Analysis Overview
SHA256
70b68ac1477e49a4342383c6eff1056f6a18ff0727aa20630e9e7bc8701011f1
Threat Level: Known bad
The file sample was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies WinLogon for persistence
Disables RegEdit via registry modification
Legitimate hosting services abused for malware hosting/C2
Drops desktop.ini file(s)
Sets desktop wallpaper using registry
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Modifies registry class
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-29 11:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-29 11:22
Reported
2025-05-29 11:26
Platform
win10v2004-20250502-en
Max time kernel
151s
Max time network
153s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\winnt32.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
| File opened for modification | C:\Windows\winnt32.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "141" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133929914290378589" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920234085-916416549-2700794571-1000\{FFC27769-7F48-4F63-A90B-BA550809B9EE} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff1ca6dcf8,0x7fff1ca6dd04,0x7fff1ca6dd10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1900,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2112 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1980,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=1972 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2364,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2376 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4256,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4268 /prefetch:2
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4600,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5388,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5396 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5444,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5760,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5752,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3404,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3180,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4888 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3176,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3376 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5992,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5852,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5876 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5820,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5772 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5884,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3432 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5776,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4620 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4132,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5856 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5660,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4336 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6248,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3412,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6000,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=836 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3939055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 23.219.82.35:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 142.250.31.99:443 | www.google.com | udp |
| US | 142.250.31.99:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 172.253.63.95:443 | ogads-pa.clients6.google.com | tcp |
