Malware Analysis Report

2024-08-06 16:09

Sample ID 240513-n8pdradg4s
Target https://github.com/Hacker2425/Ransomware-Builder
Tags
chaos defense_evasion evasion execution impact ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Hacker2425/Ransomware-Builder was found to be: Known bad.

Malicious Activity Summary

chaos defense_evasion evasion execution impact ransomware spyware stealer

Chaos Ransomware

Chaos

Modifies boot configuration data using bcdedit

Deletes shadow copies

Deletes backup catalog

Drops startup file

Executes dropped EXE

Reads user/profile data of web browsers

Checks computer location settings

Drops desktop.ini file(s)

Sets desktop wallpaper using registry

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Interacts with shadow copies

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Opens file in notepad (likely ransom note)

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Windows Management Instrumentation
T1047
Command and Scripting Interpreter
T1059
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Indicator Removal
T1070
File Deletion
T1070.004
Modify Registry
T1112
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Inhibit System Recovery
T1490
Defacement
T1491
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-13 12:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-13 12:04

Reported

2024-05-13 12:09

Platform

win10v2004-20240426-en

Max time kernel

297s

Max time network

274s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Hacker2425/Ransomware-Builder

Signatures

Chaos

ransomware chaos

Chaos Ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Deletes shadow copies

ransomware defense_evasion impact execution

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Deletes backup catalog

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\wbadmin.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\svchost.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\read_it.txt C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\Decrypter.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\Decrypter.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\read_it.txt C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.tvfs C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\Decrypter.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\Decrypter.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\Decrypter.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Roaming\svchost.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\abjztgb1o.jpg" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\Decrypter.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\System32\vds.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\vssadmin.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133600757135699577" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\߰漍Ǡ C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\߰漍Ǡ\ = "chaos_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\chaos_auto_file\shell\edit C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\.chaos\ = "chaos_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\chaos_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\chaos_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\暪骆弨攁e훦ᤁ㰀耀߰漍Ǡ\ = "chaos_auto_file" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\chaos_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\chaos_auto_file\shell\edit\command C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\chaos_auto_file C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\chaos_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\chaos_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\.chaos C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\暪骆弨攁e훦ᤁ㰀耀߰漍Ǡ C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\Decrypter.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1644 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 5096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Hacker2425/Ransomware-Builder

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffed0d246f8,0x7ffed0d24708,0x7ffed0d24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6107209993905103944,2049264300908450636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe

"C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Chaos Ransomware Builder v4.exe"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hycthudc\hycthudc.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES80E3.tmp" "c:\Users\Admin\Downloads\CSCC2E8F13AA12E4EEA8C9C22782AA45876.TMP"

C:\Users\Admin\Downloads\Setup.exe

"C:\Users\Admin\Downloads\Setup.exe"

C:\Users\Admin\AppData\Roaming\svchost.exe

"C:\Users\Admin\AppData\Roaming\svchost.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete

C:\Windows\system32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no

C:\Windows\system32\bcdedit.exe

bcdedit /set {default} bootstatuspolicy ignoreallfailures

C:\Windows\system32\bcdedit.exe

bcdedit /set {default} recoveryenabled no

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet

C:\Windows\system32\wbadmin.exe

wbadmin delete catalog -quiet

C:\Windows\system32\wbengine.exe

"C:\Windows\system32\wbengine.exe"

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt

C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\Decrypter.exe

"C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\Decrypter.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\privateKey.chaos

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\publicKey.chaos

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffec176ab58,0x7ffec176ab68,0x7ffec176ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4236 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4924 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1700,i,8093048579943090355,4374022453198152141,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec176ab58,0x7ffec176ab68,0x7ffec176ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3656 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4680 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4664 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1740,i,14050604818755907946,10506641900656053110,131072 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\DebugOut.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.145:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 145.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 23.62.61.145:443 www.bing.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.178.132:443 www.google.com udp
US 8.8.8.8:53 227.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 132.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.w3.org udp
US 104.18.23.19:80 www.w3.org tcp
US 104.18.23.19:80 www.w3.org tcp
US 104.18.23.19:443 www.w3.org tcp
US 8.8.8.8:53 play.google.com udp
US 104.18.23.19:443 www.w3.org udp
FR 142.250.179.78:443 play.google.com tcp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
FR 142.250.178.142:443 clients2.google.com udp
FR 142.250.178.142:443 clients2.google.com tcp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
FR 142.250.178.132:443 www.google.com tcp
FR 142.250.178.132:443 www.google.com udp
US 104.18.23.19:443 www.w3.org udp
FR 142.250.179.78:443 play.google.com udp
FR 142.250.178.142:443 clients2.google.com udp
FR 142.250.178.142:443 clients2.google.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b2a1398f937474c51a48b347387ee36a
SHA1 922a8567f09e68a04233e84e5919043034635949
SHA256 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA512 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

\??\pipe\LOCAL\crashpad_1644_QBLKUBGDIDNMRJID

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1ac52e2503cc26baee4322f02f5b8d9c
SHA1 38e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256 f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA512 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 291cc74daf8ae65f53e476e1ccad17bf
SHA1 aade9b11f1ae8b431a9254998b85643e3698331d
SHA256 3be08f0bd0e4008bf8d79311e5a4dcf3436f209e910e2d9291fec7c834d24dfa
SHA512 374ec2218f4d1e3874ccecef2abc83ec1b44386093a6331085f44ea75370818e4d3ab2025847e38510d9a3ca38d713834e2c2998742663202947ff209b9657a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Downloads\Ransomware-Builder-main.zip

MD5 2f859950b215f4eee1e00bbe39207212
SHA1 31593e690a1e02c5a19f24d65b2ab0022c136a0e
SHA256 4b19ad3ef396d68d4ad5457be25ca636d22e1bd848d3e4a5211b71da58f016b6
SHA512 4948afdce16b45abed05df9d093ce7286637beedf7fd5d1f1915638914ad1437321128b125653849c27161d1994acaa8a648207a326af922f7a4d59740d94d48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 19766daba2adde0cd92996455ba91835
SHA1 ab0e7e7e2bfea7362b21330560bded5991223f8b
SHA256 e866604a16f243b4a61f237649e69e8338ec4103770074206f8b96db4c4e4716
SHA512 0dc2d0ee9f8bee6b9a0245660f46f48574e8a8ff1b94f2dde43c11afd423abb79915e17803bca67debfb216979648e0dcaa9e9a41166f5dd7d66006230eef18e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d17d76e09458f4455164ea8c881b92ce
SHA1 316536e039786ee0111f7c35214a62f55844bd51
SHA256 775f7e50d64e5009a6c24bd9b00bc7ee0e0521fa36e9b5ccbbc16848d83e66e7
SHA512 f5658f10e76b1513bc59ced0aaebabf3988ae5aca9df7b3c592ea59c51695ce303240cec98096859156ebcea555d55ef1e63760f3ced5487ff3e027875a0dc08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5a0dfa0bd3fffdc2dde5e5336a91cea2
SHA1 fd5ed9bd900ed9b9bd271fb301d4b07d82f3c80e
SHA256 2d59d8e83a465a532f7cf9dea96f922511424a98c4c78060ec95f4885aca5eae
SHA512 7341e7ee71315aef6a6c6e48454c0cbaf7afeebb96da9cd06ae530932da6bdadc54fd9b040bcbb168aa0a1d9ebc5ec0dc530684fbf1a37f6145d742614364678

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 152c345e66f791bdbdbacee77b746d1f
SHA1 5b3b9f7417e89664671aaa6ea37288c6d8b891dc
SHA256 6b8f95bf88f3e5a030687e029d5fc1b7b16b78fe2e408e2c6eaeae3638fd5027
SHA512 35240653cf703aa9668a496c99e4167d62fb4004b79732a0c5df1bdb01f5044ed0f20051791d878412280fdddf67da2ccecb4b08465dc9337b22082d40d6b6e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a6727c9aca22ea34727a041999c9062f
SHA1 f465c6183f7ab598040d55dae46ed7c918810205
SHA256 f63b30f034d0db42bc3f4832fd766f518ef7fb2d9dd29c18c6697b224332ec2c
SHA512 cbc08a56fe7b56f522893cce0506512b75f59dd2efc97b0e8f441d764b27dd47e06f82ccbeaeaffb680b5e87d23df76cf43162c9d356dc9927f2de058213f656

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0028a1a5c441a3cd5a60c34da771564f
SHA1 e15d27a8322b435564ebcd36467b997d0fa8ef32
SHA256 8dc36283781a25af9e2ae76d255ae311b2715396f710ff0e9850b0e64525759d
SHA512 e26efd2be3114e733acdc00fb54150790872b10c88a7c4d3a19a16383bf58897ad89f14b3255a984f836666b98bafc099d8988532d03acda0dee7a7a7da3f40e

memory/5188-289-0x0000000000550000-0x00000000005DE000-memory.dmp

\??\c:\Users\Admin\AppData\Local\Temp\hycthudc\hycthudc.cmdline

MD5 09a657a8888b085fc2547963c283296d
SHA1 57e0b521f4e4a5ef0431cb69e3379596ebce6e59
SHA256 4a202273b898fe357a470b6b5d66bbd376ce4c0d6fa6e3a1a307c307e51a22db
SHA512 0bdd3eacd228ef9016ca6fa2a3a076f0df224f7685ad78a21b2c30d5261f875bd07d29a0ee3af695ae69b164ac8414df4c5c6499b2b83ad3c472acd0fabf8ce2

\??\c:\Users\Admin\AppData\Local\Temp\hycthudc\hycthudc.0.cs

MD5 529f4b86c91f418d81126ffd81e181c7
SHA1 a4b4166497250a9e73735715d308d2da3c64fa80
SHA256 5c6abdd1b24f742bde56c3b7599b37054066089109bc09b0b934c88f050969f0
SHA512 0adda9a565579eb1019b1e84e54658336d0847262761958e0b2f94c7742215dd9b02082b30285dec51d71e55d59d26c6e2adf58c53ce385ff5fa4be17afcceb0

\??\c:\Users\Admin\Downloads\CSCC2E8F13AA12E4EEA8C9C22782AA45876.TMP

MD5 ec0adfc6262c715b7059cd08d025583d
SHA1 d085739ce1b327981aec5826c2d1dc4915a1c912
SHA256 6cb8b3a945e452000348c9aead36624a12b4a48f2f9ed88eb473f8802ea4c2d7
SHA512 a96d1fb966bd3afb52cfd9e6ab26b97eea0ec88fb7d0ffbb100cf28a9e9e782f9f905deefc7cfa632879e3d37361293ca6d9c38f4b92b06adb809efae90b86ce

C:\Users\Admin\AppData\Local\Temp\RES80E3.tmp

MD5 bda0737d73d06f672fff99fa8fc7c0ea
SHA1 79d750097b37765f6dfa48c23272770782d6b224
SHA256 d7ba15b5a05a0a762f41e18726f1c2dbff02bca0d13616fdc2e5f178052058bc
SHA512 a884daaa3b831f07bd638d41257c2532413edb44e543534a9ba12e8fe4e5a185abffccfd01658b80520ed65318fa5867c872080ffe9a2005231f05f24b174857

C:\Users\Admin\Downloads\Setup.exe

MD5 1401319b69929fe07888157ebd355dec
SHA1 4486cd49e058e2515c1d5c8de36e14ecc4c575ab
SHA256 f35a05e5d945b7504e00b608a9d63d42947cf3165ec3318d4dcebdf5ba37d065
SHA512 2f0cc0e3aff4f18e8b424206b637c758ccb0d50f667e0c4983cfb5777becb954548e44183650d08e043ccbafd0d0a717b4dc904cac6fb87abccabe92cce4ea6d

memory/5972-310-0x0000000000220000-0x000000000022C000-memory.dmp

C:\Users\Admin\Documents\read_it.txt

MD5 4217b8b83ce3c3f70029a056546f8fd0
SHA1 487cdb5733d073a0427418888e8f7070fe782a03
SHA256 7d767e907be373c680d1f7884d779588eb643bebb3f27bf3b5ed4864aa4d8121
SHA512 2a58c99fa52f99c276e27eb98aef2ce1205f16d1e37b7e87eb69e9ecda22b578195a43f1a7f70fead6ba70421abf2f85c917551c191536eaf1f3011d3d24f740

C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\Decrypter.exe

MD5 97f3854d27d9f5d8f9b15818237894d5
SHA1 e608608d59708ef58102a3938d9117fa864942d9
SHA256 fac94a8e02f92d63cfdf1299db27e40410da46c9e86d8bb2cd4b1a0d68d5f7a2
SHA512 25d840a7a6f0e88092e0f852690ed9377cf3f38e0f2c95e74f8b2ffea574d83c6154cccdbf94f1756e2bbdcdb33b5106aab946644dedc4ffaefb6bf57a866696

memory/2868-796-0x0000000000AE0000-0x0000000000B1C000-memory.dmp

C:\Users\Admin\Downloads\Ransomware-Builder-main\Ransomware-Builder-main\Decrypter-decrypter\privateKey.chaos

MD5 a6867860bf9751c4b8e530cf67618294
SHA1 241099b4ec3eb44dcde0b1e071c931274362ef60
SHA256 cd19984ae5d2551d60eb8bdfe3d86426159dac15ba29ccf30b615203006a20f7
SHA512 e9808334ef35e137ed7868a81931841054c47e710dbc458ae0111b0a952c8cd195c321183d513d73c2c708f353cd3d28e255828aa7c21741c2b7b62faae4fbfb

F:\$RECYCLE.BIN\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.f12a

MD5 33d04a00c1f8f8a370ae3bcb6e6b20a1
SHA1 a1c6cbf11d4aa52a91f10a59abf5c01601e08384
SHA256 051860ce0ba39fe3930cfb03d77af3f03f941980cfb4cf73cec56995dd899633
SHA512 5ca9bae64f930217ad9ce79f4773659c0fdc4e8bf7bc64719c469d4d585a6a5f9c28381bbe21aa3579a8373d5ab414b1fed7ed184d120d05dbeb7873251b8a7b

C:\Users\Admin\Desktop\desktop.ini.7nkm

MD5 88f58d5d6e955098129503980d2b6d22
SHA1 199263408cfaf8656392dfe26daab26c363bac35
SHA256 b71b8e440fefff4c65e6c3201664d92511772943a7dc487730d353c544a85038
SHA512 36996492bcbb5570ae6e88df2344bf5d650116ae74cfef5e0364dd203ac929029a6866bbca91bff8f296e36377a87a1dd4a3cf63a94f495e81dec39a7b2ab64a

C:\Users\Admin\Desktop\MoveEnable.xlt.2pyp

MD5 c7d5ceed4a7fcde8dec649fb9647a54e
SHA1 0df11aeaddd3f4af24cffdc65b6f48670a197687
SHA256 bedc9e0b99dfa9d8cd963f438814a994175b90713aa94b9dfa09e52d5426f773
SHA512 688b8f6d60ebbeefdfb825ca18611de5a7e3f6f29ebfcdfc977f2303bc249cebbb8adac89af3375e43f4e7c9e28e3c16e04fffd0c56c6769a0965f3597b1b9fb

C:\Users\Admin\Desktop\MoveHide.jpg.mm4e

MD5 ae339cbae6d53737839906edaf8a0fcb
SHA1 fae5770dadbca1fc348ac7a2768bd247949144d7
SHA256 a4f889a6c1ae7a306b60ab6559b8c432742a6eedf617fc4f497565efec530d02
SHA512 f77c51c2478dd1530813822f1a3efb355b48ce15dea68f170c0a7def7b02bd5961bce87b590e6cdc9e6e325514a3d874cd74cdeff75f166d693dcfe45da75b3c

C:\Users\Admin\Desktop\OpenCompress.mpeg.cgly

MD5 3a53898ccaa00d70265930789348ee3f
SHA1 6c0426f6e767bfe5ecdd9b64ff99fee961684e7b
SHA256 38978dcbf18d3a7fe5895ab0c1ecf4e3e58d96609e2e585063988a600572ac78
SHA512 e2a202ec55a5814421f5bffb30f5a1b01cc23661515e811f2d468f1456d89c1a4e6a59f0bc6ee5e9511680091939794dc6aa378577c3b5db2c7fb15b04c93f28

C:\Users\Admin\Desktop\ReceiveSubmit.xlsm.a0tv

MD5 5ac1113c4b6d0ca316eb44f8c24c7cc1
SHA1 7fe7be88e1886b33d3aca0d9a217f547c2b2b4c7
SHA256 ea8fc25bdfa3d49bda3ee98faae9fc295dfa58fd82cc7218519127bd8bef7ad9
SHA512 301d49b2e4d998ea0e65f621944c890153614de30e6db2faaf76d5105395702f367f7f92877409e98ec781c0ae491e66fa91839c0892887680f74f2c78640cf3

C:\Users\Admin\Desktop\RenameAdd.png.1k4s

MD5 cf96c1b1df8b206795735cfed0bfe9ad
SHA1 6da2f5b5167a39c8bba243aee350c7eea9a35743
SHA256 6022634183799b813117ae3f9731467d26270bedb189c6088dedcbd056b5c89c
SHA512 704632020c4d07df9a62422aca12a1039fa4d8dd4d1575c4a58ae507ea3a0d39b445c58545d7ee6810a4ec296bc7c3af944144495d4d7b7507a5e2f368a04556

C:\Users\Admin\Desktop\RequestCompare.cab.mjtj

MD5 ba0d12fc7b952b1b9d4835993479c74e
SHA1 380f1be396d23f9dc51a2f9bfff4452fc5463d9c
SHA256 32f23b25a03286c014f6f29504fcdd4236b77c766c159eddefeaf9b5ad73cf4a
SHA512 c65aab5954c11cfc8bc1b0796fcdf6cddaf5345ca6b61330b4281d766da9e6a39e4e0cc55c2dd1406eacd915e574af0109ceda07424ed7ebab707a0aa3ee0bd9

C:\Users\Admin\Desktop\ShowCopy.docx.k16w

MD5 4ec7744519473e3394e01dd38c982cc2
SHA1 a39405ff6f29d3bc249b563f9bcd721d8c6eeeef
SHA256 96100e7a6854f8954ad527b4398b774594a1f068d3a91a068daf1dd935b95025
SHA512 6a15d3b054f6dfc89c3aa7d9e07f13a4a3f3ab50d18fb265a883090e4a2b18579d9732c77a81d36b26bf5ec5414ac4f4e3faaf242485e2752b237c7304d467ec

C:\Users\Admin\Desktop\SuspendBackup.wav.cuvg

MD5 259314aa84f74004a7c15787b7432f26
SHA1 b87f4ba0820b1097a13020d21d341efe91ca9f8f
SHA256 7730fc4ea9db1b8efa018cea1b8ed3623f4f6124c89117c5fd1551a9ea7989a1
SHA512 ee277c9ae2e6dd442089415c7e7f7918b095c132e3357ac63784220ed5663591f5362ddedac17bff6adffdf7d97473115571500a62a08d8643350516c77abdd7

C:\Users\Admin\Desktop\UninstallStop.png.g1fr

MD5 6de5509c4107c30f48911b10bd9c0f88
SHA1 16eac756bc6469c725db8519efbbece9b400481e
SHA256 0c1149fead0eba8c6fdbaf240de6dc1c0e5c3e0ca8d9215094b5c69c36b3fd47
SHA512 b7368bc9d10d8b3433fc74c76fec25afbe76df3f9c13c48ee22141ffcfa482e9f17079db7c9812adfe2cac3fac86964628b45e22504ea474922b2864cdfdaaf2

C:\Users\Admin\Desktop\UnpublishOptimize.xltm.g2dg

MD5 826978c3cac0a15a3baa23a308dbf4f9
SHA1 abab5095e1abaf16d49c7be9dd50a55567c025d5
SHA256 0e78c1e462287d8df7c5a8715f883952446f2b1a06ecf02e131a1cfb30dd6321
SHA512 7a829222e212e66442b0d2ec12a1731eb3c3312bddc73f6533567976c02820393f99fa0552225081cf8d397de8eaa349437019df57439ffed5fdd3752b1c92cd

C:\Users\Admin\Desktop\WaitExport.css.9p9z

MD5 7f8a287a1bdb80d45af33e0627709556
SHA1 e28708fe8f2541e3506da1143605eb31e1f71258
SHA256 63e21e3a3174eebb5ec42412411dd5cba7ca894c7df3d2b1715040434461df53
SHA512 3d7140b40520ea8d7fe42f195fc042d9cea14148dc7bd1a1dce8c7f42b5ff20bf971c86be9dae325c8cfdf7ae27eac32fca3adb16bb2dd5a8004ed9b8551432a

C:\Users\Admin\Links\desktop.ini.hvco

MD5 634248f3e581e3d3df0d69e63cee3328
SHA1 958312831906e4e8f7455ee5541020095e033e97
SHA256 c70eb8da92cebeb8cc36418d014130e2b077f897f16880c6fcdedd087cabaa4d
SHA512 6bd7dc124b0dd6a2d884fea21311ee23efc96ce3b586ae8da145ad41c1e7cfed9abb4eb0b2c38fc7f14a33e93858711ad5b9e82f776251f5501147d25da6308d

C:\Users\Admin\Links\Desktop.lnk.hhjw

MD5 aee3db295939e289eef9d45dc0fc9004
SHA1 a2f2ee3cb538fbfd031ed411e7e317d7835f4bca
SHA256 a3a30fdf5a40d34d50a0a687ff809bfcdae7a2b7f0965032633fb310473c9c15
SHA512 753b9ef40101e9bf039b7ba7dfb8cad6d9d3fbdcd8817d7c4e02ec407fc58721caded1496bd386cd843ddfa8fd294ca6c6d0ac9bb8fdd8ec1e1a793296e3c794

C:\Users\Admin\Links\Downloads.lnk.s1as

MD5 9888092e178fa213e2734b11b04ac870
SHA1 c2a7a7625ad82a184184aa2387e12d11048f0f66
SHA256 fd5b3ef5ac4e4d4b4259f14ac1369f8981b115c6b69a3e0915f95f30969c5fbe
SHA512 07ecfc3026bea27ac6c30d4bb6ecf83b601d671d4c0ca3d643350b427344be546caaa0bcc75e53880030ae889247503c4105da816163a32f84edd68d57c17fee

C:\Users\Admin\Contacts\desktop.ini.5pfu

MD5 449f2e76e519890a212814d96ce67d64
SHA1 a316a38e1a8325bef6f68f18bc967b9aaa8b6ebd
SHA256 48a6703a09f1197ee85208d5821032b77d20b3368c6b4de890c44fb482149cf7
SHA512 c66521ed261dcbcc9062a81d4f19070216c6335d365bac96b64d3f6be73cd44cbfbd6f3441be606616d13017a8ab3c0e7a25d0caa211596e97a9f7f16681b738

C:\Users\Admin\Documents\Are.docx.pics

MD5 adb42b4fce81cc2c3da32c6a69722ff9
SHA1 88ee44c553d08f194340bf98b1b4762f531b00a0
SHA256 ef7f118745a0856da2a9f5001051e9943a60616728ba7523d5dcf98838cb35b9
SHA512 a347124253c763980291e2be1c8ade7236183d294676cad6f442d6e15913da8fb190252e4b7798485bc042f36fc9a25655287e0a072ce9524e7339cc9e119de5

C:\Users\Admin\Documents\ClearRevoke.xlsm.vesj

MD5 f6ed2c9adce3f6915132e37d906866f7
SHA1 7706e0c99dd6375a8f8e87a5ddd824de20a7b522
SHA256 4ed3a091d31d54d2a8b41556278382f3db0c146a4bf43d3fee6efe8fa2df86b1
SHA512 4a65836e42132ec84b795fa0ed737cc9c614a9059ea8bf6a12a36cf8ca76afb9ce59bb34d6b355b3a0a975d507340c6c63cbf6f38cadbdd223c7b5011c448209

C:\Users\Admin\Documents\CompressSend.pps.vco8

MD5 066cf84f622ffd89a1fcec7ddaaa5519
SHA1 17e083e4c8a07e8726cf14efee3aa184b74f45db
SHA256 690921e79ea5548240f06f9662c2629acc735c9039f17910dcc17cf31783d5ea
SHA512 1258a2b224168f2d3330d0f9cc913419b890ccb84337e255c3477e09aa7e2bdec01ba39488d43c9809a3c8e73d80fb2c84be0c67c0654b377ec3986587464dfe

C:\Users\Admin\Documents\ConfirmUnblock.odp.gxs7

MD5 05cae6303c6c7b2c2f7577b1665583bc
SHA1 90e87010a91ddcc35ecacc1e163e1761ce48888a
SHA256 e29546ec3903842fb9086aad46d70c0413e0d248b3b128301d8b8f63ff1d3c05
SHA512 2de70ff816b4009eaa03f135bac40c3afa9a14120c6ca4803daf62797aee87038983ddc788c170b100f81667d77accf5b0233175d2dcb5a8da20731ad86e60e2

C:\Users\Admin\Documents\DebugInstall.rtf.k3cy

MD5 d398f7277c24af6e0d62f8e000c102fb
SHA1 5124b965ea0d65717b152fbbb3d2a81959ebbee7
SHA256 0ebc89be56cc1415e7c7e9bce66a2dd5aaf3947bee367d570641a6456ea638d7
SHA512 b5b8e6e28ef85d13deca6846ff5e12021c49df749eb08f327078dac2ee680eaff70b778bdc309ef4eed6427ea4bc42f475dd5f62155f94456bd0b251630b9ba6

C:\Users\Admin\Documents\desktop.ini.zro5

MD5 ecf88f261853fe08d58e2e903220da14
SHA1 f72807a9e081906654ae196605e681d5938a2e6c
SHA256 cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844
SHA512 82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b

C:\Users\Admin\Documents\DismountFind.pptx.k8xo

MD5 f3cc1736874ea94ccdd454a9fbfe46e1
SHA1 1f592bdcc4165f31674b8b5c10e60e3031d6ba60
SHA256 48a27b14d386b2fd0a3d370fa4724fda9c6726508d6f2fd4cc71c4a0646eca6a
SHA512 d4568ed171ee9dd4b1ef9775f227a41626c2711e2e8341a6e7918ab323b55bfbf5d92292c4d372b70943da03d686af751ed38677515e87bbabbb83f3801d5d7f

C:\Users\Admin\Documents\DismountSelect.rtf.1wv1

MD5 71692befa817627d83effff1ec52834a
SHA1 027a0340098cd898e94c8d61b868ba831911abb0
SHA256 db2008469dee86f3f18c1c8c15e31e3ef74821d9d7535209396ae580c9da6110
SHA512 d8f7d22884e2f72ba37124490b07c0bb7bfc8c7883b55af21e86bf4cff95d712b4eeb2b4357c95d69d41a4a983391ac77f78c0b9a5fb827a4cbe7cda24195095

C:\Users\Admin\Documents\Files.docx.ws10

MD5 f637aa22bfe9fed881e6b9b019eed998
SHA1 41c5467f7f5a2b30c353ddd8b0ec24096f8ceef9
SHA256 45b612eaf6f0991abd2d4d1bf2f9ee84ee1fdfdbcb67cd82cd666a08d4210b6c
SHA512 3f8c5602057f343378b4c2788fafdef069607b9e63561a486ee6da1fdabcebf60c290e1873ec476cf8077d888e8293515af6d83228bda6ee29bf2bf79262ec8d

C:\Users\Admin\Documents\GetDisable.xlsm.mqec

MD5 9cdb6b2547b2566eeda74ee45937f8da
SHA1 2edf6b2b6047fed333943beb16039b2074c0b073
SHA256 42959b29854a6bc9e6a1e0c50aeca3c6eefcedb1062e5064d34c2d90dd387ef6
SHA512 81549c9339c8c980090a202cd8d4ec13ce6212f046ee8b90635805d96705d64327c1c4659d21c7e27d64ae8cf046d0e9814840cc0db6f4ade04e709248c475af

C:\Users\Admin\Documents\GrantSkip.xltm.d33f

MD5 081c4378009b26a0cffc30b30c384b17
SHA1 343cd99bf56802a8e77595a36685c2255419c3ef
SHA256 a8f28747f7d4ccef272e5112aa79342055be6e5a4654418008e56dbfd60b2dc4
SHA512 87537030c7d59597ab927725e7e5d5e57a54c5c731536b1b5cceadca4a159e33eaaae6a49a009ecfbc465421b161ccff04fdd9b55e1073fd7ca928eb9bcaf165

C:\Users\Admin\Documents\InstallSave.pptx.3kq4

MD5 3be518703a25636cf74d38579359236d
SHA1 8dc3165b18628529cf89f8174f021a784a0cc8ad
SHA256 3bd2ee6b1626bfc3543093c5ce50dd3bfe54ec9433e1c0764a1c1262a295dde9
SHA512 124b95383925e7cfe2bd5fffd5dfc6cb69ca4cfe6b2418688086819ed5480c0a8e2c011735867b9254fa53993ddc1b3b399acb1afdcbe64824215e485b73d8f3

C:\Users\Admin\Documents\LimitUnprotect.docm.jcib

MD5 552341494882f5547c1693bfd1e2210d
SHA1 c129aac9a032fce83fd592db0b17d63195f15aeb
SHA256 954973faab7a965ad258f4881a586568cc2963b4329963bc30087aa9707528b9
SHA512 2a6d465a0fa0440e56f8ad3e461ac02c2aec1786106c1eee3ded5f11a1a37471089054023804497933e2a14e101ef35f545dfe85a853ec9e17e97d8371b34f76

C:\Users\Admin\Documents\NewDeny.xlsx.mq57

MD5 64f41d62c17660a36b256a45967bd15f
SHA1 faef88abc9a7cf4deca605710be1214c7540a5b1
SHA256 157a790eb9b3ee07059516c0baf37bad704b167d121355e22ce59ac5d51923c3
SHA512 0f237795da8000dd746a22bb1cda4f7a90745cd8c43511f97d20086bbeb764ba2dee52549c0b5140de9b9d3b6b3142afd2c71a353305f79f5db5d5b5849438d1

C:\Users\Admin\Documents\NewUpdate.docm.4hhx

MD5 a2f90ed44d7b56c0754f7a13ba7f00c2
SHA1 c8f1e8404d2f019bb92a8843a1994a43b8f8ba2a
SHA256 b9bcbbecb0b44c0bef6215e24077d8c1f3114a6d0b84a25b1d959ffc7281a5a1
SHA512 d5a86c10b0d0a070055285a228997b3538fe42a377f256604194167625a6d6cfa5b5d89605ecad8e5f3badcfcebfb210661a41c476db4681938d6fc030ba46a3

C:\Users\Admin\Documents\Opened.docx.qer8

MD5 0ce5daf3ca984ec5563ab53afd3ff018
SHA1 e7d7c62d47f3226a3f339379ab9c3d1171d8dc5a
SHA256 04bfc3e0fee8ee6fea41c3f442344ff481ea22fe87b325c449c808a517cdc3ea
SHA512 bdcc62d563a9cd9142c8a7554ee0547d9a10272b992d6e4d2c2f8e64f962806be0a556c9c25b31eb2f8d428009261559448e6bba871c256af724f0f39f60bfb8

C:\Users\Admin\Documents\ProtectHide.mhtml.qwly

MD5 7b1bc3e19d85dbe85afc43ee75565c8f
SHA1 2a9154d6871b0a2f190310a0b1f5829449ac1601
SHA256 1791f1ebbfd0ba7f82c582b27e2ed6721ae3e7e39fe6f0ffc683ae1810f1b23e
SHA512 646558a3214fbb8cdac1b9ef9916671e8b88e1934f8bce5b813549ac3ac1b6df1503640e7abde2ac6d6df8cc23bdeb7a54de79d38dd38085184951507ee54974

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 170cc5c2797138ba89993049cb80ce5f
SHA1 1433ec55081e67edf92c98c6707f0952cdec041a
SHA256 072341e0049745ac68f48d37844c90a284c801fca28489048329d221b4ae625a
SHA512 2a89fd2a34b81b0415213e94c6a9acebe6bc3fd11c11641df28773e83dddbc0ee1f00e456cd19ae01a6d54e2391f757aa5082eff5a0f22262de8f61cb8857eea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d4270975b8b9bb4ac99be297404bcf9a
SHA1 38d2e134dbf1669ea49dd20fdc561f351d5da108
SHA256 1db4044083654630272b226436e33ffe29410c9022bceccf2987c7e5a19b1399
SHA512 aaf77502d82d59aceda9604c0d9a445d3a756f5f096167fbc142e06d9e9c0d5f39c318b4f015cdc72355ad75e016a4385b435061826e246b9ccacbc186d5040a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b34792483c15bd2b87822a9cf9257b6
SHA1 bdd5d2a41a97ab8bc8d8d41ae020b5b4753f9ab1
SHA256 895925ee0fa1366816b2286b3c0c054d62cb202ffa6afe4d052abfb4b3fff7a0
SHA512 17a1a89c41bdbae90c28fb143ac7bb06ab773bb7749f767c6cbbe99dc3c118257d37ffbbafb3020174ca12536ad4ed971852a8421f8a2c1e1ee4ba63ccef2224

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 00d05db482d1e3041eb23f908b2edc94
SHA1 b1a5e4ec8435624ab16602bd42bef6d3f1a76fe1
SHA256 cdf52a3d1375b3f4d698c8b0f1f8fdcb408217eaddab755ee1cc60b5c4764e8a
SHA512 ca6db592559f0f6b7799c76fde5e00821038b84d809f7c6fae118d608e16d25030d41230ab10d134496e03acbe42c53f03353c996efee40652c6801e7ab4a2d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 615e8c7e5753f3895f9dd1a43cd27795
SHA1 01a9886c2e7d87b83ba5eac2d8433cd7a706f22c
SHA256 417c158f141c51bc7a13fc28f4f9505b544d99d8937b89ba965b50731dccbb94
SHA512 d8ae7961590cf7baea9809e3cf223b79d55172f8db53b9085640cbb84300280c3febf839dcaf71ed94798a0ccd5611559705a263efe14b551dd9493ea1eda5ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 ecca8993047150870094c763386eb4e0
SHA1 e77376a1868359b6270fe9924477d645bd5d7d1d
SHA256 bc2822a5efb199dcc655254b162e8e690280697a639ba9b6901133798470dafc
SHA512 28eee493fd526ef4227665583b28d600954d71babf027c2aa6bc8d72684d4ebe8b84436dd75a7fe29b6d17c8fd91f27a08e4d9deb53e8460a518bd7c09ca297c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\09486b0a-5eb4-4773-bee1-5251acd99089.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 981ba740a1c4e683993f9327a3b22e71
SHA1 9f7568ea131e83e32071f92278391d0f61be74b5
SHA256 e373f21a6d8cf1d15b922683f6d381c5105bd383946b63831c451de0fbbec5d3
SHA512 100fa59aacac939def1516b998552e5473e3ef8393d6eec1fd36b98e496e4d56f5f499f0c8751c81bb69d3eb551eb7a1636a8e46143dd09e200a28d6c4ad25cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c8720af458525fb20e486799ef0a9b1
SHA1 8f9c21d6f0dd7ce7490c5e9038905662061a5e6f
SHA256 4d48ad734b9fec4e2228b418026a0e3d469d9ba104d6479131b067367e4833e5
SHA512 0d4258e45ce69457710277752a051c16d94ab65e0d6e72e59e9efd51d02074e046042eedea81f1f86367b944a780291b00847918d34fc3d59b5cfb80dece572e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9d8c04fa3078aedbcce4422d989df5e8
SHA1 d8af1677183d8e34c0c4d72e09a6e33bddfd1e45
SHA256 c57f0d18fe4c68c5183f987d6c79e6efb8263f8d07c40c22c0877ffa268ce0c9
SHA512 238608ee2718a78fddc67d7493c3fe5f7379bf04099e27b0f1f226e80788ae349057fb549f84152a241a7ca898d8d39e1dda4884780d48faab2a787808532003

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ccbcd7859418ebfe013aebd0ff7ff798
SHA1 89a371b741bdec8475da53d5499684e06c6c5e2e
SHA256 2f02c8403487df5d9b336c2ed2dfb2b75427548f72b86ff52593b0f38a1ce0fa
SHA512 1538c856eeb667d7ed58dbc8114569d57d0f0791104c74c32afbc284d95e32cfaf5364d04dce733c36bfbb228496a5701f093dfc88b05f35e34be0f98b1f3800

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4e9fd6e62d4c873cea81a4e3c94b674
SHA1 740d97ac93b82ea56ab1f7682fcf4e6c0d6300bc
SHA256 73eefe0f08fef408fff02daa6eefae09c4ff91caac3ecbdbfb1a56dfebf7f9f9
SHA512 b12b198cb738bbe401b4f6221ac3661b02a1ae0f8b435549782597b5760065857a3b8519b9c0ff5ec4ab468f24ec86ea07ce20b3d8c4a7ddfd78342e3ff4e192

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a39c6ee77105a5931723f823058d68d1
SHA1 5b97d24cbea017bb969f7a4c20741b7903697b15
SHA256 e65a77a488245a6d96182c164ded1e5045c15b27f9d2c8edf4bd93664d82bc2f
SHA512 ab56da8ed7ed9a6f03c2dab85db029a255a399c86af3b0e915984b772d8b718a505bec185dd508fe63a6d8db5888cf381a9a5c7f4e86544b13216a99ba53eb28