hxxp://google[.]com

Analysis

max time kernel
420s
max time network
423s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13-08-2024 15:24

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

discovery evasion persistence ransomware trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe"	NoEscape.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	NoEscape.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	NoEscape.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	NoEscape.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	NoEscape.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png"	NoEscape.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\winnt32.exe	NoEscape.exe
File opened for modification	C:\Windows\winnt32.exe	NoEscape.exe
File created	C:\Windows\winnt32.exe\:Zone.Identifier:$DATA	NoEscape.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NoEscape.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "244"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680363459343096"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Windows\winnt32.exe\:Zone.Identifier:$DATA	NoEscape.exe
File opened for modification	C:\Users\Admin\Downloads\NoEscape.exe-Download-main.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe
3756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe
Token: SeShutdownPrivilege	3532	chrome.exe
Token: SeCreatePagefilePrivilege	3532	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2544	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 2144	3532	chrome.exe	78
PID 3532 wrote to memory of 2144	3532	chrome.exe	78
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 3840	3532	chrome.exe	79
PID 3532 wrote to memory of 984	3532	chrome.exe	80
PID 3532 wrote to memory of 984	3532	chrome.exe	80
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81
PID 3532 wrote to memory of 3188	3532	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef946cc40,0x7ffef946cc4c,0x7ffef946cc58
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1380,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2984,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3004 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2988,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4568,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4340 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4400,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4800,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4612,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5328,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=740 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4936,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=2948,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5588,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5248,i,5058363723249698037,2049014078669409438,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  - NTFS ADS
  PID:196

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3744

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E0
1⤵
PID:2976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe-Download-main.zip\NoEscape.exe-Download-main\NoEscape.exe\NoEscape.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe-Download-main.zip\NoEscape.exe-Download-main\NoEscape.exe\NoEscape.exe"
1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- NTFS ADS
PID:2596

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a2f855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e8f4a47969e3e06addd4afc2c631157c

SHA1
a432ec685b33ea68c7cd54a21dff6e4793d92e57

SHA256
68487af93d2d17efc742c3635294cebb74c7d2f3c3c846ca637fe3c06a8d3314

SHA512
4a6002af7fd53282b53a6848e44fecce0fe1af794f503dd5a4f9210c92c27324bbc88190c9b45034897b620d66c09fa964b22309777494f87c76d65b46132f97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
575KB

MD5
d6ab59176f7eaf31c79b78e59703855b

SHA1
b0c017c0abfc80de5616155b6d585d642fa3e9e2

SHA256
357a5d0ef0b30e2970d1cd41588c5bf268f516494bba56e64576897e84641ab1

SHA512
3608ca5013a404c6aa4242ccd3d58705f7780d00590b64da97c5a752672f6e4f024cef7415721c22d817f72c8ef7dc540462b08ba9c94715461a1b5300eab454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
13.5MB

MD5
6da84fd648c8811cc112f4fffe20a24d

SHA1
ba4f8d7fb51ee0a31b068cca51d5e5388c4b081b

SHA256
7b55dfab141eb69abbe47267e396fe8ee6bc4054fc8d4a5d91049b950c7d84aa

SHA512
0ba4c4379b77b465aa13af7ec295a9e7cc1421cff76e735890f46228af2f500202f879468322ad59b6d6ab06710828536ffcddee23093adf82498a365fee6bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ce57f71d976efba934b91eeba50ed43c

SHA1
cb35ba9743414e1e3be9c460258dd58b088f9c5a

SHA256
0f4b1475983f7da8ca3d2693910475ed6550644816962d619c6c3a39a7409ace

SHA512
cff5a2e165c37054bb8148497a2458ef9530986e1eb15ea62ccdeb698ac57f1da97b56e3c0784ad28d6b63a529153c83e890130d97b1319762f13b6ff8cd1eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
78db2833dd09fa52ef978f036e76f5b5

SHA1
75803480428487f181f148a840fdd60631f7ed11

SHA256
b324e43e5ff1fd7a72902c3bb77d13adbafaeb40336cfe3d69315e5407b9c920

SHA512
dfb6f9f4574bd7ceef4a67f9872615d45c5b48a5b7f7b40778c1bce0d3b05603361efeeae27671b2b22e1655c3da2fe2d62dc562a71f30c9e4d5428e7e8818fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
f6874008b873efd900c76a784410dccf

SHA1
33785907f91d5b66bc102c7635bb1fe9f01f57b9

SHA256
949f581bd641f09558b7fbc47b529ba25c87767bce40c8c723128a6cae81d0cb

SHA512
acbfcf53cc048151f1c88b622ca0f2aed19909c588efba231fa8c7a94aa54f0f754ba6ff86491da0ecb53683f3c652e8705d4779d655d925e17b2221ff12fbb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
463eaf3fc65463ef8fe05b9b8db41cfe

SHA1
48288b32f68a18743d11170d0464ac57c359a983

SHA256
86c0b17b57e9041b4ae0336bed40fce96b2747e15f494e0e653a1432275c7095

SHA512
cdb4425fc2a44946e40a528b2eed53c5ccbc6d3efd327d7ab2bb42e8253604f950de5e15a3db9d1c1cf088f03279bab7d16514ac5a54c28b835d546c4cf6d570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bed52bd90b1bcdf92814f0532925f04c

SHA1
8554484c42df41b35903fd60d9f5dbfcee36a488

SHA256
f149eeccecb96158f27efcd5ad8f15f267d2d73cdda689d85ab8c1869e3f3724

SHA512
cf537170c3f2ed767caba680659a94f34382e543a720e463c9cd2965624f507b44d61c2d83340821f8f7081931021b51e8fe5b354c9e0f50efff7b4a619c6fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
97aa14f0e8d37ea9bb1a5a42930561c6

SHA1
57d9616da53bb109e53030e2c08593a82f3ab856

SHA256
ea10a69f6da28c0a7305ab20d30cb1820ed62de929003c6deb2752efd0c296fc

SHA512
1117e244766f244814754118e69d99787a14729809770b652a13faea921c664c312910f02f6b0645b3f88ae8748924f2189637270c06b526d498baae06de18fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
b9401fead4b13bc3403f5d7bba89fb22

SHA1
f89651e3e922edd2008b7d5e126d3023f380020c

SHA256
c02ae8b98cbb255684566ff861ebc2fb34c28c7a548a3db5daf3246ba29ca67e

SHA512
7469d5ae857ce34dd188c7f0be668c6c0fc26dcf5bc42f11d67f96c3206e7f624171d1a49c8f0ff8e2d276767a84f9ff65b765005efce0c51cf575e1af783548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a6f6f4360f7e98f303d4e33ce2b231b0

SHA1
aa9078a29e51811dba09c9a6028fa678ab1022cb

SHA256
c36454bb9883a475aaba1ee5a12fc2ad96bd83484bcedcd40e3ec1f2a230bffc

SHA512
bce48d18097c5965d6dcbbcb4b4eaa5f1f4900d8ae114e136f6389e04cdfbbfa3b1a6e75d277cacbc194163bf11503e3f6a78e67a290bae176a6c817b406270d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
985662a6c9016c607145d43149837ca9

SHA1
989029003df50fd4961b3d5b64198100181d9813

SHA256
cf1f0b483b431b735a8c5b012c0589302872920e2ed4c14d5134276482914617

SHA512
6857aec647bd0e88186cac9c4fec10e105dafad4cb3375759b5ed0a8cefcc516ee5a54c1b1fb7d07c6eb8afb42e7f0b30567d7b63b887ed5c08cca74ecf413a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
5a144f40c1adff124ef2563d2eb04beb

SHA1
95dde654b8f5bde36eddf65a84579a46e12fe4f8

SHA256
4b04448e97ae6b7d3c51e2da02727ed16819e2f7127c4dbf9819bf67c5ab9147

SHA512
0b6c74547c60f6b4e283a10da170d5a17da006fa5d99972dd37dca495724551343591b1437cdf3fa3f29c7924e923ece63f2b166d7c1e548f798d3f77634ef0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d01c5863aa62814e14e5a48a08e10e6f

SHA1
92f8e4a7ac24fa88ac405575ae454c2de2feb1a6

SHA256
d6f1270e01f788df0057da6e589c4e94a5c85e5ebafc1ce77e71b418fda2da65

SHA512
cb73295f4c2c5aa2e30b90be2d1d3d94d302401f812466e5fd53f7ab43e2977a356867993f45d14933c7f621650f64639271fd9d69eb7c11d2a567b602a2091c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
26fe17596aeb752a2b71ac983a4e504e

SHA1
4f90b1f20048a333ea6b1be4284947cf1c1b7600

SHA256
f77b2b46f625c6012468c55fd490cfed5a95b276445b6105081916d7f60ef7ef

SHA512
77ebfdc256518a0816b774defa0f561f7354a2ee15d955fc5d0a44c8ce4b75925c5363cac4c01d0bc672c1d20ebecf34738ca286e5ccc302b868f64ac331e5ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
25ea2a433bd7e39e730b245a91b2eba7

SHA1
dbf9827a82e58dfd985af3b4d6b37d394c57fe20

SHA256
d654a9d873df96d487940eecd8a2054e05132e538cace7989d6ab7dcb6c77dcb

SHA512
6e3f7f850d9ee3cbe0ec5ce9c0650f204da30756427726c2e507873d18e6a279415092dbaaf01201fe99206a06c6154761a18f6cb6cd3efe9ed36ee9fea71aef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a16ff74b67433433b2ed17c71ac1b09e

SHA1
39ee0d2b63c346fbf82073de39a89d4b5dc5f007

SHA256
0333cb5f46daf3d98bf0b478ccc23724abf82222ffaf62cab9258bd8f1c5bdaa

SHA512
e66cc7d6d47e827c0ea5149cb30db9c634ba87bead9967169d2f5f50de3a1be04da4ddc09b7d4496103ea1c5aab108c5930798001ff498d05cf0f48956a8bfa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1f68e7e82ca0169a50e2c32fd1fbb5ae

SHA1
8194a7e3abc09e47b4d494979d1571f5d2fa1070

SHA256
d454387abb76a48c77bf8890f465bfd87cd96accbb57c5d0d5188363efef2c1f

SHA512
696ef25d54a0157a775561ba8bea02da6e9c56fb59a377c27dec90117ca62128a656fe737a06e2849e7722a389a30c198d588b7196fa673f8aa253efc183b0ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c44a9febf5d7eecfd97f05dc43cdf6a

SHA1
fdcc2e52bbc99710f076dff7c0ee92c3825589f9

SHA256
427000cd64f85a81ebc4807c601bf2656978533686dbe7b5de01451818fe854e

SHA512
a2dd95d037b6acd137b19631f57d5b63d8cd8db08ceffdd808678e939746a267d50a94377d84e5a53de4ee02113e2e494db87a8f534f5b91038ef79f2097daff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
71ba7499e7f5e9f1fa33264032526e6f

SHA1
edacc4b4e987a19cda369035431c8e51027f54f0

SHA256
44d747c7eae68f44dd4042de4ec5b969cc33a273ce62a899b39b7a908000b197

SHA512
27a7a5911504d71d39e3bb8a7ae05e83daca8786b0a4c2e47dffe18db84fc00dbc602a20f59cce9d3a911a8ed86f4562c0b084f894a1adb0857dcdc858256c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
839dc9c950302f80a8f6f4e987073a0d

SHA1
b011a493cc93399df74b213a1285aac670502b1e

SHA256
683891f164a54f3f6d9c621db6a59219fa6712fd495c99eb7a5ff773c3b0e466

SHA512
57b0993735760221d2ab4df063bc02a8a54508ae23d082b169c22d78309be4808a17f32b86146517e85c72f4f8ee0f6e271f59b95fbc53dbf773672bf6c04c95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1538ce994531734f4fb678af5d66cfad

SHA1
e29bf55fd11e6face12187a144057eaf6385113e

SHA256
ac4a4fe78ac8402cfee680958ce1118f94918c7decf5e6647a9c5ecd5b61ad7a

SHA512
e7dd6f389714b1c2af250bc83d22da5283d93350e9d8ad2a9ab0bed6f74cfaf008a540bb0eba9810ed1511abc3151b216ccff18fe3e898d716e5ffb11a3ca2f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8377b8c84fdad087c3c3e081080e23eb

SHA1
d1773a6250fbb3a6bfdbd26926dd1024d5904d3b

SHA256
d16bbec834f13abc0d33edb98d2b713f2c8ca624f5242061e0d7b52e16a60e5c

SHA512
a40fa79c292a80145daa38dd75c77405f24ad9b81f58ef84c4e08ddc1e837e6b4a7231baa1030699bb0a3b2e0b743c76c164eb2a100bd5656515fa420f38e036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a912c8b28c48cf36a1f43b1aaa576de2

SHA1
237caba2dd367ce8f2d3c4b9fb3a071061ee7442

SHA256
80a933c0768456da8495da80e13260e7ef9b4a4b99d88f7e10f88fcf0f3d5a03

SHA512
8518b0394bd07b4c6abc6166ad338a3efdea4e7459a1647e8e7f3d6b0f00c372426f2b2e23fc55f8a935bfe2efd4097e6748879c7192e5b8ba77af303dfbd198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d1766040bca6a47d4244e91a28f85b53

SHA1
42cb43e65bdf415781b396f3d1085e51577d4c59

SHA256
506026dd3e979dde2f28efead4293d89344c41d163039aa88b267254f77f2263

SHA512
9132a3a0dd6a4f7cbd1d4cb17ffccff1561319f848e53cc19a3c294f161b88ae632955f722348b9a96b5457dcf12e694e2ec33031fadf65e77ee16cb87cc2160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
643f674fd333c2dfbc0cd6e364062bd5

SHA1
7a36a60d2c39bd6dff6eb8798f12a2e7dee787fd

SHA256
a9ba25e58b42c6876869cf7c1337b96e5844c3d8a369f86366215c45e2649917

SHA512
4b057c826f070b1c1318778590596cd22c44ca87257a11d75407f75192549d53bb7664d2685043f53eb575b27fff46b428b1e942f121785cc2c3baab1e67153c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8cb79e708c314f428e9810a251a93577

SHA1
c560113ffc1229b32789d37ff0f0229a91fc9d16

SHA256
4f13730615826b8cb4f79819420cfe64a3e29206a9a51c2aa36f12bab65cf328

SHA512
a7b851f3c76f1bcd8ec9bc014abd72b16c60d518fda35d5d58ec9fd335f0ebfc29910c28acbc16e18fc4be7a73eccd461dcbfc072df773ec986bc115dc0fd248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
19839504ce95f21bf7a4f76ed39d47f9

SHA1
bacd3dfa314f2bd84e819eeae4695770761aaa18

SHA256
c6c7d98aa716dfec661c4fec6a30006285a6aa2d139267b584b7f9782c37ae0f

SHA512
270fad72928eead994a717083c4d537b34f8fe1a6d1c3f82d13371e1c37e7d6d1b105527db55165e45f753fc84c4aaa6deb4fd1bfec52c2216257c9f8163c0f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
029af062a9cf18bbd549fc4fa71c30a3

SHA1
1e7527669c8e03cc7a5b05fccffd58ab1abe7202

SHA256
1d6138ae9eaec0860a3d4f514686a6525eb4ab764d1e4c4dc767e370696f3784

SHA512
643766d0e48d495c67e145108d37d7ed9d094a9ab340285b1f7371908bb286db8cf864c511fed6b9863574f39244b169e201726c7d4acefa3be3c551675d00a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b934cd085ff0dbbf253914cc1703387f

SHA1
9f05e40f0299ab811d9547008dafdd3def8a19ce

SHA256
c170122eff13bd8febed18d6a31861301ce04e936935af867b404d1b5ed74970

SHA512
138297de6a606b06925d7d5c7d9eae648958cacc63d8f6055bd91b603b183afc8797ff7ddc0bca2e633899aa0ac59d82312126a56d55e3ab83028c6265132866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
572e21fbfee38783347200f4499dbe19

SHA1
a3c35e00a7f37e78122db41549f67649b5c74975

SHA256
a1c877e49bc52fed1388bbfb13f846afadcddff99b336d7ff6c7de8037c71439

SHA512
183de0ad18f27587e8eb0230eee47f272c68aa02dc743de27d1ca024b59e003e7115e8238245081b47e5010b22fbf7d4425ae75d9dc5292aec7bd1b44aff99f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3bb4b97061341e2909ab5d4489690132

SHA1
f2222f300482309623026632dd4312e88979cd0a

SHA256
6f5b2cc91815daec6eed7be5f9db84da8c988df1351853f583a3f3f977528a2e

SHA512
5ad1a1efdc5225a20037205fb894aa6a074316610a1c28d5c9cb95ea021888e4bd2c84cd2423b55c47dca74c7cfe6ed0ffbf8f144790b66f05897d16d15e6fa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5cb90e1653cb2af4ef8a0eab29d9a175

SHA1
f7cb56ab3a8828414d541995a4127d6b10fe1e33

SHA256
1ed0a6b0b252fcea593d455ac994137e259e89f4000cc5cf6f6cf4f047978c36

SHA512
08b1b223abf182cbadd50a43f8d1361ca01a7082238fbfa552fa7144a715dfaa6744ecfc140787a1a3f37da2fad2951288b8e995467407b866ebe30adad5e29b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c637ae4b89d3fadc187de8332c86f644

SHA1
cd99165d63c7594c0db7306a52b80b63efdd0790

SHA256
e622e6a6a1a11b8a83ffa7d5c3819691077bfbfc3439d2bb391c308ef5c496ec

SHA512
16eff4b35a709cbfbb06c1c2fd6d881fa604728a4fc615c73160eebf8001880f2188eafb17f79810932acc61dbd1332d5972faf2ab985c4d1b3850687f68fdf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
150b7e29009356d5383222fc4f69e278

SHA1
b047cb3004e27a457cc47222c91e7971efcf6fd6

SHA256
6ff4afa083cb2bf862b36328e08abd5763dddbd65e6358fc72640d202c381616

SHA512
b733e38cdc6a659375b15a64a470a6387733f6188e3d651abceaecfa8b17f0b68f92419d2a27ea878c886c9c2d1a77a9dabd872b2fd4618ad863d4c276a4d185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
90d980de9c220dd96664a74c3c3589d4

SHA1
c689fae403bd028161a6de30a2228876a2c350d7

SHA256
a29ef2bb9f0b2793f5b325ecfe86e59c40550c80d137d6112544e85cf0122562

SHA512
c21a042e1c66a2e4ee60ea41d5735312587f663687a6280579d1afb7b2eece5a35b22583245bdd6b3ca5bc5ae815979a918ed947229ccf031dd2e02e6bcbe7c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
65b4abd358246ee37bdfeaf54daee4a4

SHA1
12f16b9f1c87b946431c705e4101f44203dc4d74

SHA256
b72f095614c03cf606bbf2f3ccb4508911c8462f38da37f0ddd5ba48334c02fd

SHA512
c94c64eb1972ebddf81fbb0face3f641bf3b846c3dd120b0e8402f9b654ef377e623582d37316884359329dfcf0f8995cec03843ea45967855b973be8bf61348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
764d2cb895ccdbcb18170e7dd49b353c

SHA1
6e73c348351532429e8a76b9a82bd0efa5937498

SHA256
255bf60e82187762ab896921f3dc8928c1abe2ccf91cb1209a008520ad1659d7

SHA512
c12fb614ea82e33b00c41ba3362fead9329b2b25cfea2a955ab2851fbb7ac687d9622e27a789fd29ba44fd6e3571ca58298cc55c86f0833c4dff8a559dd356f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ef1b3325651c7c0fca2e912a8845c82d

SHA1
35dc37e0e0246f84a96a04fb2f65b8967d86953d

SHA256
e604440b6df8d61026bbb9215de981450b2853c3f37c0ba9d64c636a280ef67a

SHA512
ef6c03edba43754a6a3d460426621b532728848cfacc2ffe47c47ddd38137476c5a4ef5761ade074c490f9173efe5c1f3fd65eccc2d9cf784a8ff15f7dc87310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
87d55178589c5d94ff94b4ccb1c1d255

SHA1
b5e66082d55475ed358195067098ce4e93525b85

SHA256
edc7fb3f4f738c531b40711561f2579f14bd91a10cabfa270e4f34ca6a628f50

SHA512
f57e68134902c28a79a6df45ddf3331e5e0e31d8b5b9400ffdeb47726945ba59119243b76b8e5048bfec1f3044e7e3ef2188d21964092061d621368d439eade4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cb03b7bff84a75b9e14fe44003a95e48

SHA1
399ea0b97c3eff5fd75a4292a3ca97686693341c

SHA256
750445115cf838bc66e040ba3d93f7200e5325d9e8d5cdc6b661d13765bf55bc

SHA512
85cc64e3c1565218804e67f29d5fa8e308daa6653818c894bb88cef2862db0e923f050158b6bda0663e078dd86f80a5d16229752b8a99684546bac6e4852e791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fd14177aa65330a140402c27434e8ac2

SHA1
acdf9e8819ffc216b2b74af4e8492ed359864da3

SHA256
e420bcdfedbb8f0e314315ec5f63fef40a0cdb983baa32c7178af22c389f90a2

SHA512
6efb54ea4d526280c3621dc6ed6f6820566f23d1651b4f1357605bb1923fbc5f06319a01b040eb49fcf85b2b2892bdd80779b595d9082aa0237751a88b6cd53d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b6ec78b040feb39eb3b7689f5c03ab5c

SHA1
dae4f041a7cd0ff5d9210ea868bf1fc7cea88c6d

SHA256
508a09d41328324600546592243883c81dfbf043a70d6628c60ab817e1cef3f7

SHA512
3a70d386740e795a7182f9831c84ee490efb5e52a469609da0eb18ab0aaa5a16dab4d6b7f4aba20787138e3f934aefa0937d250f30caba4abd45524f8216332c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e3cff722b743457dc37e8152e076f9ad

SHA1
1e26c53b04510c3d58112ac47cdd0d98f6007504

SHA256
7a7c88535163641b0c3fc895bb1cd498cea2a89ea7881112225aef901d5503c1

SHA512
a78bb3dd85d9e7396475c6f64379681cd83741869bd91aa369539a564445a2def9b432b6865e5a30e0fc41876e4cf03891bd016b85e919032cdb5b04283c0665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
7186163bbe15f7a7fc232cf9405ee7be

SHA1
8e180bf80d5a34a24d37487dfaf20dbe9e9e0fd6

SHA256
44cf8a194db1ea455ce352afca117666245107e3c03d909a7b3ccf725c87e01e

SHA512
fb6f4c00ca4161cdf7cf613b6becb3d4c39dd72e172a1e9fb466ae506028b61ef61f411426fbd40c68f4efe2bd56cacb9ac6fd241a4ce81cf56f3b9c470f6909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
a6e3a2c3fa346f2b62dda6303bb4d8c9

SHA1
244281e1b10f2dd37e7e02af64a7a3b22aec35c1

SHA256
a69a43358a772adb7a0b9c71e4ae4d5a27fa960b70c077fcd0797d03be10ebef

SHA512
7b8f8e6af28af9550a88d52a885821332101945ac42ad84d11c6a3f616d44150eff91890c1a0fa7e05dc4822e444131a7b29166a16d57d71f75b0b6a104e686d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
8da492c581865e37d6b702f5ecd8fedd

SHA1
de63f26ae058ed9b6e4dd10ba0fda9193ae02861

SHA256
383fb44cc315e8d616e6feda76fd9f1037707e1d183fb82943c72b02de9694a3

SHA512
787aedffd274ca1f0e066e2255ddd0fa1bea26a0d8c2ee1c5c2d9530c3eda49e52391288aa81e04786cb1b2d86f3a35afdc769e67de4dd9612e95d97ec7f0aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
14aaa5c23a9d81131b865baa20d79c8c

SHA1
17cfb4968ea32f5d0cd527a3ba520becb3f8c758

SHA256
11ab6197ef7f42005dbc1dcb2f068f6aba6584583c98a9cca9611a2024baa5d1

SHA512
d33af8e2a447001fd0c28d0355a2c3366eade09f77be9070c2ad3931d87e068aae0d36c385cd9530fdaaeb767a41386e57e839193916f76efbda29182009843a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
2c70e3570efab79e496200b79cf11488

SHA1
d6084ce0b1be36399511d8bf3d2693e6133ed4db

SHA256
57c8bdb73941a41c534e5eda6df15ae8c886c56910a190b2821c39563b932f13

SHA512
1e9a80296b0513d230d18453fb4ce76d7a6815e4982658a7e691a0728508e12bf689c9a646990a7af99689375618f4218b575b740735db4b4c4a0b7756bcee45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
b6d2e46bea63e5d25c8f0ad3f191c9d0

SHA1
4cee88cb98b7f3ab60d8af251c4de8a76dc6a252

SHA256
0f6e202abf0973b374b29f515825d59a4c7626eb8a23910e0f69d6d9001b2167

SHA512
a09257b3a468fc0c44eba1305655b85cfd69e21a9cb7032d68ab65255e1e5ccf71bc6002ad8837fd6fbad2889cca368ddc956cd04686eb74f906de3bc74cac47

Download Submit
C:\Users\Admin\Downloads\NoEscape.exe-Download-main.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Public\Desktop\⇻ℾ࿕ܘῼీநㄬዋᾚᕕكⳲධཁ઴⼺ೖ⇅⟷▚

Filesize
666B

MD5
e49f0a8effa6380b4518a8064f6d240b

SHA1
ba62ffe370e186b7f980922067ac68613521bd51

SHA256
8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

SHA512
de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

Download Submit
memory/2596-983-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/2596-984-0x00000000005C6000-0x00000000005C7000-memory.dmp

Filesize
4KB

Download
memory/2596-1171-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads