chaos | 453035aa0f2f3ff9d71a9b43035e678e950d3a51decd3ba21e8d7b39c3238a9c

Analysis

max time kernel
597s
max time network
599s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

level.gz
Size

8KB
MD5

d0d3095f818ff3f13607ddb23e4158e5
SHA1

79a458c36f4375df44ebfca0329179c6304db9da
SHA256

453035aa0f2f3ff9d71a9b43035e678e950d3a51decd3ba21e8d7b39c3238a9c
SHA512

36b0c6a2ab63bcfd4f401098ce74169047fc9c970434d50f62db6b7bc0bde439e6349056b3a58527cd4b2dbb152b566b82174e2f3e8d62e89818841c0e3f635a
SSDEEP

192:1rY/IEzX2sHnNhzWhgDTDGBBbjmnky9lpDe0fvFgpu6V:uX2ONhzWhgDTDaZjgkYlFROu6V

Score

10^/10

chaos ransomware upx

Malware Config

Signatures

Chaos
Ransomware family first seen in June 2021.
ransomware chaos

Chaos Ransomware 2 IoCs

resource	yara_rule
behavioral1/files/0x001400000001d9f0-1673.dat	family_chaos
behavioral1/memory/5644-1681-0x0000000000D20000-0x0000000000DAE000-memory.dmp	family_chaos

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 6 IoCs

pid	Process
4084	freebobux.exe
5404	CLWCP.exe
952	Chaos Ransomware Builder v4 Cleaned.exe
1900	Chaos Ransomware Builder v4 Cleaned.exe
4952	Chaos Ransomware Builder v4 Cleaned.exe
5644	Chaos Ransomware Builderv4.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a000000023535-674.dat	upx
behavioral1/memory/4084-1583-0x0000000000400000-0x000000000083E000-memory.dmp	upx
behavioral1/memory/4084-1622-0x0000000000400000-0x000000000083E000-memory.dmp	upx
behavioral1/memory/1592-1685-0x0000000000400000-0x0000000000716000-memory.dmp	upx
behavioral1/memory/1592-1697-0x0000000000400000-0x0000000000716000-memory.dmp	upx
behavioral1/memory/1676-1708-0x0000000000400000-0x0000000000716000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
249	raw.githubusercontent.com
250	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\Desktop\Wallpaper = "c:\\temp\\bg.bmp"	CLWCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
352	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-399997616-3400990511-967324271-1000\{96A863D2-886B-4BD7-AA33-DC79428817FB}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zFM.exe
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zFM.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 448027.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3728	msedge.exe
3728	msedge.exe
5360	identity_helper.exe
5360	identity_helper.exe
3928	msedge.exe
3928	msedge.exe
6116	msedge.exe
6116	msedge.exe
6116	msedge.exe
6116	msedge.exe
1624	msedge.exe
1624	msedge.exe
3836	msedge.exe
3836	msedge.exe
4108	msedge.exe
4108	msedge.exe
3988	msedge.exe
3988	msedge.exe
716	msedge.exe
716	msedge.exe
2284	msedge.exe
2284	msedge.exe
5248	msedge.exe
5248	msedge.exe
820	7zFM.exe
820	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4412	7zFM.exe
820	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	4412	7zFM.exe
Token: 35	4412	7zFM.exe
Token: SeRestorePrivilege	820	7zFM.exe
Token: 35	820	7zFM.exe
Token: SeSecurityPrivilege	820	7zFM.exe
Token: SeSecurityPrivilege	820	7zFM.exe
Token: SeSecurityPrivilege	820	7zFM.exe
Token: SeSecurityPrivilege	820	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4412	7zFM.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
952	Chaos Ransomware Builder v4 Cleaned.exe
952	Chaos Ransomware Builder v4 Cleaned.exe
1900	Chaos Ransomware Builder v4 Cleaned.exe
1900	Chaos Ransomware Builder v4 Cleaned.exe
4952	Chaos Ransomware Builder v4 Cleaned.exe
4952	Chaos Ransomware Builder v4 Cleaned.exe
3872	youaredied3.0-x64.exe
5144	salinewin.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 4412	2856	cmd.exe	91
PID 2856 wrote to memory of 4412	2856	cmd.exe	91
PID 3728 wrote to memory of 3680	3728	msedge.exe	101
PID 3728 wrote to memory of 3680	3728	msedge.exe	101
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 4932	3728	msedge.exe	102
PID 3728 wrote to memory of 3356	3728	msedge.exe	103
PID 3728 wrote to memory of 3356	3728	msedge.exe	103
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104
PID 3728 wrote to memory of 1964	3728	msedge.exe	104

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\level.gz
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\level.gz"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa301346f8,0x7ffa30134708,0x7ffa30134718
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2080 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,11153705270685807478,2901023787097868706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2744

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5624

C:\Users\Admin\Downloads\freebobux.exe
"C:\Users\Admin\Downloads\freebobux.exe"
1⤵
- Executes dropped EXE
PID:4084
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\D92C.tmp\freebobux.bat""
  2⤵
  - Checks computer location settings
  - Modifies registry class
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\D92C.tmp\CLWCP.exe
    clwcp c:\temp\bg.bmp
    3⤵
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    PID:5404
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\D92C.tmp\x.vbs"
    3⤵
    PID:5480

