Malware Analysis Report

2025-06-16 06:28

Sample ID 250529-ngy4wa1mt5
Target sample
SHA256 70b68ac1477e49a4342383c6eff1056f6a18ff0727aa20630e9e7bc8701011f1
Tags
defense_evasion discovery persistence ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

70b68ac1477e49a4342383c6eff1056f6a18ff0727aa20630e9e7bc8701011f1

Threat Level: Known bad

The file sample was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery persistence ransomware trojan

UAC bypass

Modifies WinLogon for persistence

Disables RegEdit via registry modification

Legitimate hosting services abused for malware hosting/C2

Drops desktop.ini file(s)

Sets desktop wallpaper using registry

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Modifies registry class

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-29 11:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-29 11:22

Reported

2025-05-29 11:26

Platform

win10v2004-20250502-en

Max time kernel

151s

Max time network

153s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\sample

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

UAC bypass

defense_evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

Disables RegEdit via registry modification

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winnt32.exe C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A
File opened for modification C:\Windows\winnt32.exe C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "141" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133929914290378589" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3920234085-916416549-2700794571-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920234085-916416549-2700794571-1000\{FFC27769-7F48-4F63-A90B-BA550809B9EE} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 184 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4856 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 1992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 184 wrote to memory of 4488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\sample

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff1ca6dcf8,0x7fff1ca6dd04,0x7fff1ca6dd10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1900,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2112 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1980,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=1972 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2364,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2376 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4256,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4268 /prefetch:2

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4600,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5388,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5396 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5444,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5760,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5752,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3404,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3180,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4888 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3176,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3376 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5992,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5932 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5852,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5876 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5820,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5772 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5884,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5776,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4620 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4132,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5856 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5660,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4336 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6248,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3412,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6000,i,6268355402232064795,7004844374667991368,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=836 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.zip\NoEscape.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3939055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 23.219.82.35:443 www.bing.com tcp
US 8.8.8.8:53 www.google.com udp
US 142.250.31.99:443 www.google.com udp
US 142.250.31.99:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 172.253.63.95:443 ogads-pa.clients6.google.com tcp
US 172.253.63.138:443 apis.google.com tcp
US 172.253.63.95:443 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 play.google.com udp
US 142.251.167.102:443 play.google.com tcp
US 142.251.167.102:443 play.google.com udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 172.253.122.139:443 clients2.google.com udp
US 8.8.8.8:53 malwarewatch.org udp
US 104.21.80.1:80 malwarewatch.org tcp
US 104.21.80.1:80 malwarewatch.org tcp
US 104.21.80.1:443 malwarewatch.org tcp
US 8.8.8.8:53 unpkg.com udp
US 104.21.80.1:443 malwarewatch.org udp
US 104.18.0.22:443 unpkg.com tcp
US 8.8.8.8:53 use.fontawesome.com udp
US 172.67.142.245:443 use.fontawesome.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 192.178.155.91:443 www.youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 142.251.16.119:443 i.ytimg.com tcp
US 142.251.16.119:443 i.ytimg.com tcp
US 142.251.16.119:443 i.ytimg.com tcp
US 142.251.16.119:443 i.ytimg.com tcp
US 142.251.16.119:443 i.ytimg.com tcp
US 142.251.16.119:443 i.ytimg.com tcp
US 192.178.155.91:443 www.youtube.com udp
US 142.251.16.119:443 i.ytimg.com tcp
US 142.251.16.119:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 142.251.167.156:443 googleads.g.doubleclick.net tcp
US 142.250.31.99:443 www.google.com tcp
US 172.253.62.149:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 142.251.163.95:443 jnn-pa.googleapis.com tcp
US 142.251.163.132:443 yt3.ggpht.com tcp
US 142.251.167.102:443 play.google.com tcp
US 142.251.167.156:443 googleads.g.doubleclick.net udp
US 142.251.163.95:443 jnn-pa.googleapis.com udp
US 142.251.167.102:443 play.google.com udp
US 8.8.8.8:53 github.com udp
US 140.82.114.4:443 github.com tcp
US 140.82.114.4:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 185.199.109.133:443 private-user-images.githubusercontent.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 172.253.63.95:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 172.253.63.95:443 content-autofill.googleapis.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.112.6:443 api.github.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
US 142.251.167.94:80 c.pki.goog tcp
US 8.8.8.8:53 google.com udp
US 172.253.62.138:443 google.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.131.94:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 104.21.80.1:443 malwarewatch.org udp
US 192.178.155.91:443 www.youtube.com udp
US 142.251.16.119:443 i.ytimg.com udp
US 142.251.167.156:443 googleads.g.doubleclick.net udp
US 142.251.163.95:443 content-autofill.googleapis.com udp
US 142.251.167.102:443 play.google.com udp
US 140.82.112.4:443 github.com tcp

Files

\??\pipe\crashpad_184_ENXGNSKZWPRKENSN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 08858ee0fd2928507de7adf8e93bed0a
SHA1 33f0a07cb59c715c4534a8388cd34cde1cde87e4
SHA256 fe50a360da65098a3b9af2bbb6daaed8dba8ff8556f02af3b10dbd6a4f1f372f
SHA512 b39fd30e2f07817085c8c1ce9fc0d057e997f3ebbda8d055a410dd91a7dd2bb45ee3d609fa14dc43fe45b3e6b99c94974ebe0a65ebfbddf2c467eaf4e9234012

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 7a4b05960f3e86aae8f386065bc7a0d6
SHA1 05cacca5cbb8b19bd92855ad9c7d6fa82c8bf4e3
SHA256 619e321f626be2a550097ddee04f97536921a57510c1e0c17531ca092009d175
SHA512 96bfc437e3773091b39fbd92d39535da272e5083fa4c8f34b8cecf8b4e3521b5312b7848a8d3377adc1d9daf9790277beceb56db3bf43ed355a2d695f059a6fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 beac80e5d446bf6c819af731d9e58eca
SHA1 55ceff4d1141ddbbdf1036965e71301c0c838c47
SHA256 1bf2c6b7d30fc8f013093c8f96c33758da3681c756c12423723d47a9f48bb3ab
SHA512 ae5f1db698e475878475d4f64ababc6a0fbe392e30ebf756f9241570f2a4b609102474f3545e15f7d40d5c9eac30821e1e4b54d5317c04e85f4a11cfbf8aaab4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 670bdb6384922a884b9b3af8258f4b50
SHA1 5fa89efd8c604663830bcc8b828d9ff25f9c4a2f
SHA256 5707f99df95b73b40896cbf59e985ad74768a01837604a8793691a54d4f7b6c5
SHA512 bacaac30b49dd6e498588a2ed0dc7f30befa9745ac1aeaf0e08cec21ec10761a4b812be39b10a43ebdd52c4f473628ff045d36add95d5ed116eb3e9830693ee5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5524603fb6c13cab0238726a23288a6f
SHA1 b699809b794d47ebeaa28638d94d3b4744b29d8f
SHA256 b757be4023ad43967d2a2de39d383f857db74e7dbc1a4c4ed6c499b560b04449
SHA512 ad9c4466d49aeb016bff3508b8ebedfb43c22d0da2d52ea0ae3708c09f96eeb5f42e3b327ae07fce5e7022a37f1290c759fab83b82a4c31cfacdb217424484a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

MD5 9c12ec41b948e46a5108b7dbfaf1d16c
SHA1 860c5126809bae1950aa06800c5c1bcdf05f6c53
SHA256 34291f16a0ca09f3129132c388fbf0d909778432ae92059c6d85f77a622dc004
SHA512 a93099ce7e7896b91fe111c44df3beece4828d40705f08f403c63502cf778822f276a3d40f01bee3433b8b1de32cfeef9c8b445bfcfaf56befae6b3ec43f463c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57c071.TMP

MD5 007beff707279172a5421e537e4a1265
SHA1 fbf7e455403744bc7f3b6b51416a3f05df33c37b
SHA256 75e944bcf8ed9c4dc14cf04686e849c2aca984016af3765b65903e06448970a0
SHA512 9a8295af40e7fad462b04b300864349975475c9e30ac42266e21428cacaf1c74fa45ef5d5e4355380027213ff3c1059d75bfdc8b829e61dc2ecaebef8dd0b70b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0890394c615b79153f99403a4e8a9079
SHA1 5e0edc9d654bde263f1371a8cba00b2be52278ae
SHA256 1ac09d2e263c8274f04ba485cf29440c884a609f135719a90afd0f6b38d2408b
SHA512 bee79f9d9bddcd29c4c70869eeee5c2216a5e7d87e6f1150144964ca674d4d0b525e3597ea1465fd4bd52785223de2fd85c24ea75928d8860a6c8c0e5d870001

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cf75.TMP

MD5 2c5a6093ea1214f817548b5d28af66f5
SHA1 bf0bcb147683a4aa41040cab1c7d82e1b17cf936
SHA256 d53a395582b0b41c50199ab8d8e857593b75276175b4f64b4eed8763da602d9d
SHA512 9b75debb789f1dfb572c37bf1e674f820085bb67e71269f09f08e085cdfdd6898f3616c052243e5a10ff8b3fd88a09c726fa406a6314d7bbe795bc0a096cfd09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 518aeb5acf9ee36e4070c08f1fa5b64c
SHA1 23c02606de325da0c99bd1bc993f9d5797ede48b
SHA256 cfc01204904691b48750a6aa3bf8c5e9a6f7e9b03f69d8efb827bbbf638da627
SHA512 e73bcec4224dd679ba4e18a61bb34c10fda1b28c4a82e3cc4ee7594e7b37f3c641736ff9248b7de471d5f4f8ad24ea393e1f22020ec1d5e8927bd1cd6f2b8835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 05aae2a5fbbfbe33ab2dd85c81dea781
SHA1 aa88f282469b680eb99c2c5626304a1fdea54a2c
SHA256 03144981dc6ba927b85542bcac623ce576815e5e966bd07dbc96ff478a8dad2d
SHA512 3f6550dc44ca98a073fb31d8b1ba093cee3143218473964c4d86a042e7a9dbec0cf6c658e4b0009a5517872375cce612d22eedc8760103f898646acfccff97a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 693fd45ea326adef89d6a03565d55ad3
SHA1 0a4166816d54b422177d792fca460b79a126f460
SHA256 d2dfff13ac6468a61fa72b843acb0486f396b8f9576458e1c353a84f7fe044c9
SHA512 7e0cb853acb55bc313efe44b8669608c1f73cba611b32baa6991ecacd6c9b134186e51071eeb3e955a06456b2c81089d5177fcd60905d0bf26d478857b695d02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 97fb40c3a750c5807270af760673d477
SHA1 fb4f07a1d02561a1877cc50da439e3e12eb2680d
SHA256 d91bf807174b832758b521e867168530548a6c44b4175abd98c5c53a6138e458
SHA512 1ae745d68baa568b9363c5c215c6c3006028900d16fbe3e34da123932b1f1b25bb5f9828ad6477b9d7866814867f000e901d4c6209eb79c00264f167e46e7d2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1aac4dfa17bc1071cce0547679a8a664
SHA1 73a8076d4551f8f303ade8b6ddc54e95a3073ca6
SHA256 6b142ec01fa6f1ca0e5a1e4f9090958f96cd874bbe9d4ff78ddac28f7941234f
SHA512 0c08ac64a23fd3e055e5c98c72a69096a9b7b2b77ba33d909f9f9cc2790a17cdbcbf3e5552a19ace144de1d088b07ae61e9d7528d8a190ace9e6c7f517173790

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0fd20f80776e086bc638a060988f5d18
SHA1 68c29841326b363b753f20f8a8fb31cf2aa9abd9
SHA256 3ce77c3b39d30758dc8ebacdb30d738497ed183686becee20479f403e558afb8
SHA512 076707ca8a5182ee5c28dca16fa5fca4190c76b24c6364a94e197e0a1ac7b3ae8704a9a31fbb2dfa2e1ce819ad2c2f7818f33b18bd7a25b453285134d2b1eec1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e77be477b809ac443093d2dc48c39f5c
SHA1 bea4e69a9d4b1b630bdf8ea85500c46e82b6a208
SHA256 081969a91090f98f37603344ddc75634996430cbad3b1140a2185b4ffb49e4cd
SHA512 952ce53b32625d2c65b8b703a5f095e2365c0a9c4344180e9643d569dfcfb04db7b3f10ccce8d56b45ce61826b3d60a4b3e712ed5254a25db070341f8e1b12d7

C:\Users\Admin\Downloads\NoEscape.zip

MD5 ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1 9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 249877dd8ce3e8d83df4f596b82f0d73
SHA1 3b3f915c787e075bb74e71f52c6da8ec49d1fa56
SHA256 d1aae48f561579b885f4d2f745a98df5da4b6ed03c7b1a9af9f577c1f0530cc1
SHA512 cbd6c2bd9580f7b9e14d9f544d63b85b04c03d4a62d861d30b8afc417b0d9a283171950f89afefe0f262fd6c689691da6fdba2f4ab9c99610c646c7c89037d01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

MD5 e029d452f80494a00944e1601f791139
SHA1 c74de1361a7375b1a1c543bf4c75d67797d047ca
SHA256 3c407fffe0f2058a39dfca8ebd0b0f6fb0f05aeeba435296e32cef5feb3d4a76
SHA512 a1a552469949d7013fb1d99d860816a90862bb0c459ceed70c00a761503a85d01e4937a03123b69fa23eb28d16d0c4b71ae49c6f57f2d175302905f61d0f3714

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c18028798de2cc9a24556ee91a8870d4
SHA1 362db97a8d8c9840599f2f0797edad0077e830b4
SHA256 a34ddd3fe94beb033600fb54b2e9cad955c1bfb7f2447af01bae6420b6a4a072
SHA512 247e96fa1d2580b6f96a71b568e25e8913dc0255d566cf2bcd27891cd4f7a408eeda66987196a532ae4aeb759b465fbafb38ccf5ec98af56e9c04566f6c99612

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 536019d65e29fa40c29ea5681499ba44
SHA1 a74a104670487eaf3a63f3a7f36a4e36cd0aad09
SHA256 417f5dc872a33cc63805ed67f1f9525cbbe5196638e8b6e46627421458b0623d
SHA512 770d77c7bdbfc5c499993b35c69baaa8be4aed86c788623d162a6ae8ddd3e78e93248af7b0328bb8734d51d63ba293e5ae272e5b231387e7d6aef802d192b79d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 30687415a984771fe093033728be33ff
SHA1 a1ef6d26bf5aa3acdf6a5c05ad9deda0e899cd11
SHA256 8ddcaad806ad1b1a1a52e533bfa953b1566e5a0bc217648ac990fd1675866365
SHA512 85b7fce3c5d784f28812e0c166d2965293d3ab4810d29f0a823328706d823bb3ca07a1aff40e7341314cb00c22eaad556a6e01bba4b9f4a218cb4bb5beb82683

memory/5392-982-0x0000000000400000-0x00000000005CC000-memory.dmp

memory/5392-983-0x00000000005C6000-0x00000000005C7000-memory.dmp

C:\Users\Public\Desktop\ょԴইߞᝠ≢ၔↁ᳗⭁ߪ⅝⃞༭ᜇᖚ⫞▄ٌ஗ឌ⼋∼েᅴٹ➸ᇊ⓵᪭ℷ

MD5 e49f0a8effa6380b4518a8064f6d240b
SHA1 ba62ffe370e186b7f980922067ac68613521bd51
SHA256 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13
SHA512 de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

memory/5392-1160-0x0000000000400000-0x00000000005CC000-memory.dmp