Resubmissions

04/11/2024, 20:55

241104-zqy11sxbqe 8

04/11/2024, 20:52

241104-znv7caxbmc 10

04/11/2024, 20:32

241104-zbrcmaxclp 8

04/11/2024, 20:28

241104-y9ek2swgrf 8

Analysis

  • max time kernel
    73s
  • max time network
    76s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04/11/2024, 20:52

Errors

Reason
Machine shutdown

General

  • Target

    sample.js

  • Size

    66KB

  • MD5

    cd1b57f91a68cc5b241ca6b07499aa0f

  • SHA1

    868e51ad2a98642c5a91d2f0b4d65cd6bf8f97f3

  • SHA256

    7909ad298eba1b0e68c4e7a905563960e39bf5fdc324663e91dc9bf1af7e4565

  • SHA512

    c61b85472831fc0e115f75106d8fba08d83be592e7e9ec567eacd45c146fe9e1d35c5d970642687dcff9f6452098ab13eb952057e42c79865c8e72138fc3d8f4

  • SSDEEP

    1536:a69UFLCCwNieu/behNFZuSuWtWWxnqio1HSEpqc2SkASNWjII6ZsnJVrYa5vfu6c:l9UFLhwskqio1HSEpqc2SkASNWjII6Zx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • UAC bypass 3 TTPs 1 IoCs
  • Disables RegEdit via registry modification 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Command and Scripting Interpreter: JavaScript 1 TTPs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
    1⤵
      PID:3988
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4308
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe859ecc40,0x7ffe859ecc4c,0x7ffe859ecc58
        2⤵
          PID:5112
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1740 /prefetch:2
          2⤵
            PID:2796
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2004,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2012 /prefetch:3
            2⤵
              PID:3144
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
              2⤵
                PID:3256
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:1
                2⤵
                  PID:4600
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
                  2⤵
                    PID:2204
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:1
                    2⤵
                      PID:2312
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4600,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:8
                      2⤵
                        PID:1372
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
                        2⤵
                          PID:4800
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4980,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
                          2⤵
                            PID:3848
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:8
                            2⤵
                              PID:4220
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
                              2⤵
                                PID:4740
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4620,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4316 /prefetch:8
                                2⤵
                                  PID:3744
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4380 /prefetch:8
                                  2⤵
                                    PID:3804
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5200 /prefetch:8
                                    2⤵
                                      PID:4392
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4872,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:2
                                      2⤵
                                        PID:4220
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4608,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5304 /prefetch:1
                                        2⤵
                                          PID:4712
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3452,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3496 /prefetch:1
                                          2⤵
                                            PID:564
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4660,i,17386408840134835930,15139774415663737757,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5756 /prefetch:8
                                            2⤵
                                            • NTFS ADS
                                            PID:3984
                                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                          1⤵
                                            PID:2680
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                            1⤵
                                              PID:1948
                                            • C:\Windows\System32\rundll32.exe
                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                              1⤵
                                                PID:4848
                                              • C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe
                                                "C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe"
                                                1⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:2504
                                                • C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe
                                                  "C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\vc_redist.x86.exe" -burn.unelevated BurnPipe.{C364E760-A41D-4682-8FFA-859190111C7C} {81B18B37-AF50-407D-B341-790EB66A55D9} 2504
                                                  2⤵
                                                  • Loads dropped DLL
                                                  • System Location Discovery: System Language Discovery
                                                  PID:4192
                                              • C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe
                                                "C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"
                                                1⤵
                                                • Modifies WinLogon for persistence
                                                • UAC bypass
                                                • Disables RegEdit via registry modification
                                                • Drops desktop.ini file(s)
                                                • Sets desktop wallpaper using registry
                                                • Drops file in Windows directory
                                                • System Location Discovery: System Language Discovery
                                                • NTFS ADS
                                                PID:5048
                                              • C:\Windows\system32\LogonUI.exe
                                                "LogonUI.exe" /flags:0x4 /state0:0xa3943855 /state1:0x41c64e6d
                                                1⤵
                                                • Modifies data under HKEY_USERS
                                                • Suspicious use of SetWindowsHookEx
                                                PID:2720