| US | 172.253.63.138:443 | apis.google.com | tcp |
| US | 172.253.63.95:443 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 142.251.167.102:443 | play.google.com | tcp |
| US | 142.251.167.102:443 | play.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.253.122.139:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | malwarewatch.org | udp |
| US | 104.21.80.1:80 | malwarewatch.org | tcp |
| US | 104.21.80.1:80 | malwarewatch.org | tcp |
| US | 104.21.80.1:443 | malwarewatch.org | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 104.21.80.1:443 | malwarewatch.org | udp |
| US | 104.18.0.22:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 192.178.155.91:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 142.251.16.119:443 | i.ytimg.com | tcp |
| US | 142.251.16.119:443 | i.ytimg.com | tcp |
| US | 142.251.16.119:443 | i.ytimg.com | tcp |
| US | 142.251.16.119:443 | i.ytimg.com | tcp |
| US | 142.251.16.119:443 | i.ytimg.com | tcp |
| US | 142.251.16.119:443 | i.ytimg.com | tcp |
| US | 192.178.155.91:443 | www.youtube.com | udp |
| US | 142.251.16.119:443 | i.ytimg.com | tcp |
| US | 142.251.16.119:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 142.251.167.156:443 | googleads.g.doubleclick.net | tcp |
| US | 142.250.31.99:443 | www.google.com | tcp |
| US | 172.253.62.149:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 142.251.163.95:443 | jnn-pa.googleapis.com | tcp |
| US | 142.251.163.132:443 | yt3.ggpht.com | tcp |
| US | 142.251.167.102:443 | play.google.com | tcp |
| US | 142.251.167.156:443 | googleads.g.doubleclick.net | udp |
| US | 142.251.163.95:443 | jnn-pa.googleapis.com | udp |
| US | 142.251.167.102:443 | play.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 140.82.114.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 172.253.63.95:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 172.253.63.95:443 | content-autofill.googleapis.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.112.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 142.251.167.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 172.253.62.138:443 | google.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.131.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 104.21.80.1:443 | malwarewatch.org | udp |
| US | 192.178.155.91:443 | www.youtube.com | udp |
| US | 142.251.16.119:443 | i.ytimg.com | udp |
| US | 142.251.167.156:443 | googleads.g.doubleclick.net | udp |
| US | 142.251.163.95:443 | content-autofill.googleapis.com | udp |
| US | 142.251.167.102:443 | play.google.com | udp |
| US | 140.82.112.4:443 | github.com | tcp |
Files
\??\pipe\crashpad_184_ENXGNSKZWPRKENSN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 08858ee0fd2928507de7adf8e93bed0a |
| SHA1 | 33f0a07cb59c715c4534a8388cd34cde1cde87e4 |
| SHA256 | fe50a360da65098a3b9af2bbb6daaed8dba8ff8556f02af3b10dbd6a4f1f372f |
| SHA512 | b39fd30e2f07817085c8c1ce9fc0d057e997f3ebbda8d055a410dd91a7dd2bb45ee3d609fa14dc43fe45b3e6b99c94974ebe0a65ebfbddf2c467eaf4e9234012 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 7a4b05960f3e86aae8f386065bc7a0d6 |
| SHA1 | 05cacca5cbb8b19bd92855ad9c7d6fa82c8bf4e3 |
| SHA256 | 619e321f626be2a550097ddee04f97536921a57510c1e0c17531ca092009d175 |
| SHA512 | 96bfc437e3773091b39fbd92d39535da272e5083fa4c8f34b8cecf8b4e3521b5312b7848a8d3377adc1d9daf9790277beceb56db3bf43ed355a2d695f059a6fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | beac80e5d446bf6c819af731d9e58eca |
| SHA1 | 55ceff4d1141ddbbdf1036965e71301c0c838c47 |
| SHA256 | 1bf2c6b7d30fc8f013093c8f96c33758da3681c756c12423723d47a9f48bb3ab |
| SHA512 | ae5f1db698e475878475d4f64ababc6a0fbe392e30ebf756f9241570f2a4b609102474f3545e15f7d40d5c9eac30821e1e4b54d5317c04e85f4a11cfbf8aaab4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 670bdb6384922a884b9b3af8258f4b50 |
| SHA1 | 5fa89efd8c604663830bcc8b828d9ff25f9c4a2f |
| SHA256 | 5707f99df95b73b40896cbf59e985ad74768a01837604a8793691a54d4f7b6c5 |
| SHA512 | bacaac30b49dd6e498588a2ed0dc7f30befa9745ac1aeaf0e08cec21ec10761a4b812be39b10a43ebdd52c4f473628ff045d36add95d5ed116eb3e9830693ee5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 5524603fb6c13cab0238726a23288a6f |
| SHA1 | b699809b794d47ebeaa28638d94d3b4744b29d8f |
| SHA256 | b757be4023ad43967d2a2de39d383f857db74e7dbc1a4c4ed6c499b560b04449 |
| SHA512 | ad9c4466d49aeb016bff3508b8ebedfb43c22d0da2d52ea0ae3708c09f96eeb5f42e3b327ae07fce5e7022a37f1290c759fab83b82a4c31cfacdb217424484a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
| MD5 | 9c12ec41b948e46a5108b7dbfaf1d16c |
| SHA1 | 860c5126809bae1950aa06800c5c1bcdf05f6c53 |
| SHA256 | 34291f16a0ca09f3129132c388fbf0d909778432ae92059c6d85f77a622dc004 |
| SHA512 | a93099ce7e7896b91fe111c44df3beece4828d40705f08f403c63502cf778822f276a3d40f01bee3433b8b1de32cfeef9c8b445bfcfaf56befae6b3ec43f463c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57c071.TMP
| MD5 | 007beff707279172a5421e537e4a1265 |
| SHA1 | fbf7e455403744bc7f3b6b51416a3f05df33c37b |
| SHA256 | 75e944bcf8ed9c4dc14cf04686e849c2aca984016af3765b65903e06448970a0 |
| SHA512 | 9a8295af40e7fad462b04b300864349975475c9e30ac42266e21428cacaf1c74fa45ef5d5e4355380027213ff3c1059d75bfdc8b829e61dc2ecaebef8dd0b70b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0890394c615b79153f99403a4e8a9079 |
| SHA1 | 5e0edc9d654bde263f1371a8cba00b2be52278ae |
| SHA256 | 1ac09d2e263c8274f04ba485cf29440c884a609f135719a90afd0f6b38d2408b |
| SHA512 | bee79f9d9bddcd29c4c70869eeee5c2216a5e7d87e6f1150144964ca674d4d0b525e3597ea1465fd4bd52785223de2fd85c24ea75928d8860a6c8c0e5d870001 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cf75.TMP
| MD5 | 2c5a6093ea1214f817548b5d28af66f5 |
| SHA1 | bf0bcb147683a4aa41040cab1c7d82e1b17cf936 |
| SHA256 | d53a395582b0b41c50199ab8d8e857593b75276175b4f64b4eed8763da602d9d |
| SHA512 | 9b75debb789f1dfb572c37bf1e674f820085bb67e71269f09f08e085cdfdd6898f3616c052243e5a10ff8b3fd88a09c726fa406a6314d7bbe795bc0a096cfd09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 518aeb5acf9ee36e4070c08f1fa5b64c |
| SHA1 | 23c02606de325da0c99bd1bc993f9d5797ede48b |
| SHA256 | cfc01204904691b48750a6aa3bf8c5e9a6f7e9b03f69d8efb827bbbf638da627 |
| SHA512 | e73bcec4224dd679ba4e18a61bb34c10fda1b28c4a82e3cc4ee7594e7b37f3c641736ff9248b7de471d5f4f8ad24ea393e1f22020ec1d5e8927bd1cd6f2b8835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 05aae2a5fbbfbe33ab2dd85c81dea781 |
| SHA1 | aa88f282469b680eb99c2c5626304a1fdea54a2c |
| SHA256 | 03144981dc6ba927b85542bcac623ce576815e5e966bd07dbc96ff478a8dad2d |
| SHA512 | 3f6550dc44ca98a073fb31d8b1ba093cee3143218473964c4d86a042e7a9dbec0cf6c658e4b0009a5517872375cce612d22eedc8760103f898646acfccff97a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 693fd45ea326adef89d6a03565d55ad3 |
| SHA1 | 0a4166816d54b422177d792fca460b79a126f460 |
| SHA256 | d2dfff13ac6468a61fa72b843acb0486f396b8f9576458e1c353a84f7fe044c9 |
| SHA512 | 7e0cb853acb55bc313efe44b8669608c1f73cba611b32baa6991ecacd6c9b134186e51071eeb3e955a06456b2c81089d5177fcd60905d0bf26d478857b695d02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 97fb40c3a750c5807270af760673d477 |
| SHA1 | fb4f07a1d02561a1877cc50da439e3e12eb2680d |
| SHA256 | d91bf807174b832758b521e867168530548a6c44b4175abd98c5c53a6138e458 |
| SHA512 | 1ae745d68baa568b9363c5c215c6c3006028900d16fbe3e34da123932b1f1b25bb5f9828ad6477b9d7866814867f000e901d4c6209eb79c00264f167e46e7d2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1aac4dfa17bc1071cce0547679a8a664 |
| SHA1 | 73a8076d4551f8f303ade8b6ddc54e95a3073ca6 |
| SHA256 | 6b142ec01fa6f1ca0e5a1e4f9090958f96cd874bbe9d4ff78ddac28f7941234f |
| SHA512 | 0c08ac64a23fd3e055e5c98c72a69096a9b7b2b77ba33d909f9f9cc2790a17cdbcbf3e5552a19ace144de1d088b07ae61e9d7528d8a190ace9e6c7f517173790 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0fd20f80776e086bc638a060988f5d18 |
| SHA1 | 68c29841326b363b753f20f8a8fb31cf2aa9abd9 |
| SHA256 | 3ce77c3b39d30758dc8ebacdb30d738497ed183686becee20479f403e558afb8 |
| SHA512 | 076707ca8a5182ee5c28dca16fa5fca4190c76b24c6364a94e197e0a1ac7b3ae8704a9a31fbb2dfa2e1ce819ad2c2f7818f33b18bd7a25b453285134d2b1eec1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e77be477b809ac443093d2dc48c39f5c |
| SHA1 | bea4e69a9d4b1b630bdf8ea85500c46e82b6a208 |
| SHA256 | 081969a91090f98f37603344ddc75634996430cbad3b1140a2185b4ffb49e4cd |
| SHA512 | 952ce53b32625d2c65b8b703a5f095e2365c0a9c4344180e9643d569dfcfb04db7b3f10ccce8d56b45ce61826b3d60a4b3e712ed5254a25db070341f8e1b12d7 |
C:\Users\Admin\Downloads\NoEscape.zip
| MD5 | ef4fdf65fc90bfda8d1d2ae6d20aff60 |
| SHA1 | 9431227836440c78f12bfb2cb3247d59f4d4640b |
| SHA256 | 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8 |
| SHA512 | 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 249877dd8ce3e8d83df4f596b82f0d73 |
| SHA1 | 3b3f915c787e075bb74e71f52c6da8ec49d1fa56 |
| SHA256 | d1aae48f561579b885f4d2f745a98df5da4b6ed03c7b1a9af9f577c1f0530cc1 |
| SHA512 | cbd6c2bd9580f7b9e14d9f544d63b85b04c03d4a62d861d30b8afc417b0d9a283171950f89afefe0f262fd6c689691da6fdba2f4ab9c99610c646c7c89037d01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
| MD5 | e029d452f80494a00944e1601f791139 |
| SHA1 | c74de1361a7375b1a1c543bf4c75d67797d047ca |
| SHA256 | 3c407fffe0f2058a39dfca8ebd0b0f6fb0f05aeeba435296e32cef5feb3d4a76 |
| SHA512 | a1a552469949d7013fb1d99d860816a90862bb0c459ceed70c00a761503a85d01e4937a03123b69fa23eb28d16d0c4b71ae49c6f57f2d175302905f61d0f3714 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c18028798de2cc9a24556ee91a8870d4 |
| SHA1 | 362db97a8d8c9840599f2f0797edad0077e830b4 |
| SHA256 | a34ddd3fe94beb033600fb54b2e9cad955c1bfb7f2447af01bae6420b6a4a072 |
| SHA512 | 247e96fa1d2580b6f96a71b568e25e8913dc0255d566cf2bcd27891cd4f7a408eeda66987196a532ae4aeb759b465fbafb38ccf5ec98af56e9c04566f6c99612 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 536019d65e29fa40c29ea5681499ba44 |
| SHA1 | a74a104670487eaf3a63f3a7f36a4e36cd0aad09 |
| SHA256 | 417f5dc872a33cc63805ed67f1f9525cbbe5196638e8b6e46627421458b0623d |
| SHA512 | 770d77c7bdbfc5c499993b35c69baaa8be4aed86c788623d162a6ae8ddd3e78e93248af7b0328bb8734d51d63ba293e5ae272e5b231387e7d6aef802d192b79d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 30687415a984771fe093033728be33ff |
| SHA1 | a1ef6d26bf5aa3acdf6a5c05ad9deda0e899cd11 |
| SHA256 | 8ddcaad806ad1b1a1a52e533bfa953b1566e5a0bc217648ac990fd1675866365 |
| SHA512 | 85b7fce3c5d784f28812e0c166d2965293d3ab4810d29f0a823328706d823bb3ca07a1aff40e7341314cb00c22eaad556a6e01bba4b9f4a218cb4bb5beb82683 |
memory/5392-982-0x0000000000400000-0x00000000005CC000-memory.dmp
memory/5392-983-0x00000000005C6000-0x00000000005C7000-memory.dmp
C:\Users\Public\Desktop\ょԴইߞᝠ≢ၔↁ᳗⭁ߪ⅝⃞༭ᜇᖚ⫞▄ٌឌ⼋∼েᅴٹ➸ᇊ⓵᪭ℷ
| MD5 | e49f0a8effa6380b4518a8064f6d240b |
| SHA1 | ba62ffe370e186b7f980922067ac68613521bd51 |
| SHA256 | 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13 |
| SHA512 | de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4 |
memory/5392-1160-0x0000000000400000-0x00000000005CC000-memory.dmp