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned.rar"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:820
- C:\Users\Admin\AppData\Local\Temp\7zO43370C5E\Chaos Ransomware Builder v4 Cleaned.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO43370C5E\Chaos Ransomware Builder v4 Cleaned.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:952
- C:\Users\Admin\AppData\Local\Temp\7zO433F751F\Chaos Ransomware Builderv4.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO433F751F\Chaos Ransomware Builderv4.exe"
  2⤵
  - Executes dropped EXE
  PID:5644

C:\Users\Admin\3D Objects\Chaos Ransomware Builder v4 Cleaned.exe
"C:\Users\Admin\3D Objects\Chaos Ransomware Builder v4 Cleaned.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\fadc19eca6354692b19d687a42aaa066 /t 4824 /p 1900
1⤵
PID:5032

C:\Users\Admin\3D Objects\Chaos Ransomware Builder v4 Cleaned.exe
"C:\Users\Admin\3D Objects\Chaos Ransomware Builder v4 Cleaned.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4952

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\c417d69cd4034de59a3cd74674be034e /t 3688 /p 4952
1⤵
PID:4760

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\c4ead76a31174aa18e57d588bfc3754a /t 64 /p 952
1⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Temp1_HorrorTrojan Special Edition.zip\HorrorTrojan Special Edition Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_HorrorTrojan Special Edition.zip\HorrorTrojan Special Edition Installer.exe"
1⤵
PID:1592
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AD8F.tmp\HorrorSpecialInstall.bat""
  2⤵
  PID:4564
- - C:\Windows\SysWOW64\choice.exe
    choice /c yn /m "This Trojan is no joke! Do you want to run it?"
    3⤵
    PID:5324
- - C:\Windows\SysWOW64\timeout.exe
    timeout 5
    3⤵
    - Delays execution with timeout.exe
    PID:352

C:\Users\Admin\AppData\Local\Temp\Temp1_HorrorTrojan Special Edition.zip\HorrorTrojan Special Edition Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_HorrorTrojan Special Edition.zip\HorrorTrojan Special Edition Installer.exe"
1⤵
PID:1676
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\E345.tmp\HorrorSpecialInstall.bat""
  2⤵
  PID:5616
- - C:\Windows\SysWOW64\choice.exe
    choice /c yn /m "This Trojan is no joke! Do you want to run it?"
    3⤵
    PID:772

C:\Users\Admin\AppData\Local\Temp\Temp1_youaredied3.0.zip\youaredied3.0-x64.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_youaredied3.0.zip\youaredied3.0-x64.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3872

C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
32KB

MD5
5935a3b84d16bfd55607cc85c0df4813

SHA1
461201d875da29e3dd446d64820b0071abc5e2bc

SHA256
f767acecf7d978d159e7838f888f77114c786bdd8d3de5181e4b71112bf90653

SHA512
2fd0c7f46bc45e084c827d1dc6abb406ac63b427a3ff155e97338766fed7c9f0f71a01a4dc852002ec16e24c5cae6abc8c2676d41097d930dc81b6bb4d5448ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
a08bc7e7f24349a9b16da33a6c833580

SHA1
b214e57a3beed9983e30b3e1ae49df021952ee82

SHA256
9b045fd77395370e218f74c0dddb8106bd1bcb52163de80b1e51a7691fe7297d

SHA512
24853c38f38f0472867db8e42c34397b616926b2ffc2aed7d40354de736fd5723e5a04e6a11b0aecfe0c937f8952d14ffc9c417a51d04d72139675e0415b55e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
49KB

MD5
2ff5ada19d3b7c97938d1abf1ad8b8b1

SHA1
f8d1a890fecb5b4ce9ab7f2aab507de5d2c117ce

SHA256
f28c011feebd40656ab7a9023a5d133d7ec66108c5e0030d2132690723895ef8

SHA512
4cd61a2a5f2555e4cc91dd254af00c810393d5bd613a342cc44de024cd526c5e45c1dddf20c6d09a393d1cd2e3af0073de6fb45859f707e15edb4ce50c26e566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
44KB

MD5
068b82e64f390ab4e6d01d146fec74bc

SHA1
e7f8e8813681bda3adcc5896c4d235ef3956f7f6

SHA256
66f26afca99a9b04259a6dabd2bec30a64fe445666ecf389f2b289956eeb79bc

SHA512
4afffdcc4ed500e0e3bc9d8631ed64da49663687b43cc3eced4eff6832c3335f0b2e794e8c77cfff4849cd19446b07099ca05f9a34cf79b8de3bc2a8d1668f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
24KB

MD5
07f7a26f78cb8b89ed3c474355b577f3

SHA1
970674241b66fd0b27a9794fd0040025fe2b4fee

SHA256
0bda5eae2c16f25d28d08f2ebd75465704a8d9be55ac422a39075a6f86ec9e42

SHA512
37fb252af8a60b2c56c148872b5aca882b4900ca2a6ab25eb4a7be7ce58dda002feb1b70af6fad1b170317a69d254a63221be2ba841324c720b9b1d577c0f51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
26KB

MD5
19c85877f209fd7f9583b9b00350ce5e

SHA1
e32c36713f2faf85d6b2cc88ad9b74a48c04a57a

SHA256
2885f919eadbc71d3c6614477fe3d00f04d6c2ce40af8c89e5ad71388f0a740d

SHA512
c7cd3b078351a81b3de043beafac89e819fdc87bbe72f4ba4282ef2527c97e2da583f71506414741cf5c56f6c97f03840d1327c8551d445651ca2cffa042eb42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
bbe1fb997167149c735a301055e280bf

SHA1
a5f4c4d21368d4dc838e3276108e95bd1754e312

SHA256
d71f8860e6c005d47ae8dca86e44ec2a863a3bf84d92276cdb66972c7c315a50

SHA512
95f717e1914a6f1334d1084557919f92d0e781a1f00b49e2bcd120017d6bb94d4cfd3c8796b07e7638fea2e1bddc8da31e396d846ad5d8761d91f9845c04ff2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
68628ceb90da59674fcb837277749b28

SHA1
b5564ba800acaa03dfceb0f4a23c088dc1cb508a

SHA256
077f88f8fbe31024d74e53d7e46e26f60ab6de38affbdb3152672977609ad1f9

SHA512
c12a9f70ffe39e03d99f42bac8ab857017cb50dd256fc1ec9634a899d2b33b9909a57a64be5031d1e9e3dac94ff3fa809fe9971418186f138e707765d0ecc3a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
59KB

MD5
063fe934b18300c766e7279114db4b67

SHA1
d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

SHA256
8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

SHA512
9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
151KB

MD5
e0595142a80771d317d27440fd29b8e6

SHA1
db3710d0d8d60dcb64430c342c6fd921d6792fcd

SHA256
3ba245011d9a8ade367074a3774a786f50ca51d71a83956dbb0ad2647a14d7ed

SHA512
6d298295955fce4166720ee7cc42bf4562ff311b6820025a7ea710a19dd8553d8677fe194876db5e2e6440d9d21aeb603a6b3fcd73f656405428d4ec00dba288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
21KB

MD5
e5f13507d9a1d9127fdacbdd45c91f51

SHA1
d803a580f6dc4089b462643dadb82a6b31fdd943

SHA256
55caec6aad2b7abd0f8eb3637d9bdadbf1217090fca870990c1421c9b060d839

SHA512
88064c91fb3dbd4f3bf3a7f211f39ef84486aa5f26925cd60a397e5b61bdd198155b8efb6dfb38ccf29fff2adb22162cd66561efbf0675b6cb2cad71ecd005ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
19KB

MD5
06609b0a3812ad446f706d3cba5f7588

SHA1
aa5087d66d9282918a8a5a9942dac2c5382a02ee

SHA256
432c0d52ad368a2653f0feb832ec8bacab264799fd1f58169bb167e8c324d55f

SHA512
f2017be2c711eb7012b1f7122310abbe219c42fa1c4a56747ca6387fc21946b20526d7b982b6ed9323a0b7e444b65bc52bf735538052a58e93e14467e87ebe1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
23KB

MD5
77a781823d1c1a1f70513ffeda9e996d

SHA1
60776ceeb79ed41e7cd49b1ee07b1e09ff846f25

SHA256
b093599957b103def2cc82ffd2d42d57a98292ace5a6596e3e4439a6cce063b2

SHA512
9aa66273ad419e1fc4ee825ec9e9fea4297139eca060572d3f59ed9bccbf2e1dbd03a006a0a35c6d37196e8297ec9a49fb787f0a31c3772b17911603eca62aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a1a20b67efd3ae81660fcb4f21b9769c

SHA1
7bb0bbaa3aef10ad85c30b30a919b5a558921c7a

SHA256
72125c57a302793c9474c546bb49dbb845e2e6791861c212325718351f0d41f6

SHA512
c8430189b0ddea853c05cbfb71a85549cc053384370375efe738fe892c4182ee0e16b21e36f76c0f49d709c30993d404f383276bc139fe0efb1096d9760615a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c503800517aa1a8bcc157ad163197a69

SHA1
725b557c1cee5af01f9af87b907fb8f56aac8e02

SHA256
241e3f048040d47343eecf3282eb6f6147c99d600a2fffe9d0af7a520f60de90

SHA512
a87de7035c8b1e2aaa741e3296f799544a825e1108fdcc42b27e93b7685ceecf0ba1a2ddcfbe7da67d59fe87aa39052245615340b26c05dd27853830e310360c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2756f365f68a884f314a8a6585f2d775

SHA1
b514cd3c5f52ae9a81c5d2534d1d203090300417

SHA256
90004feaa2a8ec3e08dfb0ba7d1262a2a37103ee93986458395842318aa1e41d

SHA512
0c3b8741e51c939a337d121dfc903e4e5af450f8ddacee0d56afe7e9e01b4023a4dc774689c1c459a9dd788bde80be6a15e54b13e52d441056e2079c69c5dd24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
dfe429e2ef2f39c89d84c0d1601b7eab

SHA1
2fd084b114e7c409c80efa83136802de26e55205

SHA256
52e3cb252d4aea5363df37296f346d71a51eb0103ce7be674c6afa8f48173575

SHA512
253e2bfbe8494bcf62d80c6d301e74f826a9006a969f0d4e49574cc7a23ba06282a60d1be549ad35455d94eb283d50cd22632a7d90c10888bbfb4a2b0c0f8d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
95740e433b38bf54663c59866c43d419

SHA1
30ad59ab5f8076a5b113a1abb454792ddd98229e

SHA256
4e63c9162e8ba4293f1cb4c68537125acacbbb173f63fea6891811d64679f48a

SHA512
e639140b0b093005f0681f693fb6ff99510cb611322d6406d6f6cdefec9bf5da58e1f28b023d914d553d244c2a023d779c1558e900730da6cdac195f9ef3d9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
936B

MD5
96bd7bbe78a670da8e7375a630884414

SHA1
4e371a7e44b26564cefb6b04fc9bdfabbab75ddf

SHA256
1c191020b3f750c334229b5717dfd5a4e78253f62d631375166abc04a32b1ed8

SHA512
2464e95abd0529fdfe25ab7cde30713167875b99e15ef51baa96bb409386f9187d1e295fc683c556e30e80023f335980a250f5bf86a9b201ed08f5fe15bc306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e5c8495533cedadf3e0827f0be2789c1

SHA1
85cd25efa26551cc9260eef5941d55d923acac12

SHA256
8fafa5d2bc5d7d522d1a5d61904e58c8649bc4e883228f1983f5c32f23878c0a

SHA512
258e9d977c762b86254e732f6b73ea40f3518e97532427c741ab623b969df907ceea7dcf66fccb004a844fdd20fee5afdc0cfa1a6c39f3dfd54f2783200cbf48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
348dd6af7d736011fd073eaca06f94c5

SHA1
7e934031563810367c0544c054d61479bbcd6036

SHA256
1d697a9a3eecfe863c4ed3014069e540ec412cab34e4112a792a3b5948602e62

SHA512
face64d4ddf7ebfc067efdb01294db7b468ce3025427f2171a627c50a91e2c872e7c0dd885e528f40b45a9e3b4e9c9240ce79d6fdd7d2b3622bc04fdd12f490a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5bca29ee601ee5e115d4189c06176a17

SHA1
988fb50bf3a9714a78a421af98ba6c129405fa86

SHA256
9df8a5ddeb42104131f0f6a2c4c1b1c2fc7713c0bb1e960b064fffe6926f9821

SHA512
a76b1e2ad5150a5e0d595b45ac9eea5d9a3aa4176568a27ae8dabd356c92758fee1fc9b6c2b5a083a0611d9591bad2a32d58843a96b85814e2f5a4b0d25331b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5e1df2f079b5c5f1e3cea6a34625135d

SHA1
4ea421bece77c1e60e67afded3f7a5f88344f025

SHA256
6fcc4442f35999957dd28cefba519c64c16ca8d3b121510609482e496bb9e5b2

SHA512
0eb1a466abdb4b1c1fecba2ec1bbf2cfb85cddf0ed92785d64f50c59a4f48501fecb1675317517d1cd28c1c8edc6ae26ffef2bb6374ba691e3b7961f82883cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f70c4664a7ce6ef76d395a69859472a

SHA1
93fa0df56060c487583b09836e6a0d015050e2a7

SHA256
16b721dd487e02c789612d90a03ce2198168fe07208a13a3df5ae5a17f462c1d

SHA512
4ddf5c0c056f31ad2a95e7d0a9892a1efbf6c22a346a3e0e63ec082999e57c1621cb319a333ab70f49742f5039e59c213cef89e5187a3eda7683f770f2061970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa246d9722cdb05c46a03826bf7e59cc

SHA1
e8d923e2319255c61f937ff2929a4dd4ab5cc677

SHA256
276f71e2cdb5a849774c60029dd2206f2b0dc8e5a7d3610b53c438b3db925dc7

SHA512
9619a1f166aaeceea9bef5c1861f8cfc00272815c7d7e8ff53c75fbb490a212c610ff311381c88adef39096e09b2b0a4449cf35e85d8c9907a32009a4733a0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e750a3dfc68d59d4b520260e0a68355a

SHA1
133f627295c383acab8599ead121d4fd077f7576

SHA256
7c2142508056ac0be3286e68553114ad5303ac336ee375aedf327e4e6861ecfd

SHA512
a49d39f3ade2d2cbe314ec019c113197692d03cfb9f4f15f75a4994eeca674c6d7f210f2cadf7d2e93b46c1a12983d6e9258858534f2ef0fb01905b34c6cea79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a94bd5e84d78a3060c042cea8e8df23

SHA1
1034f78cb6a6d33e53137e9ec8736823f83d2cda

SHA256
03b7ff13ed8200d21a12041672a631912f0df05ad96aa5c246ded2d0232da4f9

SHA512
1495a2b37613f2a9c7be6d3a05aa1a069bee1e15d33bee8060a55903257db6e87cb40e864e7c12b596998fdfafbf5dd639785536668903a3bedc0260f220cd1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
43baf5576f057e2b5d2b70fbddaebff6

SHA1
ecc067e92cf55e291dfd3c827bd2104b6c77617b

SHA256
c565573161107fbb283ddbeb0710d48cc783103752b987e05fe557281129dc44

SHA512
914fd0126a1cb7d7822603d35bfda9ec5827313dfb54de23ca7e318d8228e2455fe9a4fa40d617e715926ebf2a54dbabe8d43d159e2f07f8dcad2e011df549b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39e5d02d288bd0153b1a07669902c789

SHA1
4e48653ed6f3a6295d7ab4e6a8c59ce2fca4e7e4

SHA256
d32f12be9effc2919e25f3c3547526246a4819ec2bdc1a2653dab459c6a198e9

SHA512
903614b8bebf99416861fbb970934887e1fdc7d3aa5ed92bfdf07ed57a7578ac17716d9d11b4cba341cc745a0b9c3b8ac104fee62976cd4ea892d5bc1eff9018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b5691778220e1aa81ee1e58cb6ea10fa

SHA1
2039b29120a2ade27d8c2dc51ce7539147a8e6fe

SHA256
99fdd5d831d37da5f035922318ce0d7ca6fd323126bc631eba8bcf0a0d0a1e26

SHA512
0838e65fc55855d8217d5671584044ac6e726f353f7f0564dbecbfd654b77c41cb532f757b36b88dfb2ab7ecb76cb4cb1ac43521cfc2b9a1d6b8e4c756c50335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
893872b7307d3b1fea6a51b17f78e537

SHA1
9e43edcd5b89ac881a706a568bb6e645f41b9a94

SHA256
613bfe327b21162c096b066588cf50be73bd586cc674b7c1ad1ddb9b92b1551f

SHA512
f0df4d7ac26b291e83448313f53b00888dfa92eb1665ce1e797e24eb6869d38d0835c2bcf0b7daa2c74245568a8b4f9c4ce14d0eeb1f7a2d6f1215fca7655c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
49c2a781ba3c59cb61d9ca564b5eecef

SHA1
2e7e9585595f150d22fcd6d30c24d867670f73df

SHA256
1ecc2d57beb7ccfddc8ae80bd828986251620d2cdd0c11a4ddc4f28a54fb3330

SHA512
e2665111c8012b940b8baf2ecc301bf5acb018e8ab6c7c2513898c93f57d457a089ee0ad468ba087f0a9ddcd73de6b9fe194b5b3416ae3e00c48b94ffb578fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8bbee9f74e09d82523a0f7f2c6236878

SHA1
f43cce076b1bf941dcfe0dc104b1d7790b6d7e4b

SHA256
7b80109cbc481d179d7ce9973f64492b96d17962b96aaccddc37bbf52b6765c4

SHA512
50a7d2b809f0a2d4e495a2a6613cc2b0e8f4a08859e01f1d3bcc5042ccf39dc224a01176f598d8082f58c1caaee480d2253c8d431749ca705fb6ad6b02a634e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d3e50bccacacc38675ed10b0bc24d4c

SHA1
7451aa3553b99d514b26e2f9cf82776b675cf717

SHA256
951dd991e1669d8ce0fe84c590a3d9ba0483896b0db0988cba6e48265fcb5232

SHA512
3e4a15ddc6e0b04a7921c660aa958184726e6f910ad4fb10bc7cacd6af813a782fd3119b4f6e2fef2b579012183c9650f8eaf4572f281bbab468fb61842665e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
14b124068a20f57cae098e03d7141e81

SHA1
64d86c31a6e5e7a4a500def78e24c081ce136e42

SHA256
3cd8b0e69f1052f05ff06e3d48bd513c584d285afa64d06440466aff5d929219

SHA512
2edd41caaeed3844f76e5fb2b727da9fb8fd8dd9d1ea36ed171cd63a4522adda76b404d2ba4df5cf6303b53f321163f958d89550a53bf3d9e694fcd8569bb544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
05a3209bc9c3c2ccff6e7c39e38132e3

SHA1
a892feeec5353b1f975d6f807ab193f7b12ffce3

SHA256
9c00bb117215efa01e01f0747c49abbd33e12e9de37aad4e13c0483d087d3840

SHA512
2e827543795169a5be70a0dc1b940d404c0fbc654ca389d3a4f976de73f30c0a54ecfb7e59ba12f21442aa29af1a056de5c6ff0d848c2370a4e5c78c62dbd0ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ab7d0054f20bf59fc86f485d567d9d9

SHA1
cb5f80e5363847df20a9953665cb0266221dbe1a

SHA256
a970cee45866d9f89b017d898ecae1d305641e351c000827a49bd0da569fa6b1

SHA512
aa5d2b7a99d19341b3bd131a561aca5997289a2818488f180ac8cd894b75ef726b52f1045ea8b0c5f5c6ecfb28c9ec61ed123caf6a342f5a29534773597f11ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
260150cabfe6af7ce2b86d5a2c22a112

SHA1
8766fc9331328dd9cf8fa0b2dfc5833df162901e

SHA256
e8a2e877d8a8d0b8cbdb9e4cf6b2e5cd5ccda632cf89e08c838fce0b1abb8cb5

SHA512
bd91f140ec47ebbdd801579f6c979c7a870ee054ab6019aaa85cc5e5a2a345d77609f0cf6e489facdef15c51056bc323e7407fd8aa490ce54c21cd3fdcbc48c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
37ed026361380c133291ebd866b5964d

SHA1
ed04ee8fec36b1823b2cc4c4791f5864c0a78531

SHA256
cdc6863f3bec09afc5921b42b3248b8f37c80c9e94e853630016cd97b85484c7

SHA512
f1f4ae88dd6f257d10872d0462458e71d28ccfd6567dd15119208f53bf99a7837c6c0de72ecd72732a769b8d74cb4d47deaa4719f45391801f93f4f493241908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4394af85eb582cf79a65e725f23f326d

SHA1
8c0f500d4f4dc4b006b876e5010188d27a22065d

SHA256
5c31986cad983078d365c731692ade107177f39e54056caa3557ae53743148a1

SHA512
7e5189b6a5bb0123af3658e2e7a933447a4f02b526fe073d6fe9aa97c5292d4430c9a80aab04215437f6451de14cd0f9b1f7a973a793402b566cae2b94f269fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c301a6b7279fea0c908ce845a9d7a78

SHA1
5f684aebb0cc5a66c3824dbb8647d7257b1c853a

SHA256
0291050c15eaffa9003e2d034d3ec7850d3a86e1bd4675003945828eb518ac4e

SHA512
108cb434c2243b0a6a7cb3152feb6c1ef542716c05d7ae96dd15b41aabac96366156b21f00dfb1e96cc525fb563ca53b257f9da1e4904b9211a56f23fa652918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
377412be39e390efe25d5e78e0967e72

SHA1
b04f0a9770eedd6f0745e0887f9882c99a205332

SHA256
7e80a7ac95404839c6c304062d02fdafbe36e3378c9956b232e38aa2bf8d53b0

SHA512
86909e162399723e14fb5eecf91969f89620b7e67cad9880e7dcfc0826b04f532650d8f6f9740a8f109d96cf3475eb857e08b5a5622a3df7561e949ab6457182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d61b2bf29b1ae66b0c56bbf94aaef33

SHA1
fe2f44e51c9f44be0e15873cabf75f9d572dab00

SHA256
e1d6a0de90810e3b16ed5c204813973820cea2b55f43d33358c730759106e930

SHA512
d8c5da02e2161a479d5f2ce7fa6f4415928cbedf0079ad1c6cfa2ebe37f852b6dde2a24750ec4fead04038e138fccbf6076cf56d97b08aa99872247fe7e2186c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12484c08e1a43e14d0e06fe8f35572e7

SHA1
1c857709ba0ad5e0770324fd0f9eda1ebf3a2b01

SHA256
585156274447555f4556e477fe823c2d9c90a7def84dca60a095f55232fd0c0d

SHA512
360c2c8f27d8efa7e6aff411db1f43798b4d0b2408ac0c531d094d999a16250a77e0e0dd25e9ef65f669634df063f549261158176e42fb503a32784533329788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
038e169bb369b5a79364a7e6dbc69980

SHA1
85ed7d5295b72a78a0003d9ef7aac56bd7035112

SHA256
b1eb0aad52591985c32ff6977d0bec3af2a90219deab8feb087358dfd1155a73

SHA512
658f5fa7fb47187032800c51cb18da271deb0ee92211570de224325d5e2f1ecfb69c7b81a7c850e08a47cf8f0f473c52d158f96a654216b075a61945dc837373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
07e96ec5b9e3694c712eaca4b4276d3e

SHA1
5ffa3d80b43a56479a5fc20d5978155d6f92ecbb

SHA256
f4560cf3656ac265f9ff89522ffaba2bba0781d00188fdc12743227cc8936a7e

SHA512
fde7efa2ba9afc014127a992aa7a7e1642fe0e6d027cc9600a183ef4f919ece5fb3469b899d957db59216262b33d8b2458c6d12700722178549dd0a0ddd849ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d271a11f867d9559f28bdbd17767d528

SHA1
ba92af54d36de38dc559e9c449576e7852faf36a

SHA256
b2615aad6f1ab1ac248745452aaf6f4a329ecafc0b7643c0811abf62ce708e87

SHA512
184a4230f25ce8339e6e24f4f6135a23db33f2024cdfe4c4931b3ea16a31ddae6e8eb3ea9b25083701a0c9def3742c082d9f5eead22aa88cc9c9484bfad0afd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b5b24e1814d6bbdd5ddeeb3c91b0073c

SHA1
48c15998dd0a85063f3c3f7f52eba70790761088

SHA256
0ff16cc26c9e0a721afb70e84f0b8a6231e3ee750166f40ef32194d600448d27

SHA512
b17f02907e20cc6c6d660919eff08c05e61b9cf9a52403e7b99b08583ca87be96b3591e890a56963675b5129d145c03e992f5d59a04723b23e2672677db37c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d4e4.TMP

Filesize
538B

MD5
a000fad6c4992b884b2c84c5d05d6afd

SHA1
207a796b55d5cec839ac91f408582a8ed012f07d

SHA256
4a46804de900c209912c639fff86d4a69b3dc0061481fd2ce7ff2d8270b1bb07

SHA512
d1c6b2b40f8d4d7b2bc9ee6016647d46e049acda7efef83a4e4ebc6b7198baef58f620743558bf29ef2c4fa4bf9e30ab249c00423f59b0f9aa4e555e0ea5f5f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c9742d5647211f3bf44d245575c12a62

SHA1
e6475825d86f50e5af788b0f09bfe452eb94ac38

SHA256
73aa7ace6c93278964118b75b51824e5d2584322b08196c2d5ffaba5c70d5b13

SHA512
b1e0f51c6bff073c0e1156718aff602bebe0e436dadb71b9c0ca28b29b6a5b1bf0393c01d7a152c3407a3e2bd35211d865420d95fd216151e3b2953dca4cc633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c335280a4c3d64edf5c669ed86a2777a

SHA1
c08674362e9cf77302552ecf4a5aff14857e05ba

SHA256
c974c7141d4ce7086c45a40186b516fedd646b724d9e4d7ffce5a51ac0ec8a9b

SHA512
57dadd1e8d6e2f54ed697180a0640834314573e2c6cbbdf46bfa9cc65f1adab4630418fd845ffe4b9d39cf3f6cd847305ec73029d8980523990d12db72022591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
18677c4b33d5588a95bd21964c5fb640

SHA1
8d6b2e4ecb2f188f305a8c080f0094fe55ace58b

SHA256
59077be372ae8f41bf2e925bd2ca310f7acd6f1236ec31897143faa6fe9e8a49

SHA512
442b4f339d018d512d3433413f2175a920dda5c1b8572835fd86544386e8a94eb2b1cfea85e52b88fc03564e3c9893c19ddb6b874d1e34bf4b0940c4e7aaaac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f64377f16c45bed7308708e261a4632e

SHA1
c85167bae5a09a4fdcf4784bbf881b81f72405d5

SHA256
20340d8952ebfb6b9e5edd37029fd597a8c638b202c4ba4780798d71be0f6b8d

SHA512
a007e41807ed7966d47a2fe908432e375294890cefde1c00fe70a3d5b993101fdbc569aa21dfd89944c9fa4f66a9346fe3ef806efae33ab8b01d7eecf4192c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO43370C5E\Chaos Ransomware Builder v4 Cleaned.exe

Filesize
345KB

MD5
30caa962e1ee863f2fcbed2b8e38f207

SHA1
3ea3d0fdbdf6339756983152df6e3a28d5873a11

SHA256
c5004c691b576c3f3899d628176ade9d8c87b7bf6d44d96945b4d1df1254a132

SHA512
61ce53a94d0a4695368d33f9e3a1435800b9fd828e7e0c14144a0e45ac3ae7c4b4c04ecf9c5a5b794c2049759dc34df6e23ac39741c98bbd8cf18bda9d1c2a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO433F751F\Chaos Ransomware Builderv4.exe

Filesize
548KB

MD5
9a44537dfcf8ceac515c4aa92f30f4af

SHA1
9a26c3ff3251f69950ce09e3692ce14b5dd536b1

SHA256
3246be7f25f8f4cd9ade8f0a8faf12847df126eecf65d7e8012f35ab45e73a40

SHA512
94da6f1aaae6c25e47e31ac246a8703ec8f7b2893a44ae10f7600cc79ba673bca60d7fb41b2ebac8a4b5497ab98a0a195a32d93f4fc140ba7c9cd25811943500

Download Submit
C:\Users\Admin\AppData\Local\Temp\AD8F.tmp\HorrorSpecialInstall.bat

Filesize
89KB

MD5
bff1e7828f69fe2360ad5cc204835b57

SHA1
be561b794b7210de42f634c7fa47234ae0c0b85e

SHA256
89360aac46bcf8ae9cb3d58fa92dac1bcd72d53a1960a0fe91bc9a9991786f5e

SHA512
99011209b7443ea5de28fcce4566593367442a8af1fdb51b35db5715ccd081beefed0767aac4c74078a7f66a064049af9b7e71ee71d886ca3b4453f2a86ecd5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\D92C.tmp\CLWCP.exe

Filesize
505KB

MD5
e62ee6f1efc85cb36d62ab779db6e4ec

SHA1
da07ec94cf2cb2b430e15bd0c5084996a47ee649

SHA256
13b4ec59785a1b367efb691a3d5c86eb5aaf1ca0062521c4782e1baac6633f8a

SHA512
8142086979ec1ca9675418e94326a40078400aff8587fc613e17164e034badd828e9615589e6cb8b9339da7cdc9bcb8c48e0890c5f288068f4b86ff659670a69

Download Submit
C:\Users\Admin\AppData\Local\Temp\D92C.tmp\bg.bmp

Filesize
3.0MB

MD5
2229bdea09783e544015db10917ea91c

SHA1
9d8fd01f98f6de2f2889bc441847f25146190660

SHA256
13ff1d9aee82f15e4df8621c0b68ca31844bea8a0a5e5b194dfeabac7a646521

SHA512
c1abd12398bf749fcc07de144ada40e23985cde634d7ba756f0199614ec4eec918c706f0d8af2f4fbec2539c256e638496e8c57cd18e2f5cbefe204d3770d089

Download Submit
C:\Users\Admin\AppData\Local\Temp\D92C.tmp\freebobux.bat

Filesize
176B

MD5
202d76eb2952aeb2e241c13defe48045

SHA1
34e26a3407288c7ea63bd1cd305c27b06b163386

SHA256
9d99aa3263624e3a9434af76bac620f71598c082b35504de738d1c04af079fab

SHA512
6a78847878c3ee4ef82a61d03e4f61f681ad7c2d62d5ff10645f17fa2acf63bc76b5862043bb94eaf7d80ce0ab2c35a904ef6de178623d42111c453c5ee9f3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\D92C.tmp\x.vbs

Filesize
65B

MD5
ab30794d761af418b216eab48d003536

SHA1
edd4c2f1813c70cb8739b5c3b8efa425072a4911

SHA256
a6154ba12e45de717c0f6cef752c68897ac80438d1ad60750b258f1d35a39e25

SHA512
96214a59bd691d2210a758d1679e2db7e6b186c2f0b8bd9a4286ea3a8aeaa1f35632c6c078371bf474e7dffca9e23bd0d6cc4e9c0c114c883ab3374be81f291d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
2c9791e48744de211b97efbb6201481f

SHA1
ee4c9c9f60ba34625f9e49758e5cd90897314a61

SHA256
b84d8f115e2e9287aaf5c0683ca453db11897f10845b477f8556617dc2eaa17a

SHA512
3e8c2ca5ef3ec15c6cd715437eb40a4e04129f3b27c4a972cd9a10aac0ef91c34354cb149141ac79441f9beeaefd6bbf7edbf9df2982459037c454994cf45261

Download Submit
C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned.rar

Filesize
226KB

MD5
6a160e5713b7c4a269ef35eac73e1412

SHA1
36b833c40d83652d450888ff2b602321b9de877c

SHA256
0909910f70a8bad23ba9232fc2d5110fc5841fd2c6600c5a38b1c72aada42b51

SHA512
97eb791552ef0262d903b1f40ebf61731603cb00f57829214c71d4df8c01a1d2f1352f877f9ad0dec08c21afcb7cd3740b9cbc3eb1f1474ca70c3ab6bb30fcf2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 448027.crdownload

Filesize
779KB

MD5
794b00893a1b95ade9379710821ac1a4

SHA1
85c7b2c351700457e3d6a21032dfd971ccb9b09d

SHA256
5ac42d75e244d33856971120a25bd77f2c0712177384dfa61fb90c0e7790d34c

SHA512
3774d4aed0cce7ed257d31a2bb65dda585d142c3c527dc32b40064d22d9d298dd183c52603561c9c1e96dd02737a8b2237c433cf7a74dccb0a25191446d60017

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 647006.crdownload

Filesize
623KB

MD5
d94867a19b1d553fdd5a235fc1eebf5d

SHA1
afbdd4d9a04af978021d68e57b6f61107915826e

SHA256
03bfd205efa2fde7bbe5054057169ec55b5eb89cbd40b7ef127c8ae9519ea9c4

SHA512
b8f3ed80c7abd0a336fa9b37f673230363487b2f606588dd9ced75a49d91068cfcc1d941ffcaaa53b53f0d84987224a044382f160808fded44eb9e7451d2423d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 698840.crdownload

Filesize
2.3MB

MD5
39f3387f2a647eb16a6d9883361ab32d

SHA1
209003e572c22bbf1c6c779ece61a47cd5124939

SHA256
3604db70903c42ad17faf4cc55cc4a561a800e1204c8e05762723a3be6b13594

SHA512
552ec53d4ef69e143d07f5abb91894336402bc8512e8fa718185550e6d414feb57ac06c8786269fc8f948b51840304791b902b81e23136b41d5ab2c9bec21948

Download Submit
C:\Users\Admin\Downloads\salinewin.zip

Filesize
203KB

MD5
19a966f0b86c67659b15364e89f3748b

SHA1
94075399f5f8c6f73258024bf442c0bf8600d52b

SHA256
b3020dd6c9ffceaba72c465c8d596cf04e2d7388b4fd58f10d78be6b91a7e99d

SHA512
60a926114d21e43c867187c6890dd1b4809c855a8011fcc921e6c20b6d1fb274c2e417747f1eef0d64919bc4f3a9b6a7725c87240c20b70e87a5ff6eba563427

Download Submit
C:\Users\Admin\Downloads\youaredied3.0.zip

Filesize
206KB

MD5
f4b74b5eb461766e2932f3249604be94

SHA1
51decbce38e33d6c8a683029b8570d84f1dcefb5

SHA256
1ad807147ab68973bad581103003c4a8e39e6eb34ca8785e6ad422339dc851a6

SHA512
3532afdb28429381aea3a6bbc0cc818f8f692ea77452157f4dad7cd56d5b77e59a8cbbcf0dbbbb6627f9019337a0140049333210fe0b56ae9ba3c871f9d01104

Download Submit
memory/1592-1685-0x0000000000400000-0x0000000000716000-memory.dmp

Filesize
3.1MB

Download
memory/1592-1697-0x0000000000400000-0x0000000000716000-memory.dmp

Filesize
3.1MB

Download
memory/1676-1708-0x0000000000400000-0x0000000000716000-memory.dmp

Filesize
3.1MB

Download
memory/4084-1583-0x0000000000400000-0x000000000083E000-memory.dmp

Filesize
4.2MB

Download
memory/4084-1622-0x0000000000400000-0x000000000083E000-memory.dmp

Filesize
4.2MB

Download
memory/5404-1617-0x0000000000400000-0x0000000000484000-memory.dmp

Filesize
528KB

Download
memory/5404-1598-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/5644-1682-0x00007FFA2C100000-0x00007FFA2CBC1000-memory.dmp

Filesize
10.8MB

Download
memory/5644-1683-0x000000001B9D0000-0x000000001B9E0000-memory.dmp

Filesize
64KB

Download
memory/5644-1684-0x00007FFA2C100000-0x00007FFA2CBC1000-memory.dmp

Filesize
10.8MB

Download
memory/5644-1681-0x0000000000D20000-0x0000000000DAE000-memory.dmp

Filesize
568KB

Download