Analysis

  • geolocation tags

    nanew-jerseynorth-americaunited-statesususa
  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2025, 11:22

Errors

Reason
Machine shutdown

General

  • Target

    sample

  • Size

    7KB

  • MD5

    4b320922990cfb723b67147a7a97d345

  • SHA1

    5d134dcee4aaeadbea36761640434a45c708b081

  • SHA256

    70b68ac1477e49a4342383c6eff1056f6a18ff0727aa20630e9e7bc8701011f1

  • SHA512

    b21548566a22c31ca19de100264d1c2cefe0c8d8a0361f325194e6514453813376da301b4bb71c9ac0e4c3c1c84589276af79e7f48dd4e6d8ae553590ac823d3

  • SSDEEP

    96:SDQ1jWHRUV/okJOlIDNSW0S9I3gtYEMLX+jZEBZu:oQHokYlIVYFSjZmu

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • UAC bypass 3 TTPs 1 IoCs
  • Disables RegEdit via registry modification 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 39 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\sample
    1⤵
      PID:3840
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:184
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff1ca6dcf8,0x7fff1ca6dd04,0x7fff1ca6dd10
        2⤵
          PID:4856
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1900,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2112 /prefetch:3
          2⤵
            PID:1992
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1980,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=1972 /prefetch:2
            2⤵
              PID:4048
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2364,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2376 /prefetch:8
              2⤵
                PID:4488
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3176 /prefetch:1
                2⤵
                  PID:1488
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3228 /prefetch:1
                  2⤵
                    PID:896
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4256,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4268 /prefetch:2
                    2⤵
                      PID:4852
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4600,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4716 /prefetch:1
                      2⤵
                        PID:3552
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5388,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5396 /prefetch:8
                        2⤵
                          PID:3472
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5444,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5448 /prefetch:8
                          2⤵
                            PID:748
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5760,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5648 /prefetch:1
                            2⤵
                              PID:1416
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5752,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5780 /prefetch:1
                              2⤵
                                PID:1352
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3404,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3440 /prefetch:1
                                2⤵
                                  PID:3112
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3180,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4888 /prefetch:8
                                  2⤵
                                    PID:316
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3176,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3376 /prefetch:8
                                    2⤵
                                    • Modifies registry class
                                    PID:832
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5992,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5932 /prefetch:1
                                    2⤵
                                      PID:1928
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5852,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5876 /prefetch:8
                                      2⤵
                                        PID:3020
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5820,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5772 /prefetch:8
                                        2⤵
                                          PID:5184
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5884,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3432 /prefetch:8
                                          2⤵
                                            PID:5200
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5776,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4620 /prefetch:8
                                            2⤵
                                              PID:5212
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4132,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5856 /prefetch:8
                                              2⤵
                                                PID:4568
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5660,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4336 /prefetch:1
                                                2⤵
                                                  PID:6016
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6248,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6236 /prefetch:1
                                                  2⤵
                                                    PID:5872
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3412,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3364 /prefetch:1
                                                    2⤵
                                                      PID:3808
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6000,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=836 /prefetch:8
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:3432
                                                  • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                                                    "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                                                    1⤵
                                                      PID:1120
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                      1⤵
                                                        PID:3512
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                        1⤵
                                                          PID:2916
                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe
                                                          "C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe"
                                                          1⤵
                                                          • Modifies WinLogon for persistence
                                                          • UAC bypass
                                                          • Disables RegEdit via registry modification
                                                          • Drops desktop.ini file(s)
                                                          • Sets desktop wallpaper using registry
                                                          • Drops file in Windows directory
                                                          • System Location Discovery: System Language Discovery
                                                          PID:5392
                                                        • C:\Windows\system32\LogonUI.exe
                                                          "LogonUI.exe" /flags:0x4 /state0:0xa3939055 /state1:0x41c64e6d
                                                          1⤵
                                                          • Modifies data under HKEY_USERS
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:5676

                                                        Network

                                                              MITRE ATT&CK Enterprise v16

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                Filesize

                                                                649B

                                                                MD5

                                                                7a4b05960f3e86aae8f386065bc7a0d6

                                                                SHA1

                                                                05cacca5cbb8b19bd92855ad9c7d6fa82c8bf4e3

                                                                SHA256

                                                                619e321f626be2a550097ddee04f97536921a57510c1e0c17531ca092009d175

                                                                SHA512

                                                                96bfc437e3773091b39fbd92d39535da272e5083fa4c8f34b8cecf8b4e3521b5312b7848a8d3377adc1d9daf9790277beceb56db3bf43ed355a2d695f059a6fd

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                Filesize

                                                                3KB

                                                                MD5

                                                                536019d65e29fa40c29ea5681499ba44

                                                                SHA1

                                                                a74a104670487eaf3a63f3a7f36a4e36cd0aad09

                                                                SHA256

                                                                417f5dc872a33cc63805ed67f1f9525cbbe5196638e8b6e46627421458b0623d

                                                                SHA512

                                                                770d77c7bdbfc5c499993b35c69baaa8be4aed86c788623d162a6ae8ddd3e78e93248af7b0328bb8734d51d63ba293e5ae272e5b231387e7d6aef802d192b79d

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                Filesize

                                                                2KB

                                                                MD5

                                                                1aac4dfa17bc1071cce0547679a8a664

                                                                SHA1

                                                                73a8076d4551f8f303ade8b6ddc54e95a3073ca6

                                                                SHA256

                                                                6b142ec01fa6f1ca0e5a1e4f9090958f96cd874bbe9d4ff78ddac28f7941234f

                                                                SHA512

                                                                0c08ac64a23fd3e055e5c98c72a69096a9b7b2b77ba33d909f9f9cc2790a17cdbcbf3e5552a19ace144de1d088b07ae61e9d7528d8a190ace9e6c7f517173790

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                Filesize

                                                                7KB

                                                                MD5

                                                                e77be477b809ac443093d2dc48c39f5c

                                                                SHA1

                                                                bea4e69a9d4b1b630bdf8ea85500c46e82b6a208

                                                                SHA256

                                                                081969a91090f98f37603344ddc75634996430cbad3b1140a2185b4ffb49e4cd

                                                                SHA512

                                                                952ce53b32625d2c65b8b703a5f095e2365c0a9c4344180e9643d569dfcfb04db7b3f10ccce8d56b45ce61826b3d60a4b3e712ed5254a25db070341f8e1b12d7

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                Filesize

                                                                2B

                                                                MD5

                                                                d751713988987e9331980363e24189ce

                                                                SHA1

                                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                                SHA256

                                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                SHA512

                                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                12KB

                                                                MD5

                                                                0fd20f80776e086bc638a060988f5d18

                                                                SHA1

                                                                68c29841326b363b753f20f8a8fb31cf2aa9abd9

                                                                SHA256

                                                                3ce77c3b39d30758dc8ebacdb30d738497ed183686becee20479f403e558afb8

                                                                SHA512

                                                                076707ca8a5182ee5c28dca16fa5fca4190c76b24c6364a94e197e0a1ac7b3ae8704a9a31fbb2dfa2e1ce819ad2c2f7818f33b18bd7a25b453285134d2b1eec1

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                11KB

                                                                MD5

                                                                518aeb5acf9ee36e4070c08f1fa5b64c

                                                                SHA1

                                                                23c02606de325da0c99bd1bc993f9d5797ede48b

                                                                SHA256

                                                                cfc01204904691b48750a6aa3bf8c5e9a6f7e9b03f69d8efb827bbbf638da627

                                                                SHA512

                                                                e73bcec4224dd679ba4e18a61bb34c10fda1b28c4a82e3cc4ee7594e7b37f3c641736ff9248b7de471d5f4f8ad24ea393e1f22020ec1d5e8927bd1cd6f2b8835

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                12KB

                                                                MD5

                                                                249877dd8ce3e8d83df4f596b82f0d73

                                                                SHA1

                                                                3b3f915c787e075bb74e71f52c6da8ec49d1fa56

                                                                SHA256

                                                                d1aae48f561579b885f4d2f745a98df5da4b6ed03c7b1a9af9f577c1f0530cc1

                                                                SHA512

                                                                cbd6c2bd9580f7b9e14d9f544d63b85b04c03d4a62d861d30b8afc417b0d9a283171950f89afefe0f262fd6c689691da6fdba2f4ab9c99610c646c7c89037d01

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                11KB

                                                                MD5

                                                                97fb40c3a750c5807270af760673d477

                                                                SHA1

                                                                fb4f07a1d02561a1877cc50da439e3e12eb2680d

                                                                SHA256

                                                                d91bf807174b832758b521e867168530548a6c44b4175abd98c5c53a6138e458

                                                                SHA512

                                                                1ae745d68baa568b9363c5c215c6c3006028900d16fbe3e34da123932b1f1b25bb5f9828ad6477b9d7866814867f000e901d4c6209eb79c00264f167e46e7d2a

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                12KB

                                                                MD5

                                                                c18028798de2cc9a24556ee91a8870d4

                                                                SHA1

                                                                362db97a8d8c9840599f2f0797edad0077e830b4

                                                                SHA256

                                                                a34ddd3fe94beb033600fb54b2e9cad955c1bfb7f2447af01bae6420b6a4a072

                                                                SHA512

                                                                247e96fa1d2580b6f96a71b568e25e8913dc0255d566cf2bcd27891cd4f7a408eeda66987196a532ae4aeb759b465fbafb38ccf5ec98af56e9c04566f6c99612

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                10KB

                                                                MD5

                                                                670bdb6384922a884b9b3af8258f4b50

                                                                SHA1

                                                                5fa89efd8c604663830bcc8b828d9ff25f9c4a2f

                                                                SHA256

                                                                5707f99df95b73b40896cbf59e985ad74768a01837604a8793691a54d4f7b6c5

                                                                SHA512

                                                                bacaac30b49dd6e498588a2ed0dc7f30befa9745ac1aeaf0e08cec21ec10761a4b812be39b10a43ebdd52c4f473628ff045d36add95d5ed116eb3e9830693ee5

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                11KB

                                                                MD5

                                                                05aae2a5fbbfbe33ab2dd85c81dea781

                                                                SHA1

                                                                aa88f282469b680eb99c2c5626304a1fdea54a2c

                                                                SHA256

                                                                03144981dc6ba927b85542bcac623ce576815e5e966bd07dbc96ff478a8dad2d

                                                                SHA512

                                                                3f6550dc44ca98a073fb31d8b1ba093cee3143218473964c4d86a042e7a9dbec0cf6c658e4b0009a5517872375cce612d22eedc8760103f898646acfccff97a5

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                12KB

                                                                MD5

                                                                30687415a984771fe093033728be33ff

                                                                SHA1

                                                                a1ef6d26bf5aa3acdf6a5c05ad9deda0e899cd11

                                                                SHA256

                                                                8ddcaad806ad1b1a1a52e533bfa953b1566e5a0bc217648ac990fd1675866365

                                                                SHA512

                                                                85b7fce3c5d784f28812e0c166d2965293d3ab4810d29f0a823328706d823bb3ca07a1aff40e7341314cb00c22eaad556a6e01bba4b9f4a218cb4bb5beb82683

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                Filesize

                                                                15KB

                                                                MD5

                                                                5524603fb6c13cab0238726a23288a6f

                                                                SHA1

                                                                b699809b794d47ebeaa28638d94d3b4744b29d8f

                                                                SHA256

                                                                b757be4023ad43967d2a2de39d383f857db74e7dbc1a4c4ed6c499b560b04449

                                                                SHA512

                                                                ad9c4466d49aeb016bff3508b8ebedfb43c22d0da2d52ea0ae3708c09f96eeb5f42e3b327ae07fce5e7022a37f1290c759fab83b82a4c31cfacdb217424484a6

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                Filesize

                                                                72B

                                                                MD5

                                                                0890394c615b79153f99403a4e8a9079

                                                                SHA1

                                                                5e0edc9d654bde263f1371a8cba00b2be52278ae

                                                                SHA256

                                                                1ac09d2e263c8274f04ba485cf29440c884a609f135719a90afd0f6b38d2408b

                                                                SHA512

                                                                bee79f9d9bddcd29c4c70869eeee5c2216a5e7d87e6f1150144964ca674d4d0b525e3597ea1465fd4bd52785223de2fd85c24ea75928d8860a6c8c0e5d870001

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cf75.TMP

                                                                Filesize

                                                                48B

                                                                MD5

                                                                2c5a6093ea1214f817548b5d28af66f5

                                                                SHA1

                                                                bf0bcb147683a4aa41040cab1c7d82e1b17cf936

                                                                SHA256

                                                                d53a395582b0b41c50199ab8d8e857593b75276175b4f64b4eed8763da602d9d

                                                                SHA512

                                                                9b75debb789f1dfb572c37bf1e674f820085bb67e71269f09f08e085cdfdd6898f3616c052243e5a10ff8b3fd88a09c726fa406a6314d7bbe795bc0a096cfd09

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

                                                                Filesize

                                                                82B

                                                                MD5

                                                                9c12ec41b948e46a5108b7dbfaf1d16c

                                                                SHA1

                                                                860c5126809bae1950aa06800c5c1bcdf05f6c53

                                                                SHA256

                                                                34291f16a0ca09f3129132c388fbf0d909778432ae92059c6d85f77a622dc004

                                                                SHA512

                                                                a93099ce7e7896b91fe111c44df3beece4828d40705f08f403c63502cf778822f276a3d40f01bee3433b8b1de32cfeef9c8b445bfcfaf56befae6b3ec43f463c

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

                                                                Filesize

                                                                146B

                                                                MD5

                                                                e029d452f80494a00944e1601f791139

                                                                SHA1

                                                                c74de1361a7375b1a1c543bf4c75d67797d047ca

                                                                SHA256

                                                                3c407fffe0f2058a39dfca8ebd0b0f6fb0f05aeeba435296e32cef5feb3d4a76

                                                                SHA512

                                                                a1a552469949d7013fb1d99d860816a90862bb0c459ceed70c00a761503a85d01e4937a03123b69fa23eb28d16d0c4b71ae49c6f57f2d175302905f61d0f3714

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57c071.TMP

                                                                Filesize

                                                                146B

                                                                MD5

                                                                007beff707279172a5421e537e4a1265

                                                                SHA1

                                                                fbf7e455403744bc7f3b6b51416a3f05df33c37b

                                                                SHA256

                                                                75e944bcf8ed9c4dc14cf04686e849c2aca984016af3765b65903e06448970a0

                                                                SHA512

                                                                9a8295af40e7fad462b04b300864349975475c9e30ac42266e21428cacaf1c74fa45ef5d5e4355380027213ff3c1059d75bfdc8b829e61dc2ecaebef8dd0b70b

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

                                                                Filesize

                                                                16B

                                                                MD5

                                                                46295cac801e5d4857d09837238a6394

                                                                SHA1

                                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                SHA256

                                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                SHA512

                                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\MANIFEST-000001

                                                                Filesize

                                                                23B

                                                                MD5

                                                                3fd11ff447c1ee23538dc4d9724427a3

                                                                SHA1

                                                                1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                SHA256

                                                                720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                SHA512

                                                                10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                157KB

                                                                MD5

                                                                beac80e5d446bf6c819af731d9e58eca

                                                                SHA1

                                                                55ceff4d1141ddbbdf1036965e71301c0c838c47

                                                                SHA256

                                                                1bf2c6b7d30fc8f013093c8f96c33758da3681c756c12423723d47a9f48bb3ab

                                                                SHA512

                                                                ae5f1db698e475878475d4f64ababc6a0fbe392e30ebf756f9241570f2a4b609102474f3545e15f7d40d5c9eac30821e1e4b54d5317c04e85f4a11cfbf8aaab4

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                79KB

                                                                MD5

                                                                08858ee0fd2928507de7adf8e93bed0a

                                                                SHA1

                                                                33f0a07cb59c715c4534a8388cd34cde1cde87e4

                                                                SHA256

                                                                fe50a360da65098a3b9af2bbb6daaed8dba8ff8556f02af3b10dbd6a4f1f372f

                                                                SHA512

                                                                b39fd30e2f07817085c8c1ce9fc0d057e997f3ebbda8d055a410dd91a7dd2bb45ee3d609fa14dc43fe45b3e6b99c94974ebe0a65ebfbddf2c467eaf4e9234012

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                158KB

                                                                MD5

                                                                693fd45ea326adef89d6a03565d55ad3

                                                                SHA1

                                                                0a4166816d54b422177d792fca460b79a126f460

                                                                SHA256

                                                                d2dfff13ac6468a61fa72b843acb0486f396b8f9576458e1c353a84f7fe044c9

                                                                SHA512

                                                                7e0cb853acb55bc313efe44b8669608c1f73cba611b32baa6991ecacd6c9b134186e51071eeb3e955a06456b2c81089d5177fcd60905d0bf26d478857b695d02

                                                              • C:\Users\Admin\Downloads\NoEscape.zip

                                                                Filesize

                                                                616KB

                                                                MD5

                                                                ef4fdf65fc90bfda8d1d2ae6d20aff60

                                                                SHA1

                                                                9431227836440c78f12bfb2cb3247d59f4d4640b

                                                                SHA256

                                                                47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

                                                                SHA512

                                                                6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

                                                              • C:\Users\Public\Desktop\ょԴইߞᝠ≢ၔↁ᳗⭁ߪ⅝⃞༭ᜇᖚ⫞▄ٌ஗ឌ⼋∼েᅴٹ➸ᇊ⓵᪭ℷ

                                                                Filesize

                                                                666B

                                                                MD5

                                                                e49f0a8effa6380b4518a8064f6d240b

                                                                SHA1

                                                                ba62ffe370e186b7f980922067ac68613521bd51

                                                                SHA256

                                                                8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

                                                                SHA512

                                                                de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

                                                              • memory/5392-983-0x00000000005C6000-0x00000000005C7000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/5392-982-0x0000000000400000-0x00000000005CC000-memory.dmp

                                                                Filesize

                                                                1.8MB

                                                              • memory/5392-1160-0x0000000000400000-0x00000000005CC000-memory.dmp

                                                                Filesize

                                                                1.8MB