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                Filesize

                                                649B

                                                MD5

                                                616297f788f0baa15a00ca6e330685a9

                                                SHA1

                                                d4c4f34e3c75825fcf8bebcecd5686fa03933029

                                                SHA256

                                                c5ed965063a5cbf03fece472b55eb8c9e17a3f66758d1dfb4e261b191e891377

                                                SHA512

                                                1b0364aae02bea2d5331aa5767ab405ec4b1e862b3cb10ac1540e1b01896375efe97a896e06b60de221a09c78dec31c1ce57afa0271ce0b08514856843098162

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                2KB

                                                MD5

                                                994875b778cbd08dd948fef29157d722

                                                SHA1

                                                4d6006f34d01f9e88b5dd23025cde12af0f8905d

                                                SHA256

                                                ff91f86cf01e59cb0fac75ef1d52f93e878782ec9614b07e1758f29d57a33978

                                                SHA512

                                                219121521b771e35e36fb8b79f5da2c45f0457833793205716f3d523e67ecbc8d8706edeea7f7f03b239732e16845e80930767e3ce5ed18b0a1791b89ac0d13e

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

                                                Filesize

                                                851B

                                                MD5

                                                07ffbe5f24ca348723ff8c6c488abfb8

                                                SHA1

                                                6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                SHA256

                                                6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                SHA512

                                                7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

                                                Filesize

                                                854B

                                                MD5

                                                4ec1df2da46182103d2ffc3b92d20ca5

                                                SHA1

                                                fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                SHA256

                                                6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                SHA512

                                                939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                Filesize

                                                2B

                                                MD5

                                                d751713988987e9331980363e24189ce

                                                SHA1

                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                SHA256

                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                SHA512

                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                ae0e974c467856791120bc5fc597475b

                                                SHA1

                                                9c0e210bdd4ffb6f7b5a56814071c1ca60019d02

                                                SHA256

                                                234a6204d6334829b48f01ad56619436e264c519d05012e286484016fd53e003

                                                SHA512

                                                a2d5e3c67f13e98d1a475a270dab25449e0383ce2fbf92f4c524b8f3337da8428ceb1556dbb3b62fa97d6328e466bc4cb5467696091b3ecdb9aa366e4c32c5ff

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                b98ec9ff75a1880e32b5a00574df9db4

                                                SHA1

                                                94eadf999e0e4b9faa2fd038a8372e630d5ddee2

                                                SHA256

                                                4a66d400b1435be38c7ecb68abd28ee85c3cd5034c665af54911d261ffe75756

                                                SHA512

                                                25dc13c08e02057adfa89925a1b5c7cccc4556e0220f904b2734fd7aad1326e34ffa4496e7f3821aae78a89a054f7d8efc6702837b61dd18114cf517cfffadf8

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                1KB

                                                MD5

                                                d8490024d4f5023f9dd654663e73794f

                                                SHA1

                                                5cb5da396733b02605307204e24d65dbf318f76e

                                                SHA256

                                                ab8b713db13bdfca8a66185112247d885b3176f10574785f278a18b36e90624f

                                                SHA512

                                                15881d143eaebef009d67d96d461b71860ad79a4d38e309481aa7d49acdefd7f62bcc1f08ca3367f59ebc116dbd4810071899a3dacdcd269ea44ee408710cc53

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                356B

                                                MD5

                                                50dda1b95e702d7503eb4575562814bf

                                                SHA1

                                                704f53a61804ea4632c74861ee9a14d241af0d3e

                                                SHA256

                                                fdaf4f8a9d25282c441e1e129d0247c9739273a9fd7d7448b016e8148cf4fc65

                                                SHA512

                                                274dfd39968f2238de2c7cb13a40bb2d19e1234886d38de50566ae781baae58e80a0a60605c6fae8e60b88af43cb7d7ab2f04542b3eeba7816726ad262681835

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                10KB

                                                MD5

                                                1974ea49574cd9167bc1b87532741d71

                                                SHA1

                                                ce1a8e958886c4783cc5a951d4c2c2267621bf09

                                                SHA256

                                                29b93e7d9f1d1315a28ff164fcf64b6722ad0abe5b9e26fff16e446eb093e50e

                                                SHA512

                                                33ffbacce265566c1e62f24bd79c28e324a3474efc466de822590428c20d848e260fe7181a3746eb1354968eebd3efeb9702f4f096b770ef8ed904bdd0ee8242

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                10KB

                                                MD5

                                                331246d0c9570a38637e85b83f31f71b

                                                SHA1

                                                9c37d6abc6eb5533f21b0ec99c92326f760bd8f4

                                                SHA256

                                                3d16a83d494e789a9a58ccaef115f3c517250dffc6ce7c9ef8cfe6612a67239a

                                                SHA512

                                                63e5156a09ee8237b6958b04c516d5496523282bfbf84931891a107a409bc494d51c1174936b3b63dcaac6ab730eb437e4c22f361c6350a38abe430171d77849

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                10KB

                                                MD5

                                                6f8682c1f4a06bf8f3eca989e25b9444

                                                SHA1

                                                b32eebbd6717d8305eb9749b3a3a02f12aa726f9

                                                SHA256

                                                6976e3ddba45c3ad6937085b9fbe9da0183c8470b34da2cf604142af6b4f487b

                                                SHA512

                                                16ba7eba1256836c9d88ae478a286d6cc94cc01858bac7034690e5e415405b588b182f625332ccaabef446dea59f2b7fb0f7f947b82748443aadf5ae407212d7

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                11KB

                                                MD5

                                                d171f2fd8e4d251bce3faa77e716fc5a

                                                SHA1

                                                6e4afd5f6c8b3fcc79f5eb0143cad9bc71cb5a62

                                                SHA256

                                                d63955d19192b12172e227a28469999e66ad780966de33b675181792fc547548

                                                SHA512

                                                f20df3130a355daadcd0e18ebf0aa74da1201b663d7833f8ccf46381fff7af757b91f416232b3a0a369c7d31ea9f3ccde5667fdf94df33a90b71cfac78db0259

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                9KB

                                                MD5

                                                6a10acb63fbfe93a77861a0dc2a5215b

                                                SHA1

                                                dabc1f78ccd3fc1233431c0574bb61170a17a686

                                                SHA256

                                                424d103529601df4c94c51b03dbcfa6bbd120c606ab7996c689e9248baebc0da

                                                SHA512

                                                03a228237d9cc23d527e1f6b9c5a66ff5cb5a291b967c21ef2658d76c08fd936ba9cea6a79864c1610ade897d5af7e90588eeeaea3f7eab42371af6163e0c86c

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                Filesize

                                                15KB

                                                MD5

                                                e5fbc858dcc7c23fa4c207eff187cf89

                                                SHA1

                                                92a0a1b9918282039d1c267b77b890148a4d34e6

                                                SHA256

                                                5ae4f6db1ce4124a5b7308124f54d4c8b3628be3c0f627f35fee5ad6f65d445e

                                                SHA512

                                                131854920a96b4b52674cb68a180aecd79d47b9acefa21f3add9db43a78baca0c2e4f27bbd0600cbd49caa736e250708e8b8922c7b51721d59ffc719bd62c6d8

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                Filesize

                                                72B

                                                MD5

                                                3364422a85f7b4ad985d11654ff23280

                                                SHA1

                                                7b15d51c2d8444eacc676f2d061fac7e7961a7eb

                                                SHA256

                                                5771fd4e923bdf3aa380703586ad97831d5696de03bb4d954ad496d5f28276c5

                                                SHA512

                                                cb691efbdfe4d67899218f06ad94cfd96c3394c192a023cb9e5a706d6da77d1a8d79dcf56e78fe5e66e8c243d1d5dbf45f2b11b423ac87bce2418ddfb50f2585

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                229KB

                                                MD5

                                                4222710dcdb6ec2e94281a648d8d44db

                                                SHA1

                                                65a40e0e32651a81dfd8459825c0621b66840cbe

                                                SHA256

                                                ae3cb8a5d896370cf0019085183881b59868fc19a457049cb2605e36bd928c1f

                                                SHA512

                                                baa51a5e92c7bd1ae04db5582516a69e12716086d1c9818b3404dc38fdd5932f73bee862311e4ee71c4a3371faa33e260a933f9a41877daf914f758dedf1c01c

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                229KB

                                                MD5

                                                3dca1b5e05d7e7a52826316429ccf3e8

                                                SHA1

                                                179e7b267f34b249da7e063f9e91dbd2abc85f9c

                                                SHA256

                                                5baa04c21d59768fab0fc9f969ceb7398c4991111d1f0755ed01a5f837e6e256

                                                SHA512

                                                8787d91490735bd57fb7658c8dc1087edf001b2fe04b16a64a7452d242cc42bce5da39ef9dccbbacd957aea70a85519731767bf9432585aa8096577475a1ccd8

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                229KB

                                                MD5

                                                54c10b91f2c7c1c0a4045abadadf42cb

                                                SHA1

                                                da85df829459661450bc65464f76a5d86e58b28d

                                                SHA256

                                                2d55c249fbc48b42ef8dbce62dca284b9cbacb3f59f92c0b88184beda8d72d12

                                                SHA512

                                                95a5617cef3b0f85d978dba9fb300d794695fe5600d81c46d2843700abc3493f399ae5283ac14da3d779e82a358d04ad7afc09fd73cdcd5a18395ad6353df65e

                                              • C:\Users\Admin\AppData\Local\Temp\scoped_dir4308_559323521\CRX_INSTALL\_locales\en_CA\messages.json

                                                Filesize

                                                711B

                                                MD5

                                                558659936250e03cc14b60ebf648aa09

                                                SHA1

                                                32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                SHA256

                                                2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                SHA512

                                                1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                              • C:\Users\Admin\AppData\Local\Temp\scoped_dir4308_559323521\a411b99d-0ebc-4d63-b299-ac8e78c4153e.tmp

                                                Filesize

                                                132KB

                                                MD5

                                                da75bb05d10acc967eecaac040d3d733

                                                SHA1

                                                95c08e067df713af8992db113f7e9aec84f17181

                                                SHA256

                                                33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

                                                SHA512

                                                56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

                                              • C:\Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\logo.png

                                                Filesize

                                                1KB

                                                MD5

                                                d6bd210f227442b3362493d046cea233

                                                SHA1

                                                ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

                                                SHA256

                                                335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

                                                SHA512

                                                464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

                                              • C:\Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\wixstdba.dll

                                                Filesize

                                                118KB

                                                MD5

                                                4d20a950a3571d11236482754b4a8e76

                                                SHA1

                                                e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

                                                SHA256

                                                a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

                                                SHA512

                                                8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

                                              • C:\Users\Admin\Downloads\NoEscape.exe.zip.crdownload

                                                Filesize

                                                13.5MB

                                                MD5

                                                660708319a500f1865fa9d2fadfa712d

                                                SHA1

                                                b2ae3aef17095ab26410e0f1792a379a4a2966f8

                                                SHA256

                                                542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c

                                                SHA512

                                                18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517

                                              • C:\Users\Admin\Downloads\NoEscape.exe.zip:Zone.Identifier

                                                Filesize

                                                26B

                                                MD5

                                                fbccf14d504b7b2dbcb5a5bda75bd93b

                                                SHA1

                                                d59fc84cdd5217c6cf74785703655f78da6b582b

                                                SHA256

                                                eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                SHA512

                                                aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                              • C:\Users\Public\Desktop\ᦷങ⧥⭫⺚໎⣂ቴᨉ┗׫ⱂ᤻ᛴᇭቝ⢅ᮙ┐ሕࡗ༡ᣃ༕ᇷർ⋼Ⱙ

                                                Filesize

                                                666B

                                                MD5

                                                e49f0a8effa6380b4518a8064f6d240b

                                                SHA1

                                                ba62ffe370e186b7f980922067ac68613521bd51

                                                SHA256

                                                8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

                                                SHA512

                                                de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

                                              • memory/5048-770-0x0000000000400000-0x00000000005CC000-memory.dmp

                                                Filesize

                                                1.8MB

                                              • memory/5048-948-0x0000000000400000-0x00000000005CC000-memory.dmp

                                                Filesize

                                                1.8MB