Analysis Overview
Threat Level: Known bad
The file https://github.com/Hacker2425/Ransomware-Builder was found to be: Known bad.
Malicious Activity Summary
Chaos
Chaos Ransomware
Checks computer location settings
Drops startup file
Executes dropped EXE
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Sets desktop wallpaper using registry
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-18 13:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-18 13:35
Reported
2024-03-18 13:40
Platform
win10v2004-20240226-en
Max time kernel
292s
Max time network
303s
Command Line
Signatures
Chaos
Chaos Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\LOL ransom.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\LOL ransom.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\read_it.txt | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.btho | C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\read_it.txt | C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url | C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url | C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\LOL ransom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\LOL ransom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe | N/A |
Reads user/profile data of web browsers
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | F:\$RECYCLE.BIN\S-1-5-21-2727153400-192325109-1870347593-1000\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kbs6greww.jpg" | C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vgyu1fyed.jpg" | C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "3" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{93592ACD-8709-4918-8F2A-09B5F732F646} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Downloads" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 78003100000000007258906c100052414e534f4d7e310000600009000400efbe7258856c7258916c2e000000b23202000000070000000000000000000000000000009c075000520061006e0073006f006d0077006100720065002d004200750069006c006400650072002d006d00610069006e00000018000000 | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Hacker2425/Ransomware-Builder
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd0fb46f8,0x7ffcd0fb4708,0x7ffcd0fb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap9664:104:7zEvent5892
C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe
"C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\chqabunh\chqabunh.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES93D.tmp" "c:\Users\Admin\Desktop\CSCC2F2DD17484343A68E51FF61DA772CD2.TMP"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6026185358866343928,7051027757293487731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:8
C:\Users\Admin\Desktop\LOL ransom.exe
"C:\Users\Admin\Desktop\LOL ransom.exe"
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt
C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe
"C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.0.1848531638\771005402" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a079c0c0-a008-4691-b697-d21f15eb090e} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 1944 14cfecd9358 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.1.196734479\895167804" -parentBuildID 20221007134813 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63cd6964-35fd-4966-8b2d-957339147059} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 2344 14cfe643858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.2.274380909\1085613897" -childID 1 -isForBrowser -prefsHandle 3248 -prefMapHandle 3244 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ca66aa6-5c22-4239-9a0a-12949923e3e4} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 3260 14c8a5fbd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.3.1654493506\62004897" -childID 2 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae16f8cb-0d90-4d11-b370-3d1b263f9d2e} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 3704 14c88f52258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.4.1033532278\1227856169" -childID 3 -isForBrowser -prefsHandle 4068 -prefMapHandle 4064 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efff556c-46cd-4f2b-be24-a53bf6087193} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 4052 14c8b7fa858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.5.1812144367\473810913" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 5060 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aeac93c8-22f8-4c64-abc5-f9f1b449afdd} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5088 14c8c5db158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.6.1456946285\360004421" -childID 5 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a2cf9c-6f3a-47f7-9ed3-9f6d17069e54} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5152 14c8d08b558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.7.783069825\5653722" -childID 6 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f6f9f94-c3cd-4a9a-9cf2-e32875ec3e53} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5344 14c8d08a958 tab
C:\Users\Admin\Desktop\LOL ransom.exe
"C:\Users\Admin\Desktop\LOL ransom.exe"
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt
C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe
"C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 9.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.177.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 92.123.128.174:443 | www.bing.com | tcp |
| GB | 92.123.128.174:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.138:443 | th.bing.com | tcp |
| GB | 92.123.128.161:443 | r.bing.com | tcp |
| GB | 92.123.128.161:443 | r.bing.com | tcp |
| GB | 92.123.128.138:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 174.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.4:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | testfamilysafety.bing.com | udp |
| US | 204.79.197.201:443 | testfamilysafety.bing.com | tcp |
| US | 8.8.8.8:53 | 201.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| N/A | 127.0.0.1:56586 | tcp | |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 52.25.97.240:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 240.97.25.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:56592 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b206e54d55dcb61072236144d1f90f8 |
| SHA1 | c2600831112447369e5b557e249f86611b05287d |
| SHA256 | 87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b |
| SHA512 | c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2 |
\??\pipe\LOCAL\crashpad_2824_DIUMFOUAEWWAHQUU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 73c8d54f775a1b870efd00cb75baf547 |
| SHA1 | 33024c5b7573c9079a3b2beba9d85e3ba35e6b0e |
| SHA256 | 1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94 |
| SHA512 | 191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1160358814d2d3acf9c172cbdc71d470 |
| SHA1 | 51e8e2ef259b99a3f4c855be7aa82ba0ceffe3b4 |
| SHA256 | ec13e95a3cacca325527e64500b238433ae8f08792f018235d84a05eb381f2c2 |
| SHA512 | a01da71236823ce47dc553622c5dd2196e704d98df7ba15543c4926060343c520a50f8e40c4b3be2ddfa27ec175f386732d060ddbde393ff578e58df92f22976 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 37bf6d1f7d13b81598de3002486e0d82 |
| SHA1 | 3bfdc96e07a92c6ef0cb22292da8c411baefb708 |
| SHA256 | 4c99da24783ea46e42388ca4a5aefc031159cbdf86ec6be56feeee024ba4f490 |
| SHA512 | 7c1784c3054ff5cf5ad4946fe141a594990dcc3504e3651c5d1520448d123b6bfc5222f6bac5e2261e9cc48e8998f2cb54965a54ced2e32fa8a6ab61751b4817 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d01cfff5290d82c18b7b7f7812a082a7 |
| SHA1 | c132493913e3ba42f3960bfb5c3148bc6fb5fe70 |
| SHA256 | bc0da9cd18fa6e1bb1a903bbbb8d6744d5840ad355594d6360c85f68488a6965 |
| SHA512 | 7323aae81ed579f6d1d2eef7c590404b362247dc99c56468ab9cbf92567976dae7c7aef2a800cd092860465f8c2b54b389d72843b5b525d098b9883058ab264b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\Downloads\Ransomware-Builder-main.zip
| MD5 | 2f859950b215f4eee1e00bbe39207212 |
| SHA1 | 31593e690a1e02c5a19f24d65b2ab0022c136a0e |
| SHA256 | 4b19ad3ef396d68d4ad5457be25ca636d22e1bd848d3e4a5211b71da58f016b6 |
| SHA512 | 4948afdce16b45abed05df9d093ce7286637beedf7fd5d1f1915638914ad1437321128b125653849c27161d1994acaa8a648207a326af922f7a4d59740d94d48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6250c2b5df87ac1834eed7fc0ae5d8a5 |
| SHA1 | 15e9f3e191be0e97899d04383b59ae0b8291ed41 |
| SHA256 | 83ff190d7eb06da52353528fcf085191abd5c2f4b4d73b0621e39604770297cc |
| SHA512 | 453defdc77b886e5f3325f48cc4b9b5f00169dbbb8fa372e52072df3c67535a362487dde38ad70c5f8279c2ebe41bcf225268e7dddd6cafacc5f1285b386537b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bd26.TMP
| MD5 | e7ebcad19bc3f5f50c3d77f75dc0d508 |
| SHA1 | 6ed4a8ede1fc4af956045bb8b8a14c920356c8bb |
| SHA256 | e4dd6e309768fd3397f06d08498606d5469f09c6498e4e64e8de066a5733f195 |
| SHA512 | c802b790a82961b7e4f9c8a6aacdcd8563058df92a35a698099c8aeb1815a02c24b7c737a128f0af41b1f8b15e6422b9871cef293b59e2341e40640157566067 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13de4d9bf5615be7d582980f58f71160 |
| SHA1 | f920348d9b91f095aa5ce90b87b4d3a2d96e3130 |
| SHA256 | 296eb4644731fa7dcf61966bfc759078548f8f65e8438f9a2350892752e0c2e3 |
| SHA512 | 7d56c3025b94df59f37021902949c511405f26951e686b2a6be5625dff179dd1cdcdace64ad0495534c4a63dccaf8843ffe856877680db8fc6ebbf027ad9ab3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 26d280911b987657964fd2208056aa00 |
| SHA1 | d08b8b3ae8393fd92f500655520e5aabd3aa6bb2 |
| SHA256 | 33708d5607b6b1fe1a40a1541bce732128c7ee08077948cc2b198db42ca10391 |
| SHA512 | 792b75e4664a28d8d9bd36b6424974c7d9bb8e21f3ddcc2acda53bb761ee130b322056666e8f6f1e69fe529d537d01589bb8b0df7e0453dbb7b659c4eb69c6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 05bc1eb5908653db3b98749bc897eb8a |
| SHA1 | b8ec6f848668460992ac5ce89c21f59017320448 |
| SHA256 | db657b8fcb3175e80592d92ac538f97f0279f42fb3c2c358b0ebae7506d261e7 |
| SHA512 | 8e5cef52a1b9b1fa0fd6592e5c87a15a0c9530a15a1c5b1b656320a76d107b8f0a2f5ad1b526bcc2a2743557dc9a59929e20d82759133e1dec040e863e90c668 |
C:\Users\Admin\Desktop\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe
| MD5 | 8b855e56e41a6e10d28522a20c1e0341 |
| SHA1 | 17ea75272cfe3749c6727388fd444d2c970f9d01 |
| SHA256 | f2665f89ba53abd3deb81988c0d5194992214053e77fc89b98b64a31a7504d77 |
| SHA512 | eefab442b9c1be379e00c6a7de9d6d7d327ad8fd52d62a5744e104f6caa44f7147a8e74f340870f9c017980a3d8a5a86a05f76434539c01270c442a66b2af908 |
memory/5828-217-0x0000000000C80000-0x0000000000D0E000-memory.dmp
memory/5828-218-0x00007FFCBCFC0000-0x00007FFCBDA81000-memory.dmp
memory/5828-219-0x000000001B980000-0x000000001B990000-memory.dmp
memory/5828-220-0x000000001B980000-0x000000001B990000-memory.dmp
memory/5828-221-0x000000001B980000-0x000000001B990000-memory.dmp
memory/5828-228-0x000000001B980000-0x000000001B990000-memory.dmp
memory/5828-240-0x00007FFCBCFC0000-0x00007FFCBDA81000-memory.dmp
memory/5828-245-0x000000001B980000-0x000000001B990000-memory.dmp
memory/5828-246-0x000000001B980000-0x000000001B990000-memory.dmp
memory/5828-251-0x000000001B980000-0x000000001B990000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 463f615865d92339eb68e23cb603e539 |
| SHA1 | 1caff5854dcc2665be53c36fafe53602f39fbadb |
| SHA256 | a71ea36b4801d34a72d4cf2e6697acb39eb69abbf866461cc64d84133710759f |
| SHA512 | f77f957a18753ea34c90d48bc81ed4a6ff65a8c42036d2ebc622ea4e5bb7a4d76eb1e9e6367d765edba69e83c973dac2670a97cbee3f95d08259ef667cc8b5a4 |
\??\c:\Users\Admin\AppData\Local\Temp\chqabunh\chqabunh.cmdline
| MD5 | a202b6a7a56cce7e2f3ae78598274487 |
| SHA1 | 6f7f68484f3fcf0bc213e95de30f472903095c73 |
| SHA256 | 00a484d2d911c9c7f9f09d8dfae119917998385da7c84125fe337fce1b679833 |
| SHA512 | 3431e0671999afd3a5cdf0b971c0af64fd5c1d821496bdd1cbb016734bd75dd7cb7d40f0e093661e57fb2ef881fd12a5d2b142eb49f4ebf141badacdf24a7aea |
\??\c:\Users\Admin\AppData\Local\Temp\chqabunh\chqabunh.0.cs
| MD5 | d06a0e0ab05efd265fe5b2919a3d466b |
| SHA1 | dc65bf44ece12d2a547f7044333de3bb2dec5a72 |
| SHA256 | 258d11d37f0feef7ddb38d299ea024ad6c1a4cb9f9fe3baa9b83ef45d56cf8e6 |
| SHA512 | 2c508207e5753edd1379339dee2084cfa2335065a5a97f46dc21b593b64a8baf013cce94cca6188da54b0cf9bec45be9621c4e6c1ed5470b61da82e925942bc6 |
\??\c:\Users\Admin\Desktop\CSCC2F2DD17484343A68E51FF61DA772CD2.TMP
| MD5 | 7c63cbdbdd4b78cc80dc7f898291eb1f |
| SHA1 | d7c549834798922ac8b730851fe4a40d82c0aa84 |
| SHA256 | 785980cd5bde147508c1a453f68da8f48ed18fd442a6069bcde63ae85d5a90ea |
| SHA512 | 8ad047a5f4e32c29510e0f8d1916423dc1b8c85ebc2a3fdef7afcb7225309f12eb960253ec38e71949f6f9a17e3e00eeab921287453c9299df02895f31f30d2d |
C:\Users\Admin\AppData\Local\Temp\RES93D.tmp
| MD5 | 82a64a0ebbe57aa1b9147caf06081350 |
| SHA1 | 5abe8c0bc41e6b92b7d3c837828c34b920d1699b |
| SHA256 | 153e44e35a777df8230ec98139257cddc4aefee799b283fc4ebc651a2b61c0e2 |
| SHA512 | d7a54f0a515251a940e991e6c44d1b2996f0713aab7931dbcffd5a3d70c096e634ed8b82f9abdaff3411fa7f46e2fb517b203b680e889784866800bddce550c4 |
memory/5828-292-0x00007FFCBCFC0000-0x00007FFCBDA81000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | a127a49f49671771565e01d883a5e4fa |
| SHA1 | 09ec098e238b34c09406628c6bee1b81472fc003 |
| SHA256 | 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6 |
| SHA512 | 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 3baf7c2e036abf00bf52d8e4a918e970 |
| SHA1 | 0eb5406e14050dc41227ba74b64a38da778fe5d6 |
| SHA256 | d30dcb199ca26a9664a46c01b4eccb26f5b8682f04480d0a9d2beffab7d0a049 |
| SHA512 | c12875c0e5085f534496ca9f1f43bc4d5097f6d4d969f70ad1651bf01bdd4e9f5e27c93413ef0589c06c647c0a22d8c4b7a2ffbda2fe61bdeb84657f53a6a429 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47af57de259be87991f1352b0bfd2586 |
| SHA1 | 309e5ac652ef074b3635e54ee8b6621b81395072 |
| SHA256 | 2200e630c2e736720a2cc6e11b072923896f67f69c7d9a3cd80a6d592ef53bb3 |
| SHA512 | 720fc1cbc1b2e13e27cde44cbb3b4ecc18c463bb646e1c5b778650e9680eec1abab742beacf4c6103dcd8a3d33b94211256ef68fb5c71c91ae035a6983363030 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fa163b9f462b6269e1320896cb6a39b9 |
| SHA1 | 1bcb387f6503a791ed0ea285ac4a24eea925be22 |
| SHA256 | 226629cf1c19b9239b0f091c50de1f0b7c843e21d034f299bbb01f78dc44df33 |
| SHA512 | d65d5e79142dd97f71926718469e8adc8ae8d9dfccf0afa20a2b7936748e0dead29c99164c4db24e9475f8bfc179ca538bc83000cbee5531f0a973583fe8df55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a6d346f58cbec0a6e4015327b25f1537 |
| SHA1 | 750056e65a8b1c20b1a6051f5adcdf35821a6ac1 |
| SHA256 | 1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56 |
| SHA512 | 74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | de71f3207eebe1816e174c3be36dbbaf |
| SHA1 | cc33f2a51e97a990d8f0b07227f9660130749753 |
| SHA256 | e1bc07e66248d932017543f78e8bd42871cee2f0dcbd5d72a6ae7cfcfa95619f |
| SHA512 | 6cb40802c5c7ca9a83c731ad2c48e257ab5d18742204f13e36ac8285dbe2d257ec2deda48128ab3485287071027c04678ab60e73b9279f1f12263b15e103f102 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c0f24952a22f2489f564693342c83a31 |
| SHA1 | 7142abc93a2bfbfca6a65c4e33b3a9d7b2eaf7c7 |
| SHA256 | e9ca34a52c8543095316b53d041434ca6a281fb7d108f0d89e50e13d389491b3 |
| SHA512 | 2c5732ef46b6ddd2d36f80f75bbabcbc269aabc94978090455a5f3e25f7435d7e220483bea2351ad586954229974963b5c988be5d44d6b2117bc83d82d9ff008 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 227d3413339d00ec3940714182f81a86 |
| SHA1 | 610c8b7c0e91d382dc799ff6bf3343bff4082b77 |
| SHA256 | 87bcebc7d4487a822feba888d4ef8ebd01dfa7ed1478ed9dcef1f9f1cc665836 |
| SHA512 | 07e5388babc5394eaaba0c374b3f803f097da8f45d107e926fce1e0451fc405350b8443cf66c2cc1ac463e69d3ae030e04237864d7e392a891c0d19d14b614a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f8179816ca68e840192ef118b001252 |
| SHA1 | 952207dad1cbd34c24778d6f748034128a61be4f |
| SHA256 | d91f36ecbe5c44619892ddc28f564e48bb0ec659bea864fdf51bb534f4694be6 |
| SHA512 | 555b727233b7e353cd6169278fc33727d2d8e704784124a5f5fb7d9a8d9ec592c41642cb3943b10d46c032afa2720fdb1264e0292704b83b27b32c0a9c4b3afa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2e8fad7d0514c645feb88163368d2ea2 |
| SHA1 | d694abcc7351579d92a29060f59dddb4dccc1c00 |
| SHA256 | 4d9c1bccfed0bc41a2d5597987f9705e5e708d132d2201bcde41fdbc3e9c8347 |
| SHA512 | 607bdeed24216fe8c3c11135c11a8bdd327600b79f91b53425f97542e58aa5ac02174279451587e4a76b867f785a751fcf2b91ab4c57a475848ee765e3f6fd75 |
C:\Users\Admin\Desktop\LOL ransom.exe
| MD5 | c03d16375f97405814f8634857152c37 |
| SHA1 | 117a2775c35da4549833adbe8e208c05f17e75b3 |
| SHA256 | 68bef5139b0af7cb84f948a671c30a2aaf42f0f13c40559a975842432bdb5b20 |
| SHA512 | bb31efb011b68ab79c5e0cdafcf98f5d9b11ee84fcb2dae99105190ba1152af82fe2df3cf32671285dde37c5177eb9b2a7bb849b5d0f32d06e957b2eff837285 |
memory/5488-722-0x0000000000D30000-0x0000000000D3C000-memory.dmp
memory/5488-723-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
memory/5488-736-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
memory/5424-737-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
C:\Users\Admin\Desktop\OIP.jpg
| MD5 | de3d6e3936a38a812ae344cf9f48ec23 |
| SHA1 | 6f68ecdcdb31cba99308de934ed280dca8c9209e |
| SHA256 | 9bd1510d3d9c56137b99b7e3068e09feda4688ae6de67c7f2905a8d83714565a |
| SHA512 | e4fb57a0cdbb37e1f924a0cd691420efaa66ab899d84fe371f1751453262b5032f3323c090010a31e0bfcab1454eeeecd70a84b6067ee5fa49378e2c365bfb43 |
C:\Users\Admin\Documents\read_it.txt
| MD5 | 4217b8b83ce3c3f70029a056546f8fd0 |
| SHA1 | 487cdb5733d073a0427418888e8f7070fe782a03 |
| SHA256 | 7d767e907be373c680d1f7884d779588eb643bebb3f27bf3b5ed4864aa4d8121 |
| SHA512 | 2a58c99fa52f99c276e27eb98aef2ce1205f16d1e37b7e87eb69e9ecda22b578195a43f1a7f70fead6ba70421abf2f85c917551c191536eaf1f3011d3d24f740 |
memory/5424-1187-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\Decrypter.exe
| MD5 | 97f3854d27d9f5d8f9b15818237894d5 |
| SHA1 | e608608d59708ef58102a3938d9117fa864942d9 |
| SHA256 | fac94a8e02f92d63cfdf1299db27e40410da46c9e86d8bb2cd4b1a0d68d5f7a2 |
| SHA512 | 25d840a7a6f0e88092e0f852690ed9377cf3f38e0f2c95e74f8b2ffea574d83c6154cccdbf94f1756e2bbdcdb33b5106aab946644dedc4ffaefb6bf57a866696 |
memory/1460-1190-0x00000000002D0000-0x000000000030C000-memory.dmp
C:\Users\Admin\Desktop\Ransomware-Builder-main\LOL-decrypter\privateKey.chaos
| MD5 | f9988f0c28b00f5d5e9dfbadb26c726f |
| SHA1 | 2e7d772218116cdeae613f753de227aa85cb750d |
| SHA256 | d9db2ae73f84da29b9935e20d70eee553c74f630593d4d84baca16d452eab909 |
| SHA512 | 2e520235e72e4308cecbf7f73dfe30e5db6a7301913cdc83b9848ddcdce3d4f28917a764430bf6cd267838e8f11d6df025995a02008ca25cea2fa84a4d3c4ad9 |
memory/1460-1192-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
F:\$RECYCLE.BIN\S-1-5-21-2727153400-192325109-1870347593-1000\desktop.ini.6khh
| MD5 | 0dcee22d6b6a21b0c79857ab290dd413 |
| SHA1 | 6d348619bb9d36396a649f402dc9e28a8b1fda64 |
| SHA256 | 60e7b121ad9b71d37ab5389bb589540803d16a120c25fd5c495a3f05dd0eb1d6 |
| SHA512 | 6f8225f246aa6366fdc844b962e70d9396dad066c34ef73d902d521a78c690f2aa1494bd93eeae3fec468b2e51c9a9e2c5df273879cc0b43d9560ae12e8d2f2e |
memory/1460-1196-0x000000001AF90000-0x000000001AFA0000-memory.dmp
C:\Users\Admin\Desktop\CheckpointUnlock.dotx.u4gf
| MD5 | 6fedf1db0933ddfea2195f02250e11e5 |
| SHA1 | 1faa3945109960df7d6a5329a3f916e728374887 |
| SHA256 | 2e24cc807d45f0dc3b33e5b0342fd86a046650702efd35377f240e6576d11e9b |
| SHA512 | 3c87e566ee11355460992c64218e6e4f133da6f4e146663ea71d8eaeb192e2f06b3f9c67f9485e89913d29361c7cd8647fac98809b8a7003994066447b896074 |
C:\Users\Admin\Desktop\CompareRename.dwg.lc6u
| MD5 | 2f5ebb723f51eee6b0de3335daff7d39 |
| SHA1 | 5e8effb1117c289ea6789fd34ad194a67455f88f |
| SHA256 | acc6cc32f0298f59a5f2acc28714b4b43bde03f8f7a54d3a8bdffe59e1653896 |
| SHA512 | fcb6e9175ce0ba1d05a33e06b62b5698ff7eefc6c9ab1679462d44cc310391e5799c3d4a9d209c9ba5ba26d9a9285e4286717c9f278597167dcb0faec2e9a6d7 |
C:\Users\Admin\Desktop\DebugJoin.mpeg.v678
| MD5 | 018d30a00c997aaad803d1b750cdb229 |
| SHA1 | 44788f156b7eab7830f2b1c2cd1d4063e479e38f |
| SHA256 | b4076065305cea82133723e3d69a2552e6688186268a7d14b01cf44afbd7416d |
| SHA512 | 2ba939198a9a34417c8aa21ad7988b7a94c1b8c05c2885937a52d6a75416baa302df72dd72e083ef4f36fb5cba94c80f7d3d049841ab0c9fb26f6493d5faa43e |
C:\Users\Admin\Desktop\desktop.ini.1eoa
| MD5 | aaf11f800eef97a072b8dd516221d101 |
| SHA1 | 39787bac1235c0ef19298cd775e2f728b9eda319 |
| SHA256 | d5e09b61eec20c1ea7f2d029daca5f6292cd9bfda0d953c4a0dc5224ae46a3fc |
| SHA512 | 19de3dd1dc575a599ac929fbdf44cef7fdd22274dcb7222d645dafa95de21bc5ca706cd84e099a37a9ed535032bfc26317a1938efed84c910636b1f9e6fde8ee |
C:\Users\Admin\Desktop\DisconnectImport.jpeg.5xwe
| MD5 | 30eab1a3bab5736e8dd5ba3c01da62d5 |
| SHA1 | 952b3c76e4e4cbd1424fe3011136ddab8a1616b6 |
| SHA256 | 87a1d0ea3acd5f739d6e43ec5c1fbcf691a2b18ad7e9275b18f28ddff8fdffdb |
| SHA512 | b93e323781940f97d0c9891d2472243c64dad9ba1c1d2a135a1a66cc47867df75802fcfd208edb9ce5a908abf2434b1bc001f1b4695eec3be49e422378e23806 |
C:\Users\Admin\Desktop\DismountUnblock.tif.xeyt
| MD5 | 324c347e19c6239619546282cc494402 |
| SHA1 | 011d594654a80c98695de6ad45902250cceffadd |
| SHA256 | 06607f0a0b006fd700fc29005c116bd70945cb3feaaae2109b31186501aea443 |
| SHA512 | 1838a35d101789d3e1d676364ed0143da1cbbcd466f20d7195e0187415880e01d31cb9d42ee15ba799fc1943197b31f43d27ddf5a13466c842eac978a74b5a89 |
C:\Users\Admin\Desktop\ExportNew.asp.90sr
| MD5 | 91ae42fe8b03681e59c5ae020b1eab0c |
| SHA1 | 27e1bb93ebbe16aa324a026119b5589f75b0c78f |
| SHA256 | 6d0201ba9d9ee6aa66943a6a7fa892d4e9f3dbb1e308a3b23500593065190c6b |
| SHA512 | 3759036ceed6aee9cd3ffaab3c7e62ee73c7505e4e9bbaf5cde3dec9d922c0e8526ba1cccc58e0dded4fe4578f28b15eaf01ebcfddfe84c9098544fe1cc8bba5 |
C:\Users\Admin\Desktop\LimitGroup.potm.ln7d
| MD5 | f15643527793f1f5e2f553b856dc7179 |
| SHA1 | 20d95605450258df0d07e892048be500c2c8847e |
| SHA256 | f52c9043324a96afd011c6f756f4431425c96325ab84263fd91b792ee2b52d33 |
| SHA512 | 14748d0d1ebc36e370866139399fb492e76d2ad57a57a92a1a67f2066511d3a8d2cf9d9d6d447e12d562b323c171beb9a23086c876f84b7720a2c249e73d5276 |
C:\Users\Admin\Desktop\MeasureRemove.odt.dvfx
| MD5 | 0ffa2050c41cb673d01ee1c4febd03a9 |
| SHA1 | 53f4a40f1ea76a61f19220aaa60435e45539c32e |
| SHA256 | 3d86744f2b5dba561f80a7cac77210723964bf0f58480fada21ab34cd5713074 |
| SHA512 | c4ccf69ed274215f6dada1c6eab57d98e781e18b93457347cc4e5b0ba725214c5c2d364291ac0b593a47f018216bf3cab4f7a234f770dfcc81a79a2fa74a65d4 |
C:\Users\Admin\Desktop\Microsoft Edge.lnk.jfis
| MD5 | f555bf68721d7971644abe6743ff1921 |
| SHA1 | 3c6e26e93a34ba319a6672900a0dba1ac7da84b3 |
| SHA256 | a412ed05ad717a71272325f9a02ac448d03ef777f5a61f41272c2ad5f3957a83 |
| SHA512 | 4d5717da56423fde1c05642382060cd051f9203085bc535da22c8b8c930ec7b7d6e0878df6f1d9a5936aab097bca7f7f2ff5da8bce9a9a978bb49040bdbc9c32 |
C:\Users\Admin\Desktop\MountNew.mov.x2lh
| MD5 | 483819fcae717bb40b86036157c23a19 |
| SHA1 | 66b0a6e14eac88502d11c02eea19347e4951f51b |
| SHA256 | ae68ad0f7f783142bcd7d87c0a6d05d5e6e71308e751ece98a0d899286270221 |
| SHA512 | cb7589eacf593a5ed7683201603d7458b52dbb648f5c0401d34056b1859d058512a7f7060e0a2ef87f819fc09a77e5495591af148f31a5463818f54961d58075 |
C:\Users\Admin\Desktop\OIP.jpg.pcln
| MD5 | ba6a1521cde429df2fbace5386b8dba4 |
| SHA1 | 624e67a3e9162919eea13eb46a7897890a961dda |
| SHA256 | c702ff8f608d30be20ae41288ce3f5e9fb32d339b30b62d451912401263e9ff5 |
| SHA512 | 627090e3e6816ec5d58d7484e4be499b441c6c059d953dc9a1c448194fa6207aec6291250768dc06ff2a6a99f400909579de01894a1824043b8bf1f6adb718ca |
C:\Users\Admin\Desktop\OpenSet.svgz.134j
| MD5 | fa1f96e5913a47e9f9f4dcf89d60da0c |
| SHA1 | 81211dc3437c4ba9e8063075ab28873d7ea580ec |
| SHA256 | 6cf291f0c41f750fd7cdeee996549e6fbd9009b82f643c134cd19dc7f12de4bd |
| SHA512 | 01e02526bf1416bdcd410fce0162cbc7118c62ab030a75e62fac2536a1222d1ac67a0a23970c90997f05dea050e82f2792ba46437ecbb4430abd33f4d90d77b6 |
C:\Users\Admin\Desktop\OptimizeUnblock.raw.xduq
| MD5 | 64a3fee003c5b0425a9d5ef134f78db2 |
| SHA1 | 84dff6f415812364fc73d0a17b262973972d553c |
| SHA256 | 04151f151d18b07caf6f76e5fe78cce4094b129ce079a0df6aa125d1e7385ded |
| SHA512 | 1b896081274fd9283b6cb06c881573794691559f369b0f3d5cfda8db0ddfb7b5173d2c6dcfaaf501e30d65926fb1d188694bc6fb8f3bbd35ebe873a54acaa7b6 |
C:\Users\Admin\Desktop\PublishFormat.xps.fwfu
| MD5 | e6164d68aa70a6aa86b7e140110aa56d |
| SHA1 | 9af47c69a1240c42e0e94d91881c05e29416e170 |
| SHA256 | 66c660619470f59848796080511c3ba0ae8cf98cc05b5df7b9d5b75fd8a9054e |
| SHA512 | fd5192902fec1702d2f711706a781bb93798f275575df7d76bb3df9232980aabf64321ae4a5d7753e5168820cf44657b38e5d78a0e401877db9c19d533bc3e1d |
memory/5424-1655-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
memory/1460-1656-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
memory/1460-1657-0x000000001AF90000-0x000000001AFA0000-memory.dmp
memory/1460-1659-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\datareporting\glean\pending_pings\875dff76-df06-48f9-9286-464bb5366f9b
| MD5 | 575b503baf7e045cfa91dc086b918da9 |
| SHA1 | b4a4f51f9ad52c2a9e93a0b790fe408eb64f7d25 |
| SHA256 | fc8f29bb7579df38f501da3f8ad3b304adf17482a87cace2b2809e58075d4c6e |
| SHA512 | fb9d4abee49e390c3adf8e696eebfb70ecb6f0e355880e86d04a1036ecfdaec8e4c1f4f511e67b86245057202f3400cf813fb35a0e96088ba2135167b19dee3c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\datareporting\glean\pending_pings\f085b9bc-238e-4b4c-bbc9-5755b8a6f3fa
| MD5 | 7729e517c2afca6b94fa83163805f718 |
| SHA1 | 7b02e30c2af7ae4e084c0e7090a9e0bc2fdba63e |
| SHA256 | 008f97cc42fcad8c328db1dec9809fd162814839b2271efe0085001438704337 |
| SHA512 | c0af8d8d25343d972aaafde13b49fd8f4a5c19c330e14104cf8d069b77465055ef9280292e4d9c5a41d8cae52c90a3756a61ae6e34d448c5f412e99c0f89149d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 3a452fa4f65408c20c6673bf1c510a48 |
| SHA1 | 594ae9dae87ea98d0b3335fe954bb5c04402754f |
| SHA256 | ab72c283dd9289bf1f31309218ae41b5b14553b0bb137f55841f90f3695de217 |
| SHA512 | 82359c39503921c210046c7e51e46fed2b3fb9bb0d412c6e3e36268cab5b11642df2fead52815f09a2e1aab44c195951b53cdb7e354b10e1c44bf75915c26c04 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\prefs.js
| MD5 | 60e6643d161a37b273fced8789013511 |
| SHA1 | 585e3e659fe2d26e28de377309aab36d0b67188f |
| SHA256 | 303f6b074bbfeeac0fa59476207ec095dc026fcddbe60d066233709405bed334 |
| SHA512 | 32faa14755589eb6965912e03247fd7b88771e15b5ee042180109c695562e0c3c217c1bba591fd765f915ea20f06b1f788c7c0c4554c04150cefef291b678be0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\sessionstore.jsonlz4
| MD5 | 6af7afce6ef50033ab10ef58b0cedc43 |
| SHA1 | 8e5c6821d08e24a4ba8c88714da7d8cc2ba74bfc |
| SHA256 | 6c2f261ae65b16eb12c2caa43622e393951958083ec2fc81d5a83da6ed9ae10a |
| SHA512 | 5ba9a2271d9ea9b43bf2917a7bd994bde7ca8afe62cbd9f7f23b25180f3bf0f83e8bb38dfc1261a93690776817c11fe4965dfa984448b17af030b748bd242344 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\prefs-1.js
| MD5 | 096ee28c07f4a48c57ef853326fe3964 |
| SHA1 | 9c821ab9726c271aae0ff483d607a37e7b8bf957 |
| SHA256 | be9eb319aab58f5bd428b8872bde713041730a6decfdb375a978dc553a9df07b |
| SHA512 | 1ef088d079bed7c2cf135a41260fe1b46c3952989e8159ed33bb2b552610ee2d9b2328017c8368c20b3f28f6c7394130d688d3e46ac942acffba6a7dacc2d03f |
memory/2676-1804-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
memory/2676-1814-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
memory/4980-1815-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
memory/5828-2264-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
memory/5828-2267-0x0000000002CD0000-0x0000000002CE0000-memory.dmp
C:\Users\Admin\Desktop\CheckpointUnlock.dotx.tnol
| MD5 | f847b94c984d36a02bb47e44b384943f |
| SHA1 | 1be95b299f07ae1674b9c4792fd39de035c783d2 |
| SHA256 | e9ad6e2b4fd47e73b80846b5d04209eacf577b5a226b71cfba3d9160b1963622 |
| SHA512 | 45023900103e3bf31c96cbe9e711d56f2d74a9969e3772396b789472c9590ee82fe4c0f7990721832e4be1d9c8cf110edfdecbf8d867de998114f0ca36199071 |
C:\Users\Admin\Desktop\CompareRename.dwg.5x6y
| MD5 | 47173dbee39ba716734f8f3aa397a6a5 |
| SHA1 | b0abd41d3f022caa12698e4fe441a28835e63faf |
| SHA256 | 152e02128484d3c7f68cedb1557c1a6011a9c806ff9e4faf20a92d02d0d3be69 |
| SHA512 | 71641de17f21b996a016c16102972f7cd55ee556c136e779aa4db4840ba669e912a8efffacaed95e56315b75846d9ea3f281fdd263e978b4a310d054b61700eb |
C:\Users\Admin\Desktop\DebugJoin.mpeg.bt1w
| MD5 | eb0214ad1f3d84179d5f026481c99885 |
| SHA1 | 5f019527e21fc8ea04e4f3309a0c4f78523b1f42 |
| SHA256 | 6326e9cb9663b8cfe137455564b2c198fa3a1126d3554324a5a5cca1c8f34e11 |
| SHA512 | e393b46eaf82674e32e377362186618966524159826a69cb30c753821257dfab87754652049fb7b6d4c56af836fde62f9223e2307e42d36f58e19d2e810464bb |
C:\Users\Admin\Desktop\desktop.ini.xzzq
| MD5 | 9e36cc3537ee9ee1e3b10fa4e761045b |
| SHA1 | 7726f55012e1e26cc762c9982e7c6c54ca7bb303 |
| SHA256 | 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026 |
| SHA512 | 5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790 |
C:\Users\Admin\Desktop\DisconnectImport.jpeg.0f6m
| MD5 | 9239fdca5c28ab2311c81b4959eb8a04 |
| SHA1 | 663efe77f725e89ece06aad2df978bbb0db19489 |
| SHA256 | af38a0773d14009734699d72a2c868d2c35ce772542a7938c3d14dbb2f610e1d |
| SHA512 | 2f254333bdab537503159a57a593f55a55d0554f6dd93fb6121fc209943ad2ece68e1bc57bccb195750f159bf156fd66d1093e60bb893529007568e05c622f02 |
C:\Users\Admin\Desktop\DismountUnblock.tif.svit
| MD5 | e36d14a59bb9a0053e9866877b5d6427 |
| SHA1 | 4046e93547786f51c2daaaae99ac2aef872a1eb6 |
| SHA256 | f0989fb5f0bae7be3cb602dd712160932ec235d16d5ed588ae2a742519f706bf |
| SHA512 | 36b7f8be5684ca8e5bbdc359b8d61c6770c31b76a91e295ddbb47ec0089b5a32ad1b391b423b0954b50a9cabdc573508bee349a8ff4bc8aa79af0eba083ee442 |
C:\Users\Admin\Desktop\ExportNew.asp.4x68
| MD5 | ae84a049562e3ad91c15c825004c8fb6 |
| SHA1 | e7e31208af0e6c13502f2178b20e9adb34ee896e |
| SHA256 | 63c6f6d6893ad91f1e703fd3847bf32b3e89a800b4502e4fc52d5826e1a8d1e5 |
| SHA512 | 271f067c99e3e7b923d0cc5af4a5adb78cf68671f37b9f74a0c0de90be5cbb6571d0e9db05cd66afe4ef5a9c9b9aa9e3dceb7500be9183bbf09bb52a98d4abd6 |
C:\Users\Admin\Desktop\LimitGroup.potm.h48r
| MD5 | fce16cb2ff303c656761ce76eea3ede8 |
| SHA1 | 830e4a81f1bef44e41ee84196eb93cf23284ffa6 |
| SHA256 | ea3a6992a5c5fe91e7cc606ff9c8c661e01163ec6de6083233e3264ca19efd78 |
| SHA512 | e5d1bfc3558cb6e50827ea3b1a63bdc40ef330d3a6e532405f9244d87843bf4a90573f643fbf17c61e5a556b5679f7d77a784e4253fc66bd089cd595ef85b5e8 |
C:\Users\Admin\Desktop\MeasureRemove.odt
| MD5 | 2a981a5da458e3e983abbc171cb967c1 |
| SHA1 | f13b7f93187f6b10c9db1a91a8ca2bc20f88427c |
| SHA256 | 2f6fc00d98d525ad9d90fdeb0e2337cc330faf42f5e172c3a8325f306839680d |
| SHA512 | 933d635fc5568076e0a98e20eab7d4cdf1d840110fe2e149f06f097633f6c1327db11dd068263e8a446d73334858550b41b68934ee4b5247f2df10844d4ebaa8 |
C:\Users\Admin\Desktop\Microsoft Edge.lnk.zq8v
| MD5 | 6956dcb45a100b3fbe3e25c738a0560e |
| SHA1 | c6ce22ff3f84d0143cafad68c545949bffe9cb01 |
| SHA256 | 16f3583a61350ef865ec5ebf02aebfaa322eb44e00f3dc3e64c5b849af2f6d31 |
| SHA512 | a84fe9c763cbe2ccb6b35dcaf0c7945459d56f36006bf586a525ce5aa8c4616d85d3b4a82c8c1583bde521698c3f14794fa3b53aa0e8fcbf059f2c0cc96785f0 |
C:\Users\Admin\Desktop\MountNew.mov.al6v
| MD5 | 07932b89fee3636e0bfe1586f8324f1e |
| SHA1 | fbc350e379248e5f9b74dfb014fe380403ee9932 |
| SHA256 | 610907d9431357ef2b1e293888a435367fd29d599ff9f89cb940cbdec6b2150a |
| SHA512 | 6402d00ea70b53b02d6f40f83d89a9995fca4696adf969e6bbbd2a5e3587ccebe69e8ff7550f2f3cf6e15a35dcb7dff10fa0c9bad00adf8f463781693f21df60 |
C:\Users\Admin\Desktop\OpenSet.svgz.adfz
| MD5 | 8248b52c702a9c8770622a4bba3973d4 |
| SHA1 | 89a84996a403e9ffd5fe37f94aaab9b8f5c20ade |
| SHA256 | a6d167915d942cb93281d667e8f62ff9933ce3d7b9ef4a9eee03370ac169fed7 |
| SHA512 | 61f9b01bff84c2db8b3f6bc31d122fd64160992a6a22de2cc293c12bd87823b2cf3e152f9072e4f0564cfb33f151b7f24489feb49c52a46f280dee476050f325 |
C:\Users\Admin\Desktop\OptimizeUnblock.raw.ujm8
| MD5 | a03f7b5235633b47a42476ab6425fa80 |
| SHA1 | ff3c174c59fd593b0a62475f900e69c78faff64b |
| SHA256 | 88dc8bf33697400628dbe54caa944ce9d72abb87b720fc9272e9cedcdc844328 |
| SHA512 | 975b33841528014c21ab2d5a142f2f49bff5e6eec8964481f10178c8fb9b7fe90e53fdfe41f178655cfae962d19faae42eb9d2bb5ca888e66b56baa4624b2f8a |
C:\Users\Admin\Desktop\RemoveLock.css.ukn3
| MD5 | 23353a3bf29f8b876ef88d053096d207 |
| SHA1 | 2ccf4e0e41b329178944d11e7f213dee9e15f661 |
| SHA256 | cccf04bd687bc971bd318bd1b4989eb1cd3f1ba8635983521d1f146eb62b9ce7 |
| SHA512 | 1174088be3c63d0f0cea10e2f87b97d77aaf9296b00b93c866f5f0848f363927d3fdd650522904363187763e0808e4964f8734093c7d837a1d937879aeaf62b2 |
C:\Users\Admin\Desktop\ResetGet.ppt.9j0j
| MD5 | 2fe9a05057d806b65bbdfebfbd387476 |
| SHA1 | e20a8c0be6e42395df8c569c284f19859bd9a61e |
| SHA256 | 889e9a9e430fa452f9d79061ab531d04c27a0999fc0cd9d4cf80f2d2fc7ff7a3 |
| SHA512 | 8e0e19adc5c9a1ac170be0e99380fd5c91fcf7861e3043e9e2ebaae8cbbfb92e8383a1a01c6eb0e04fb7290e0eae1bf73cee6866f3c6ef5a180617d62311ebfc |
C:\Users\Admin\Desktop\SelectExpand.dib.gllh
| MD5 | 1b2612b7b4615a01fc5bb42ebbb4180b |
| SHA1 | 6b5b4c97ca9a99ce909784603f9776c444675a78 |
| SHA256 | be4c45ef4afac64e215e18f0a0934b5439f023a0904cfd4afb3d8e9681c20cec |
| SHA512 | 247dc7dff4d8935bb59cbf231a5620e02691d3c7ba54a9d0ef42e3d9d1c047da4f2ad4b5594a2707ad00cebac3c9dec3f22c16c7e3843469825de322b87fef5b |
C:\Users\Admin\Desktop\SetRestore.wav.yxwx
| MD5 | 0a8590d86e2bcf880d28d2ba2a5a4793 |
| SHA1 | a60369eb6e4470f9b7980b7836127de988b885a2 |
| SHA256 | 3fbdd9b9ff13bac28cee281d08c4d0b04081aa0ae3c74743ed74f996796e2ef6 |
| SHA512 | cbe64cd5add25f57f2d8cfa352eff8df939ce179b4128fbd592731dc1af874f098a2e1bbe5e4d0bed95e85e2f1b974b0de699a4f614b0284e9ab3ba224e01eb2 |
C:\Users\Admin\Desktop\SplitOpen.mhtml.c77e
| MD5 | 60cf7cc936cb44d065a95329887af352 |
| SHA1 | 0984e3ab993b98dbdc27d8d996c074afb33dadcb |
| SHA256 | 7bcfa3d3d62d2e8922b8aaa7fc92b6f4296538bc7611a6a3a15c90fa750b9ab2 |
| SHA512 | 24a7b2fae048087e76a12a41a5a0728af894b1f83c91f54640ed9da425c6e2f644f11f49a1c82edba53788606a5785c9dd25a94c5648c4ffd9e88f3b9a8e221e |
C:\Users\Admin\Desktop\SuspendConnect.odp.zj6a
| MD5 | b164a547594b27b4bc8886e3866b7e39 |
| SHA1 | 3ac7ff30117c0987712aa84f21b5e0b0119768d1 |
| SHA256 | 5079fc3c56a654fa2c5a0a7b666b9820ea2eb537a515f09c6e99d56a7711341e |
| SHA512 | 6e3b530dcf5afa8ce5ab88f7155daeb9f01c7c357547f891bfc0042c66c0e55878fe98539358149afe65922baa21e2c3bcf2d0021e0dcb45f8968aa6bf4e6fbf |
C:\Users\Admin\Desktop\SwitchPing.m4a.r1k5
| MD5 | de6100a6605966393f565a2df5dcbc3b |
| SHA1 | 8184bd6ba15b33900bfcbc966ad9c7af435a7c03 |
| SHA256 | ddbbd9fd08e4d2b6ca505f2107d07b4be939f67d70c483df0648d871fb941527 |
| SHA512 | d5712788ad42c6e0cd29214a1f4793bbdc0a019181a93bb9311f3760796b354ca81d10d7527aab4ddace28b219c62af6a73717b0df678e2aa30208653aca10fe |
memory/4980-2316-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
C:\Users\Admin\Desktop\PublishFormat.xps
| MD5 | a8a61b9f95cc17d04c9c383cb678d3ab |
| SHA1 | f555aac889ffb3c038799fda84b062ba9b436d8a |
| SHA256 | f37764a80134411597f9aac8aaed8ce4470f5767c465675e8f5b952aec8d22d7 |
| SHA512 | 105ce564c17555ec1ea8f5201f8f1419a5b08520918b0b306f3a2862d736ca259c66a48a533d59aa5b1b2a9e4b03d21cb65da5f01a69b053acff811fb92c9fe4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk.6pv3
| MD5 | f727cbb9351106b2dd46f3ef649f3176 |
| SHA1 | 5732055ec636a4706c6da6857ce1c1ebc1bc86e5 |
| SHA256 | cf116b33831de9f80847abdb2a0d92ab3d3f956a8e209ec95d35d986eea8c7b5 |
| SHA512 | 01dffdcec62254701b9523bca7f572c1f5a5328a18c01fd6590721aded39d86db801bda23bb83b23876b67101991426a5c54087597971206276eeb18dd70f6bc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\sessionCheckpoints.json.d14z
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\targeting.snapshot.json.pthn
| MD5 | 4f4a0943b5784fe752d4ad1a73a21254 |
| SHA1 | fbaf30a8ccb7313b0f72a29b2b1b0ac303184cb7 |
| SHA256 | 0e1cd524d7d87bb6bab636810431fe147fdbae2f69711ab7c06916e809a913bf |
| SHA512 | 4980e0e8e13e41a6e8545788befc7ea2289779079194e2cde8deff9797fe4bac0de9078e13d6b0a12a92db38db409f57f648f83194a2fe89598ecd8215da6010 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\xulstore.json.q80d
| MD5 | 05e1ddb4298be4c948c3ae839859c3e9 |
| SHA1 | ea9195602eeed8d06644026809e07b3ad29335e5 |
| SHA256 | 1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be |
| SHA512 | 3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e |
memory/4980-2714-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp
memory/5828-2715-0x00007FFCC1130000-0x00007FFCC1BF1000-memory.dmp