eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744

Analysis

max time kernel
414s
max time network
416s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 19:13

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

zbxl.zip
Size

43.8MB
MD5

da596c5fa1bfe53dc6ef777e810c2e7d
SHA1

dc756fddd264eaadcc0c8e8576d11259bbe1c150
SHA256

eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744
SHA512

bb7a10c4d9decee9687dfba5987939d1f55c3966bd80d06103d4bde6f61df3957d89392ac185b96ac668bc794193319dad33e34dde199df91eb2981e7e5f9fc3
SSDEEP

196608:rAA/coo9ZmMOfGI0QIdgCUlo1JKq5LJ2q82M/nSk827:rAHX9DQGI0Q321tr82MPl

Score

10^/10

discovery evasion persistence ransomware trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe"	NoEscape.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	NoEscape.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	NoEscape.exe

Deletes itself 1 IoCs

pid	Process
1008	NoEscape.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	NoEscape.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	NoEscape.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png"	NoEscape.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\winnt32.exe	NoEscape.exe
File opened for modification	C:\Windows\winnt32.exe	NoEscape.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NoEscape.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133790230418176758"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "59"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe
4972	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2444	7zFM.exe
Token: 35	2444	7zFM.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2444	7zFM.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1376	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 5040	4868	chrome.exe	115
PID 4868 wrote to memory of 5040	4868	chrome.exe	115
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 1328	4868	chrome.exe	116
PID 4868 wrote to memory of 3456	4868	chrome.exe	117
PID 4868 wrote to memory of 3456	4868	chrome.exe	117
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118
PID 4868 wrote to memory of 3744	4868	chrome.exe	118

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\zbxl.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2444

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcd4decc40,0x7ffcd4decc4c,0x7ffcd4decc58
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,8137675571772066477,17687769462264936982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1768,i,8137675571772066477,17687769462264936982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,8137675571772066477,17687769462264936982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,8137675571772066477,17687769462264936982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,8137675571772066477,17687769462264936982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4592,i,8137675571772066477,17687769462264936982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,8137675571772066477,17687769462264936982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,8137675571772066477,17687769462264936982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5032,i,8137675571772066477,17687769462264936982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5180,i,8137675571772066477,17687769462264936982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5216,i,8137675571772066477,17687769462264936982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5288,i,8137675571772066477,17687769462264936982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3520 /prefetch:8
  2⤵
  PID:728

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3820

C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"
1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Deletes itself
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1008

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38f5855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2688

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\90fbe923-ad54-47ad-b215-140a17eae645.tmp

Filesize
9KB

MD5
1f1f62b9fd054d41864942eaac563bf0

SHA1
9bab447b1a3ba2f9fb12aec08f3f2b1328f6b6c7

SHA256
4ff9648cbdb0449554b007f41e5c6fd7e2b6496554f2eca9de7aede6b6034c21

SHA512
d5f653726daa189ffec2880ec312c4b3319cf96f8e10ac105da9940114e25627386cc02af21a777f2fd1411ec093d2e70d6e37ac4292a6933037416c2d9a3869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dcd164e785cdac08fb91a0cfc331b8e0

SHA1
7377a666bd98926805c4de71c2d9d5922ac8b821

SHA256
4baba7f063ba33bdb8959e32facfbab97f9255266f965b58c98d9376fc5ddc3a

SHA512
6e7b3e6f47a09439314812a51701c90e464b0a04c188fc7c4092a0b5c870474d26007c4c090931a309c362451f7c5eba0715ba816dfb139f3938023f7359d43f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
21KB

MD5
3893f7e4485028d0edf9c8d8117afba7

SHA1
b6361c77a12885fb45e7b6c8b10bdffb4fcab954

SHA256
a77da4600a40c2dbde59e5aa836975c9f5e90463a2882d5aa6ffe75add8d8207

SHA512
26a15993f487515e80ae56c716038fb71fe2b33fe1de78bb75adc8e0a4770fb76be3b6e638f8c0f428b52c76eee208a6715efd1eb1282c6de90ee323927ce486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
23KB

MD5
8f0959fec0c80e1ae3e223ba58d67ecf

SHA1
afb2be0d651b32f8ae005905f6545dc61031e32e

SHA256
f43f29456966d4e25cd440c3f590a2a4b6e906e23b53d3ed940ca355eb1ef3cf

SHA512
c192ab4e1e4b3ce4bd7bc27665e74fd60d392b586aed878ee69debefbdae3961fa454d6c63ffae3f8dc166c07eb1dd68316314ae65491f469685af5fe1d2b163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
23KB

MD5
d8321d002388eac2b1aed6dd4ae0239f

SHA1
a88541f8a0ce7a1a78709db825469032884762d8

SHA256
e2a0ffaba6037167b5267c8cbe22377e883b5fce7e49bfeef7342ddd5316c1ae

SHA512
21e2674af4235b8caeb25d060729c0b2585e36df8b8b9facabe7bd36957157ca775ff45b3cf3e599bc873bf5c9d25e199d89c4bb24ff54613d463863e3b4bde8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
25bd86679a9ef5d9c716164999014e95

SHA1
71bd12b12d7586f11940ea68d0f90f5af0a206e6

SHA256
d094511f6da76b763cb20aab0d3f28f821fbe1e63846e72673bd2e82f4974239

SHA512
a3be996faa9a6ca75d708a17d9fcc78e31a197ee96a0d04786426a2818b7bc5026a0960864d5950a8f7faf7b2801304964a935ca247d900b4c3a19b25d04ebb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9a38715140279df742564c65fcac6019

SHA1
ad3ae4b5abe9e64e5c365aaa584a0b587f8695cf

SHA256
874eedff8cbcb9b0c3f3392c38eb4f3b073798dc1166f0050b90dcd8476626a5

SHA512
695cda41345c1ad9a570624dda6458a698a3825239c32e01cc792f40315e35a4a72059a8b50511f251250a162f7b824319181abf148aa7d0b1c699ac9722c179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
1765ba38f6f34d55715065b2a34077d8

SHA1
4501e03379fe502fe9627a90cdfeef0a8a844eef

SHA256
1faf3cd8d239fddb86f3fc3de0c9721f7deb3ea08fd180b159dc62e02610c6ef

SHA512
a9e83bdd38a060ddc0127d3225f0560082e33d53af209997f48234ae3dabb12f7abc6524209a84f637f74c1e149c842f8bbde5e3de33046b3df17b47e19be126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a081b2454401dcc50da1d217649468ce

SHA1
5f42d4225388b37e4fc8a26c71d0b9a28561818f

SHA256
e66ae8a31e06b50facb6b2432ec84602092b6626c85b8b8444ee57377a1eb049

SHA512
68c571fa958b1c1444955a603e6fbf20291b9f75f80f5105798dc69dae3d24f97a9aec33ed531785aae425c91f7543656ff6bdfb9e4a538b24829920c5177feb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
21b1b39422db1ad59ec04a9080322dda

SHA1
b1d27f328299f2ae78caaff4583f0cf713932a06

SHA256
5b5bb0bf633235d6740145bc049920229378f8ec46bdb68711a1457c087e7102

SHA512
35f43d956d98e1f955d3d0dd47b3887ab2f928b83339dd02a1e6a094c484a5b1141b880299242401fadbdebf3ab930c7aff8b2eaa2dfc5bede62875bdeb1d5cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f6e4cd65c669821cb3c078d192e45ff0

SHA1
e22b96fa9a64f75a538b423939ca2288ba15a6a9

SHA256
e5838d2e8a77c5e5d59227d03a9008fcea741129ccb8370721baa647fe4f25c5

SHA512
6d5f0f5ae6d3ca4391735448c50467257d8ae857e749c0a05c9a30171fe937048626bebefa9f360b67cdfc9159738025fa2fa33d6d7390e916c9b18cab415daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d5101665fd8b8c881d30e71461c42f20

SHA1
dea29d2beec923b9bd582bb9da7075db0cec6b3f

SHA256
76c8249c16b73454a9c06847dd7da7504a6aea745ca4f8aacc4464bd79cc3153

SHA512
c7ec6a57d37bfafc6ec8cd20f0840bd7b17dc4ebf7dd599b6b4bcca3509005bd3e6db9f647ae1dd67a86f2bd358e9932916b793a752c61ab3df6a95e2d78f5b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ba7785be31295ea9a89c5b517360551e

SHA1
55cb1318a6bba62fb14bc7e15dfbf52938c3dffd

SHA256
d790608e995dfe11ec67cf71371e76648d7bf3937b2c65fd7fc62287bf7d5ae8

SHA512
3f2cb94ccc71739ff8f0a94212de0207f64b2fab17d1b24c9014183fda69c468fd190450dc2acca098991f29765967c0cfe3f0a3593b39865ad24c5490a7ec74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fd13cdff290d905b51c476f60d643e9e

SHA1
321b00f69e1f28401b5fe10a3f1cedd7dd34aed6

SHA256
fe02dca515bcc8ec3df19ca9f41de4aa5c15b4435e86adbccc3a61f5b353e7ba

SHA512
49291f27a50d5e47cb60133bfdd8187204020e26684c76294ff280f0f1729d05480d7cf8d40e29ee458369c13c399a00b097c5a23862449dd19cb27881a0c1bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0e590dc57d7e099ab4c75b102c741a73

SHA1
71c4fabaec650055c5e04efb1e05dcc26d7047f5

SHA256
8abb3757920aea5730ee9dcdce4f39d3a3a0dbc943726c4ed699224e01dfad34

SHA512
8501c54b393daa1dd396674f3929c728c80dab3c191e536f5a9a25cae562d7a387ed019e8d65acc754f171514c3e0882f408095ea62b66cb9c64409bcefd5c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bca8a2d9b589ae3aad8a1cd3f3ded31f

SHA1
d7f775cb2694f0495e88b54b6c719a601abd397f

SHA256
1019c1b058d49105e34b684f0d6354c9e60ab87d2413dc6c8c88795283da95a1

SHA512
468565ce6f76030b371f91c48553b6aeeb9e857c562f664883e8022744a1df98bb5e6753bfb78ff451d988f5cdcd631b56fff0f87b7df7e4d6635dae59f961dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
72d3337d69df73faab7f2f592f2ce2b0

SHA1
66deceabb5c066a1db0f7ab9c4587b7c21526eac

SHA256
ae7d045f4308300f900cf52aeab01fbd75a7ec91faa11cfe95822f3845082b83

SHA512
e25e716b6303b6eab369f9621e1f1d469c7204887daa43b25e3d864a688cb7e0753408e02ef29f49c6829ece160b29ad5a46ca96c34d3f7a65a636298043beb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f417c600080299f4b936157f1e298ce5

SHA1
1c128696cf43bf99b09d82fa2a5f217ac42b785e

SHA256
92be127ceeb90b9c1aff07f1356f709ad9580771eab67ce5cce801165a29216b

SHA512
39a689ea7c5dc715161913d12e015bef4db5a4d5563ddfe81fb8f1f2bc369f10ef4565ff815abe7588c20a8d7714178e20ea58467a9ada088b270723104f2005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4e362bc86ae4503ff6394ea58dd9a6f

SHA1
908b77be4c99f27caf5807a51e79b450cd440474

SHA256
092f3d212ba9a13ad9751946e37aa90911772b62a5d400a135de1c85d66dd18f

SHA512
7952296effcf8da0e44cdcb9ad9c1288040ae6aeca15802d3a86f78c4dde5bc51c15e77644d8cc540a6f57404bb7ed6b65437fbbbf690444de5a69cf4d12fa1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
57316fc7ced9896da90e9bb73e2c5214

SHA1
af43251c1549333daf3f8e60d0286498659498ac

SHA256
28f1f7ea7b9dd35710f24ecd5a9d4edaa848a4123071830e3af3c1e503879d6b

SHA512
b67a4258f4fb0b7a0b26518590e1deeb783488af74a78693134ab2d191e436697c4989511b70fdd640e9aab7ca14b6e7aa3117ae487586fdde94e1cd89fb876a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d83eb8d4d1d186fa1d537362f21c8e1

SHA1
8009eea07e596ec880842a86971596ffe9471d3f

SHA256
610145d498077074aa9bd56bfa639dc2a7fdda9a2b34f3bb5ad09cd19a1dfa71

SHA512
9a56cb010bc9b93d7542723ea58489b87c5e9fb476a7440bdb74700d3815327d843d68ce04b14c544dfcb93b536f9469720659515d409ba01eae3967cd9ece40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
064f3839c85a40e255268b44536344eb

SHA1
d012fd45ef4ee992170987bb274ffb0f124f0521

SHA256
b50bf0cb73ee1b3a7dbe824688cb26a60ea4504689470e98c2c094a8162e2f97

SHA512
58f875c3ba83028bb161bc77f4b827c3396ee9de3c10d21a60d671964247a3cb72ab62da747c72d7cd4f61eb90d46b0d10a5a0c714d0f5e6f6ac5d7c611c6f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e91339d4f11a26d8af86e73d3c031252

SHA1
b8bed93b5ed2805abb15be0e076ee61d1dae06cc

SHA256
abb56ddcdbf631ae5bb1b28f5343cc430d3d67c43615deddf2ede8c4165c0c77

SHA512
4283eadd11c754af74374f60695f08472489e0d28bd29332d8e88616687944c56a02b79c8d8d01c39412c37965c58e18829439de55d98bc3d75ba27ec74994d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f9d77bd2a615a58b0c3f0f858dfdc5ef

SHA1
80656aa27dcbf07ece2352e2f6a12a682f09c4a6

SHA256
f0a7877886499184b9a554cd3168b39b37049811d630f809802204de3adfeab7

SHA512
fc0f62947adfc9e0cf3fa8b136c05cf389191aa7f8160b41fb387f3564ec85b012e653335eadc868bb5cbfe189b90937db97eba1096849a46cae9a4b29e67127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8fc9cd1810c11349c47542d9b9e501c6

SHA1
b98f221c637247659176a3b73791ba3172fcf8f9

SHA256
87ff4d4425ab5cfe1fcaefcb369aa40f2d69b5cd05789003cfab6e86f26f4061

SHA512
a5d1ed43cb7bf02e92a8a09587aaa162508579db414b45618bd59e7cc1bbf97749bc25071eaa5bc818d6cc0de512f14defc1c53ee342bf6d11a10ab09a934113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7bd043c0cc27841c17caea8934794017

SHA1
80564af3ec6b9d108478108620cfd98c0b52da2a

SHA256
d29f98d22013fff808ef4463c77118b293d5eaa2d9e2c29220c4e38a9c468467

SHA512
870765bcb7c353bd870f481737173106ed2352bb39da8c8a5270f2fa978a9fdb2feb860c63150ec12ffbc34cb8e5dc9c1216e8be81aa7e985403497423aef606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a86ff505fbfd1899d4ce929e8a83c74

SHA1
a75bb0b771f4155da18548c89ecad8fe844c39d4

SHA256
1c091e13489296b7dfcbb2c37bd8e90ef6a30c5d7d6dcb95667fd8ec693864e4

SHA512
ad641a38fdbe1ce5e51dbed33ab4c589648d3318eeb2458158588be8211b071f873765bdb545f36a4780295a6fed2ab934de8d6f1283e976a078e26311dd5f4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0293d083d2413f780d2bba51bd2d147d

SHA1
afd6cf9a214b9eaaf9ad3e9b25045b397e0ad18b

SHA256
2387f253afe9c00ba811ee3ba7a534af541c6da2d909160d89011ccecd3b66d9

SHA512
16de6bacf61a8cabd031bdb165b0fc742573767729270643bbbf07b04eee09fca9f3fa2e78b0ad843222c8e335325a73d3fcfdfcb4c039509b49183273b8cc84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9e97e6a8ba59b5d126cf55544a1731d4

SHA1
58246bed54bc6adac82384eadeaa1de9637adbcb

SHA256
fa4fb077355114d7fcb6d887fdc173b87bd0ade5eaaa0c6fb117eb987b12ff05

SHA512
1758e118abda1c378906101e2a9ed79800df004eeef197d2ae62d1106f6df329733239ad8aa50f9de77b1149d3dbcdc22b9073a90c49b3ef967b277271d090bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
9df34e6d088efe3dcfeaa85467fe26b0

SHA1
891ff7a623595c0d33f5d52ebcad3a737a8a796c

SHA256
333518b9a11c801eb3a31e9adce4c07246778b6a77dfdc9a84a4e19666dbef4e

SHA512
9ef8ddbd2b091c05496a79b3d690dca622e3bd85563527e8c952dac14ff430ce0820b2ce600c704711e563b4ed5f58fb372d47dce8c8a7e4a431050cd319bb01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
a6dd7cd6c098e27ea1e4d804c4b03f3a

SHA1
4123792c1d245a5667154f9647caf29975158c6b

SHA256
9717ada7f34be40938d7539bd9e095e204de867055cb8e97b3cb38aef5028e83

SHA512
e0aaca6518880754c11bc96ee4340ff2487c719fa5a4f11620a87897ba3995b91c3a4e36cb64f5a04d4d1f33452180c419323869ac8155bcf284171bd8e4a674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
a5a1a8126127e5fa02e446c3a70ce958

SHA1
a398ad418f343ddee99c60cad3d16f278ca5afe8

SHA256
4575662478bb43537665032063fd21ba9efe8c3dcf0c768a30c3e5c048a8546d

SHA512
658c67aec518cf4d0a8e49d318a0d11fed8235fbf222e2c0c649ceb13a46426af04dd0ab295e01a62f9e45ce89c2dff50e7e82addd5696ad936ba93579d2e2d0

Download Submit
C:\Users\Admin\Downloads\NoEscape.exe.zip.crdownload

Filesize
13.5MB

MD5
660708319a500f1865fa9d2fadfa712d

SHA1
b2ae3aef17095ab26410e0f1792a379a4a2966f8

SHA256
542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c

SHA512
18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517

Download Submit
C:\Users\Public\Desktop\⇥ṇწ᝜᳧ᝬᰈⰬᚖዅ⒫ଏ〹੎ᩢ⠿⦋▐ٍ֔᷶⌯ខᅤோ࣎ⅹ⎭ᗀహ௿⨍

Filesize
666B

MD5
e49f0a8effa6380b4518a8064f6d240b

SHA1
ba62ffe370e186b7f980922067ac68613521bd51

SHA256
8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

SHA512
de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

Download Submit
memory/1008-698-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/1008-699-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/1008-878-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads