198b6440f78e5f88720a09cd8794da04a265fdbae5a2da9cf1721033ef8f6008d9ef7543cfb4f2f0ecea46e8983f9601c8d2efd850bb8b4be2c6198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
329e94d552c7ab05e4c91197a331ced5

SHA1
b2b1193f32e2e5f45d98442fa1b1bf200cab7be8

SHA256
212604cfad262296e164e91b69a6323cda5655dcc1fbee16fcb8066ee9ef9abd

SHA512
fe5cc16d3c6f4d6fa06a531a36839e3d4c76bd78abb999258d1f7ed4b4686dcafa3c22bf00c6932ec1595f22801f63005a24cc379448705dfb3d2e7edd423c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1f34173f9b67df2ab1bb8c514357a0eb

SHA1
dd09707dd11d757b91ba9c57789ad31311987f10

SHA256
61f754d3639e535511b20251564384466af5b8c50d35bf47114701177b410e18

SHA512
4bdc0282a15e9a21ee70cfe5d54ad7b4e8be4997a70207e7b4961c31c2946e7c6110d16087ab015225dc658483312f8efb92bb9706477f0006b3aef681f67b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f22b4aee9a3e51dc412d203df8bd5e73

SHA1
4638bd0aec23a024cda474417dc936250dd53631

SHA256
22f0918c412fe7e36674bf6afb3307b714a2dbda032032ad3e6eeb171afde70a

SHA512
7f9fa3ebac1b921e67273bf18d1a81e8fd3ef30535f68a3a6c5f8b58cda8b148f5447f76389c3a81ebbf72231de30aa5d0cfd7b689dbf63ce8b9a0ebecbc77a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e6f43dd8a8ac5ed412f163f98789c99

SHA1
10925202ba5ee5dff567b0ba97e8efca5972360e

SHA256
e6c326b1db222740871e596402af16b1e8a84083ce7ba696e7c4f4a53fbb20ea

SHA512
0584d3efd283b4b359e4af0895b69c6a9f6d3fdcfb82301f8c395127074641ceb8ac9d5f0f63302860a4fbc5654c60aaaa66c2bbf73ee5e1b2e9d9dcebf822a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
000e78c6907ef8441ee82957689bd8fa

SHA1
507ad9f93b32ee52c1258511569c23de16f7ab6c

SHA256
7c6c3f8d986f340cf30b14609139338db54df4e8a705fd858c6a2a48b5f9446f

SHA512
36886c479d58bc2223e81c929357e092fdcebead718425320f1ad7c6024896d7f68bf8e0595865434f8e10d3accc12cb2ee1482ed8f26e4ce4f00ca2709ed650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eb00f0a0dd192ff6ebe558d8eb67e484

SHA1
ce428218b05f826aba765787644d3de4a9699f6d

SHA256
4276f825da1f46fd2191a01322bbe75186c295255e4405ec1eb0293b913e5fa6

SHA512
5ddc5ab1519d73022d58915336949921541a6cf49f3d9fde230bca31339d36b264a637c6d9b82e1b7cb5b65e4417fe124d8808c49bee84f13346b8c9454004db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a68540744c170a0db078283a00618b9e

SHA1
9e87d4af84fcb3083e6e5cfcd5dbda1529f09764

SHA256
9fb658d1d20739af7821337afff349adce824553cb210b1826f8e1af0d386139

SHA512
6b96d18cda815c13cabeaa2f4225f821f4771875b08c83cefb7700ab839b564bbbfb75ec0c2bb25c592f38af3e670392feeccc02720dc9a8d4999ed506123106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
82bf0def989996595615757ecbc9a73c

SHA1
9731efef140f0bea2b01f81aa68124b7da57f15d

SHA256
a9e35d22bd2d872a17fa88ceed870827eaa96f433387e300dad0575ea194457c

SHA512
64d87275c5c3ca2746ee2ced725f4edd556a79516f7a0b1df49971e6f88e724954f758ef4591d41e28cc759a3d541a3fc6d203748bff2205cef4f86626c2d36b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b0d03134e8aa45b0e770ae27143a8862

SHA1
57e857e1bd9e139b4d22d404fc00edadd7647381

SHA256
0af58a8d6dc5db1c0e5731ae87d293aae94dd875f931aaeba29afa4129eb522f

SHA512
010ad21f250bfb0e2b946d8e7de2f7a1a9be02750e750304b6cf06798bd4a16f8fe55457fb45ab291a8cd7cac89810cd6cad8c94b1edfc99258e7241c421e5fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2dd67259260b00a494ba9adb8977014c

SHA1
0b2cd0a9be8fec24942cb818e7a0a74accf32552

SHA256
8e8ad6dc1ffc33f86dfc57a7050aff0217fdf4c4cc71eead4b962a8defc1e9d4

SHA512
a0304a672253beb49379b5b2e17eb59c922c7e2c453f03fd72d2df53b1d9634227e48b024106255fefed00da81fb175174951660d201fe8433dea7ea7292a901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0f3827db2b74425a7be4d9af7097a46a

SHA1
4f374023d6f86f4ae8315f40c276f22e68f186af

SHA256
50ebfa571329e5f4f3684323f4445f98d6a1581b1138ed51743a7d49a3c8c83d

SHA512
f05374058e4a43757f3a64117f61df9b52c1218d480b7bc05a47607ccaee346e72fc83a0a53168e98bbc68d8536cea4b31b528f5ba81463ab43999bfb2a2545b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a7747812a35e4fbf248bec6f625eb2bd

SHA1
2730d36a3f13da1610b6788bd482605aaf36593f

SHA256
2493151593832be207ddaab5cdddb8fd09f88d14f458a72ee18f11aa36ef9d5a

SHA512
acc1d1cd79ee7d1be5964a0e210075844213f47b6eeca3cd2533f9c9bc45dd2a6cd51028f81438c6e197a193f95725bafa298cb5b693c46aeb59fa2b58a5c343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
01bd42c13b388a751047926cb9cc1c5d

SHA1
36cf7c39dbcd47c73a967966cd65faa7624e33af

SHA256
51927c41b37743ddab28a51b8311752ce7ca42063be34bb13640f5038598dacf

SHA512
40ac52425af25cd23a7dced3d47a724abfe0eec66ae18178e5aaf48a9872ee4de0c6adec635c32fb9a628d2187db5b9b7997a9a61b99753696f099388311d65f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc55482dc1ded5390295fce8aa71500a

SHA1
f9694c2773d029a4ca05f0c8ad091cbc34efbcbe

SHA256
b0ae97734e5650d118c83993973ca90f04836934bfe012e913c0ccaa071483a0

SHA512
7ea505dbf697ab7ff9ea1153c5083429758cd08c185df71b5b9b023d1beaf246f293d7a05c653f8cce3524716c7975d1467b9f845c50fab558e62bc87767301c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9aa7a04b184d4ec6b8d010344dc9449d

SHA1
3fa97e4ee1b4696669dbbaebe1d60470c4ebbc4c

SHA256
a7a7a56d80a7f0f4a945de168904aeae49d47c3681c4bcbfb93eec499c825f66

SHA512
2cb0165856c87413ce640902509f99b5df7122794cf06f324d600156bf1dc9a5bcdf56d913aa4009226ed5cb3123d9b9acd3f4aa19833d84c722e778eef5e123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
aeb482604c9f9b2650eb8a824f77d49e

SHA1
fdc29b7fd45c08983687444332994d4c4aebb7ff

SHA256
a45fea52b787cb25f0a1d6c3d4690851d5a1109c6d1ae55ee1f3c59869477e94

SHA512
5cf9d50ac9946b36c347a1b7e9078bcb2b3d4b3a46a67b2db594ec078dd1d877bbc8d7b062e390e8a2ab559b9ff7d0e4ba104a1a70bf61916fdf9f9e3ad36e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ac020542cbe6e46e6128ba01b7ce3d93

SHA1
891354047c21a4fc436ef0c3ab9a076bf4968c8b

SHA256
23053d99c0dd4e7633754110861c8b5ac8976a0001c333dd6ba8266b34632324

SHA512
ba888605b1268f8e41b9e177056bd9bbf3a817f30ce865f407741f0eab032d79d0663fc292f256c4f0511b95ce4da2cfc23158f4ef0a08e9cdcea8d9ed5de3f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0373ab29cb944bdf0b1e31bc802fedf5

SHA1
bea494b5594c2c480a67c34a8f0b3d8ad339ba09

SHA256
df820a595c7877c89526b916f2e3d083aab2af89e0725e840312fb1708d69570

SHA512
5d8fe422bb1f453f8ce5a8db0544c4832270e48a6e6b6b20164a50965dd439cbf75cb720823e606f105342dbff6acab25b994371b3b80171c6ad5fd56390095a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b574a22171e351c99711aa3b98faca4

SHA1
16ac839bfc406e22dc32cc4adb0d651c606e707e

SHA256
2d2dce84ebf5a89601b66cc724c0a4d1e9d931e8409dd9f7b02bfe972f78822e

SHA512
afedb88d078884e7bfbcfeed7cdbf923c0b9b8da00df7ec762702c9d1c7e1c9ce419889cc8f07e27dd3641c65a157f9ab048c374e0b127aff0da206b91c183b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bd5fe2d5e3873f9b06989b2248b198b0

SHA1
bb825578e346670bdf793d51f6c029c826e205a8

SHA256
6a65a60b32ab6f0b9dedcf9edc230675743a4572ef3d4197e13d564662395f0b

SHA512
6bd561bfebf6b0c62e99babe14a7751ee8dfa603fee1a9493e12c5386c8325537091d310472542a4405b42ce19a6f2c1108c3ed99c2c5fba56237f5049ea7145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e7e7750f6e2ac4824855ef0e90fa3471

SHA1
33980540373d143c06d7ca7a00644d80ec87f0ca

SHA256
ff26d1fd3685fb3714ca30356ae76280e456d11a7f9e35e354605a65350a964b

SHA512
0328ad665d14dc16983f95837fe0678c23317e2c41d16276e0e63a5ca74a1201c85f2c0524d8d569a14161ee6a5cc652475f6f5fd92a55c163a31df27c479e27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25169d4beb4e66e34b3fe1d783b28561

SHA1
e1370f80d2781dd79dffa1ccb553b6db719a9eef

SHA256
769e7d5fd542302887e7d04264a7e0360382e5323f7f1cb689c77d595938dd55

SHA512
bf2c28111f418abfc247f6c2a377500cd169ec93f60b7e2535a0d0c46c19d73e437f2d5d8555ff2cdd96b4f6ebecff9080d8446f02f49ae73c8fbc13ca27477a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
da773315f8e93091c03a7811d30bee92

SHA1
396855fa51de5650c6d0703b16d4b8df1be75d81

SHA256
8ae883fa750f1387c3f3512a94fc6b671dbb55d2f7ec01fab37ff48f45fd2141

SHA512
bdf52e8b79fd6ae02e5ed77b96ae0c456886c5d54017765a4b20928a57eb1bcc37d0dffbad41505cad20ba84edfdd5355e99c6c8914af716bb3c1570bf0274ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
82B

MD5
9c12ec41b948e46a5108b7dbfaf1d16c

SHA1
860c5126809bae1950aa06800c5c1bcdf05f6c53

SHA256
34291f16a0ca09f3129132c388fbf0d909778432ae92059c6d85f77a622dc004

SHA512
a93099ce7e7896b91fe111c44df3beece4828d40705f08f403c63502cf778822f276a3d40f01bee3433b8b1de32cfeef9c8b445bfcfaf56befae6b3ec43f463c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe67fe86.TMP

Filesize
146B

MD5
ac0d5f14265e9fbd308d202d90424364

SHA1
f98a6fbb61556a2cbb2374360ce90f1fb751eb55

SHA256
bcd2a10b4a8459eeee5cc00defc2675357a0a4f7bb22f6e501f1f17c005a04fe

SHA512
2fec528fac563e993a8b737549dc6b892d8f1923e98371a4059c9020c518ebd43ac44b24f2759a2d1ba6f1a0180499ea153b7900811cb84df29e515704febf63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
189KB

MD5
26bb993489fbe5d5fc5f69f6992624d5

SHA1
e36e262bb28b306065e6424d951cb6a562280d1f

SHA256
1dc74cc3e7f789807aadd4c0dbec5d549d2b2de27f12f9f48e6e6f536fda1f58

SHA512
02f713e315cce72a53e9a473acb9b88ff327f11b8bcc9919b8e9b5a2eda221ac991c7feb8ec889cd197e9a3f6ad6f0d14c9af55ba1c03b508d0af124467bf800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
189KB

MD5
68d601115e14b712fded0ef868c560ab

SHA1
f2c2407db5fdab8bba7d81a96bc1c270af695b6f

SHA256
590ce943dfc6a0cf834224c326cd28d98be4862e957fc31a2a39660fea3489b2

SHA512
ac24294675cc4f0414446495eeeeee8bc77c713a3a3aff80b957b31f2fe1fb8154a0bfe675a6d2f3db1e8800882c2bc6976e3f67c6330be048946dde787c61fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
db41b1c6589a013f329ee1c9fc57daf0

SHA1
97fbd0563a9530b1c12167e239d0974734308796

SHA256
39fde00287beb22e5448535f4723a646b799fc50d9087c59cf7ee6c21800e931

SHA512
5efb919118182f3274378b47fb9bba3b1b3b8d81185dbd1bb5b0633553b012abe16934e9011557b402187063638ea250e799662d1df6d486d2bd8a3062046437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
189KB

MD5
7715bc1c77b2aac715df4603ca1edbfb

SHA1
ee7ff9ead908f7540005044e5f3d016750e90b32

SHA256
cb5edb3cdb64d4ae3c2540befcb85011cd2962aaeae355ba513fcb86a0ab4a69

SHA512
eda1446bc389b6b379c7a7293b985b7d258ab56fa9dfcaa5f70b299f3e05c668c963cf64a83a4ab2b8f35bb3d562103946bb392215f10760125260c0c131bf8a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
1015d2fd919a3b62e193194c7bfafbef

SHA1
f7f3314dd817edcee90f87491f74825b197f476b

SHA256
990002e556b74d16e89d7f6c8be6ac5870e9be8b904ec52e87d92631fa09467b

SHA512
ffc7702179fb30851f4646f26a53e87c0215e320e117901c726a6294bf428540134e1fd14fce37a0b430e8379b4c56d6f57b582efff5654e2ed4624453762bea

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
710bfbb3733035e8ef5cc41f17e6ca18

SHA1
f8f6b808c86e76167597a40bf364e92e0adcf195

SHA256
92a6dab02ff468c00c1d32b27a27f241b223ea1974238adb24c015d0527e4c13

SHA512
71414895a7e2f543197003ea16e0e8c94e6a203e32874d81332ccf5fba775f18963575991bc03d373238e59761a535d8b00b64ce4b4c6038be3bc458a15f8e18

Download Submit
C:\Users\Admin\Downloads\NoEscape.zip

Filesize
616KB

MD5
ef4fdf65fc90bfda8d1d2ae6d20aff60

SHA1
9431227836440c78f12bfb2cb3247d59f4d4640b

SHA256
47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

SHA512
6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

Download Submit
C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Public\Desktop\᪏▴⟱╠ઙஹ❼სॄⅫ⬟ᾟݕᙏᵡᔝ⭌ⅵゆሦ

Filesize
666B

MD5
e49f0a8effa6380b4518a8064f6d240b

SHA1
ba62ffe370e186b7f980922067ac68613521bd51

SHA256
8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

SHA512
de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

Download Submit
memory/5676-751-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/5676-929-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads