Malware Analysis Report

2024-08-06 15:49

Sample ID 240514-t6q3fsee9s
Target http://github.com
Tags
ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://github.com was found to be: Known bad.

Malicious Activity Summary

ransomware

Legitimate hosting services abused for malware hosting/C2

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Opens file in notepad (likely ransom note)

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-14 16:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-14 16:40

Reported

2024-05-14 16:45

Platform

win10v2004-20240426-en

Max time kernel

299s

Max time network

277s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://github.com

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601784564186653" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5444 wrote to memory of 1460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 1460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 1516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 1516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5444 wrote to memory of 5380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://github.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf32eab58,0x7ffbf32eab68,0x7ffbf32eab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2796 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2804 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4264 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ransom.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 --field-trial-handle=2008,i,11744691550613954886,14740992295767709938,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:80 github.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
FR 142.250.178.138:443 content-autofill.googleapis.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
FR 142.250.178.138:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

\??\pipe\crashpad_5444_YZPLZDMYYSLYCCHV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 afad30933f578fef7d92006a1169825a
SHA1 82f327b0c9807203ce55b7578ab705266d66372f
SHA256 b4ea3492390c48f64d8dc2cf75327158aa5aa99a95478e7d9c2f1756a01d5d69
SHA512 5c02ce7871883f7812b3179ac1abdee1f291df5cb0b0c9cb9a2247512add75c6769280336efd8b5fe8dab3d3ccaa40c9694b1b9e47d545cac8e5d7c60c1b2efa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f5bf3586cbe849977af153560ea9497
SHA1 c16fb34e4bb24a8fe5824413ed24ad79b88134c2
SHA256 844872d0390db60e006faee536633145b366e2245fef63ee6201d6162b6f7432
SHA512 3aba7709ddda9dc8ef2a1d980ff7eb7d70e8c25c98323fb3ec641ab98dcdacc4baf7cd88d3c2d1011e72015e9587c2098cfb279a5f8dc37627a4ed9fc5556db6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 675f00d2fce413c9f83d7cf64c6c234a
SHA1 4c3f54c49e0b0625324bde4dd2932d5bf9050e26
SHA256 b82c075dc9d770319577c12b388ee94a6124658ae7c35d14c2fb0f84b7325e87
SHA512 c001036b18c3a1c53b2e70f2e79751f4e2cef0ec990c2fbee0c3e81a6316539663f98c1ba5b472eb9c7810d01368d85a7ac893df7cb9bdf0b16bdf129c0460a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b26ad5d42203606857479cb4891d4902
SHA1 5e9911831047c1b2ee1c4e5ebacf69cfc9afc78e
SHA256 372abd8effa4f9272c2b943e7ad4b67aa479bcdbdebb9502c422891046ee25fc
SHA512 31cde43fc6e872a6db6cc428ef78f2380b802c43f9ff3051679c0dba4856d516cb15127ecbd516c70f263f7144db9ecfbce0af1218cff5b71a930420f56ce12a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5e737c5ee728ec24fc28d441d1a78b5b
SHA1 9482fd8652dfa3809f5f1477af2a95bd5c15961c
SHA256 424dbc51d67478665e69ceb0b41f18ac4ca63fa2edc32f8e9463ce1726223dc0
SHA512 43a42099f0d3e0d1ac4f6c311c44a32373ad8cc89ccef7de00bceb10b7b1a74959906ccb7be357977bc12540b225a4c9b970e0f83b85296dfb994f24e21386be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7720f4f92dd4af39398383420d070981
SHA1 e1307b1f7a3ccd1d569785ee924f3ac0a983513c
SHA256 f45b14cebd0641efbd65f7d0086ab12fdb5d2367b475ce3aa2d200ef7abd57dd
SHA512 139cf713f26a60bf667564d1e764816853f5141adcdb80930a93b62fcf812d178d17544ec59b27445516f5e3f64f3e4bb9c3c46ec2b3929dc3efa131e0e56ad5

C:\Users\Admin\Downloads\Ransom.txt

MD5 ba8dcc2f7f220d1d25bc98a2164ade09
SHA1 124482bc5b4a01b786cf02c34a2188798e5c29eb
SHA256 56c9d07ecd07c4b1910b1fb727fca47f5931fc27e6fb6743c2b36bd13aebdb86
SHA512 0ef14278d1a2082461b1475590077a28f0eebcbe18f5e41c192a13eeb374c9e8db5f501c2830060d2d02da96e35492b497d446fddd783e9b4714519f21c20c20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2abccb44f7875c988b04b493b3c629f0
SHA1 394102b51c9ca444ca3c46108ea77f62bd6b4b33
SHA256 c9c77dd0b1a8092ebac48303ce1d48bc995a90d76a6120b928d6de31747cf790
SHA512 6894cae130bd764be86ff5fc81299f5dd8cbf9afae31bcadc9b65f52d248e695851a29fe8335706fe8b246d681bea449d4c2c458ae505f2dc7ac10a1415d6a08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19536748447045722063af6e6461d810
SHA1 578f41e0c88192312347bec87506de37ebdc0b6d
SHA256 3364a9d092b63cca2d029ae656e25317c743a3ed5e5ad187cc4dc1a1fcd84ff4
SHA512 7e1e6e64bc4a0858fa13fba4e4fb29d1f7df7edcc4328a2cf39ccec50564ea478844387635369e781701c3a1b8c5ef0ddf52e2a1ea73cc70bd5eec25bf69f9ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585d7d.TMP

MD5 cf1adedfac40a322efa2f32774d828f1
SHA1 9b555971211a40d6889adf0d7016085a40ac72d3
SHA256 073efa38a8cddec3105b7969eb697cfc7c2c7b5850efcab448b721e7ce3a6336
SHA512 fd218624f3b2094b2a98eccce07881af465932f39039041daf002ea6b72a1396cac07efc1e894cd26edde7df79b62ac3acf0dda5d007318cf8c5029e4b061162

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a58e852ca0f569380e28f1cb9f6bac11
SHA1 371022a8ab79a4e1f8684dbcf9753aaeebd6b7ba
SHA256 07ac50d4191acfe67f57fcd758e5d7d73c3395ef53a02cd7b7694dc557a5a70c
SHA512 9d7f0335c7e09715030718c72d46e7f34f7c759f143714548d693c57f20e204a9b32177101a92a673470ac04be788843a7890fcef5912bcddb3a40e952bb1b16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6f20db6a878a873e1316f7793b208c9a
SHA1 47e2cf9528aeb8e3962d1f1162020b6ea5bbe021
SHA256 aaa499d2bb5835bda04b4d843f686120ab583b2a5239a9e250782f929ad14839
SHA512 d9c0cdafa0e89f3f2787a0de2d1530e94e53e25fbfc62822b39d5eb80900c09589150a6a4471d6c4644b05fb57221e7d8ca1be77c3ecdf31a378959bc31093ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 1b218c051dea4af03b0defba38041a51
SHA1 d6ac9065f829053f707016e55b0f49684e53f6f3
SHA256 d0b48661befeb3383e78c139937079b916c1f91d844309770d599f18466d0005
SHA512 0cbaef4d7e8739e331099dee1c6ee06519d3171c0fd63974ca09df491c5c8ac6a99871a010f5bd572a59dac15ed59f252a2dd353d7109b99f60c3f610a385240

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 20e285435562648138c2462a6af0b5fd
SHA1 0f5a88f1de7ef15a691337f71a6092c831c02853
SHA256 24a826d82c1917f7f91297d3ed9cb4a3133f1f590feaa01888c26f432e1d1317
SHA512 9a1d985e5a3b557f449c9b1220c721e0468d196fd7e5755492d053b5e1c40abcc0f8a57dbb6536ec58007773d52c4cf2efd74e82abbae89c1b3710cd31696ffe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ed5bd83fd6408b62_0

MD5 eff6400bcbd37ee69b6e772d602a7eb5
SHA1 5ae834bd533cc4d516fb0c1b5751a0f0a3e4f5b2
SHA256 4288e585f2f8c6f31065c72f172b6cb2815495267c232394f129667aae988306
SHA512 467f7cd2dffabfcad188c1ac792acc372b620074387c52fdfa3577807e47e5531b993375f2fbc45ad9b7f9966d25abdb0dbc570c1b40fdec335453fdc21bdc80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 a29026626100b1d07576d31525c7387c
SHA1 35cfdedd6520e8e36859de93e484da190ac2e3fd
SHA256 ff406fd000a989f7fcab6d7f65477519dc2e6948650126ea734ee9495cf5bcd5
SHA512 63622a1f23404407b650290dd81c27222cf9a11152f94851a0ab2374d56d99762d0e5d7f9a4ac6fc45c8124efaeee38e07fed1bcadcbfa3202bef2f222e6735a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 39d40b4ae2eb5813655c9e50bafcdfc1
SHA1 9378e4dd4c8b6dfefb50abf40c9267c0b43174de
SHA256 ccbe3ca3a8358cb9ec9c5ec199aaba0f0ca0bd4bb11fb45966c320eadc660aa7
SHA512 2dfe8efb2bfd71dfd8d85f69c59a124daa4879f6e5e63c719ba6dcc476317ce667bbf61912abe04b51e3bdb943e3a497174facae4b40dcacc33393e733fde7e7

C:\Users\Admin\Downloads\RansomWare.py

MD5 407e998dc28bcfec7e7d05db436959c7
SHA1 371b139d9bd6c2bb34dfa90070eaae7136f22bfc
SHA256 8357500a9860a4433053924e524f9f4eb1db9392395ffcae40820df6e8a52555
SHA512 1b3a110236d5fb38251985830b9e8bf0c3c63deab0b4a48be687983f7ed656b3a155b719ae98c41589e7a6daf9f82acd78ece3b65431819a657693f2f3baad1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 250bd9d5739bf66250e0ca13161a0b2e
SHA1 13a3682849315709b21f7704ac9dce2a6b3e8e96
SHA256 9b3234386e22eb7beabe562d9f61df00ca07cafa1f572229434c6e628b0b0135
SHA512 fa1ac6ee1a41019806de1ff487e0f9653f3f313c2bcedc1114ee7d7dfd03dc61039f448afe677f9521745bf951320ed5361f80e1632a2708c92a3462f2624ea0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0e9ce797d824e57dca41c67cd4c88bb0
SHA1 d1846a66b0eeb3d98a97ef2a17383811caf1b769
SHA256 8e349b92856f917f31eeefd5ea8abdcf2f1a87357159fb116246ede84d4854e5
SHA512 c34064eed054123e6e30840fb2ac1c58bef8f405abe9785b977b9b812caef8fcaa7893bfb9ba2e37e901b0bbb61c731f9748c8c9196da8fd575ccf28262ccac9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9109fcbd13b3f9d8f997ad38e661eda9
SHA1 343ded642d7669e7cf5a7ec0741cafac88ed2ac4
SHA256 2a966b7bb5435ef463d7ecfa76917ad2b4d8ec11a8c37371e632a527b37b89d0
SHA512 96f1ba915268d865cbb000903950636372801f00070c775b40e066818913bad32af7e1c1bde3b79d5ef76846e2268253ad873a934ffffbb9ed974a831c98c895

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 1681ae1d002ba280df6c3c5c46582bd5
SHA1 e1019e43ac1974d4dd5f13093c77e38ab367e3e0
SHA256 215d9f60891ca852914fa6e94012a78911ce47d9652e40f7232d98a8d1c67680
SHA512 6156f68f7d7eac2033eff0841374432277ee105ea8a4122ce8874e015c150be68ae22778c871cf0e3019910baacde0f8859b1653cd6c2079260c64688279b5ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c6e3197779cb0b92d0d4cebc8a4a3f88
SHA1 445027e67745dfae2d7f540bd7f1be115c17e8d9
SHA256 1324fb9c986effa0d5851926a28b2a08df10dab945ab6ffe247e3b39155612ac
SHA512 19b2e60b0724bbb31e19aaf5e00b673e0d0a9285407eb8520a114bd5e3e869d2116c883145998e44d51609e93952c0c85ff1c03a0e3cce89cc528892bc20f834

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e76dacc54d3639e6fc7b0c6d994ca6a5
SHA1 572aed352de3bdd474fe95f2e4f14f608b64976e
SHA256 349f60259d445af0e4b8f5c2b2f4997c354600515bbb5329ab1810f1930e75b6
SHA512 e669b81d1d88c2c3ba3c28852e02e162097279e07ecd6d30037f54e43f5389b1a18c875e40d5255685b1869a2dd90821cdd56c718382d081091a294ee65d95cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b019456701e70e754f515e0cce6fc6db
SHA1 7670a19feb1560d8371000e1c55f31b1dd75df0a
SHA256 1eb93fb065043ba154029b61329e34cbe56f5c5ee3cccc8c60d65ea9a8d8761c
SHA512 f8742795e80925eaaf985e74b8795d0cc48048620c404c1ce57afe52a204e4c89729207512aea8fbaded7ad17e9a9027f080e014b733e88ee0dbf257d7ba2fa3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a62b3a17258c178c_0

MD5 f535bb9c09fc81075539ea39c72ea1b0
SHA1 45a89609aea5da3f3161e9b2f7230f95ebbd1e6c
SHA256 9cd8f382dc325d116a64084db9b96f35efc1f579232d4fc3356c667056ad69bb
SHA512 46515a41aa4151d966dc1919ef2fca4663e8c6bf09accfff2188cde11e449904cd801f4142574e7e885aefbc67bc2aa5a0d0770fb06f16da440cae8d19f5e48f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d2b5ccac928de70a_0

MD5 a5c44cb44662f24aadd597d51d3131ee
SHA1 1796b1bd6258acea8994d108561430484f5524b1
SHA256 bb391a8bf05f660299af1fc8f4a15b3258b629c325893222487bac7e518d2976
SHA512 7087f9dd69437e5f2bc7c25a078e84217aa9b0dfc7cb1932b3eb0f91ef73aa0de948267b275f46ea987a9bc92e5e5385aa1a603957ecb657358515987031fdb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0e0765aeef363541_0

MD5 7507724f2122561cd9727529bbc45693
SHA1 d858f2c5bb0305186c680d3f680e2dc89cff953f
SHA256 da575f3a9f4f2318f73c508ab9d493291752b15161aab170ea8ed5f9f25f9376
SHA512 ea7d5d1019594d1d1e5c202f11de59073f62727a945dff4312c55ec1a09f34f88713f827364ec3f027d1055fba587dd1cefe20d80058f54863050fcc140e0180

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\656a96634196bbfc_0

MD5 084c985ecf0f95c4b11f7823e5a938a8
SHA1 3a55c369f04c2a6c90a93368a1d16c14ed4aca7b
SHA256 89fd0eace23868ded2d32676ead7ffb724944b757ff36ce2f5d40c982c8ff50f
SHA512 238f2ccd42decfbcd0bcee876ffd5ede14442259a1c9a234e8e96e6f86fdd41c6c57d091c93464cd031a6e5f609e941a5f5b430aaafc6909c498f40d8ee6a10f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\22760100ac9f2b70_0

MD5 c7d6348f8c95d101ac1e1fae8f3364ad
SHA1 473eac5355409338ac7db51c8406524c6b668c54
SHA256 c1ba7de13b3d25304517b17ee7c3c8843d29cf076c5b5cfa793b26db339dd61c
SHA512 7818b145f84eacf3dc012cc441157f505dbea4ceaceb55add32b47ce9be484f203165d86a7238a77a556a1ab26cd53e42ff3ab13dfb3ff5c11060b75899be1d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2573d80854619b48_0

MD5 a85efd176db36c3090e74e24a7505783
SHA1 2d6d1c5f1057dbf866151f3bd6af74c4bdaf204d
SHA256 8af8e8842b23663af3eded9a43dab41245b85f9f865ed3952d55ebe42ffa53e5
SHA512 7291bb8934ef9dec335bc93eabca7137720fcdd5274656d633ed13bef7e4d71a4a25687fbca91f7c2c0fc49cbc40a13f5a8cfae0cf3b35e611c9ab5ec0096347

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0a92d7d0f462109d_0

MD5 0513dfdd8b584e00ffa9129a357811f7
SHA1 beb16307de7ba8770bb117f76d77e1bc3d39517e
SHA256 3b69d8ed3fcdbfc9e94fc305c28fe9ea44a4ebf690d9b7499b731ca950a38b37
SHA512 110f5873816f30b3107c4b1bff55b222c4eddcbb1b9adcf0764c0780cd16651ed97dc37251c5cd5141daeaa5736ff267829a7fd49297852a8b53bfa56c5fae89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2f1e4a0dfb3320d6_0

MD5 09066bee2deee3384b625438723a96c7
SHA1 5abf48cf8f7751cc13e84880144416d161d3886c
SHA256 3730bf85bb9cb6cac8c7360afb78f7dfd41aab97e5d9972301315e44e8684367
SHA512 49c578d5e19122cf9ed03e934265d1a3d3473c207912dd681bd9a5250b0a83ae39191b583c3a99356d25e3edbfd3a74bd2df53b87dd011004271948b3afb527f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3c9aee2999092112_0

MD5 8709ec6529c2d07d550c74ad0d6e0c43
SHA1 95d9747e4addd356297dea7ea6a8b016795e1356
SHA256 4d554377334b551ca09cb712fbd8496c5845caa5ca09aa5ee2e718408a585f32
SHA512 b7900ac807f92e28c0f67a41abd8d0e4ed2c9319a6f1488c4cd56d9024e3f35384233195cd4ac6967a999a83fb1c87949e1a9f4237083a466745252f960de7d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b2c2b38a52db28a8_0

MD5 2f0560264c27d49eac8fc5e119e9ab75
SHA1 b9b08c47a86b46a1f7547050327351c8886c9be7
SHA256 64bd7ba3627927e13ed41baca0fa49e0c8425965424926883b7c26acc1130a98
SHA512 6284d792b44fd2a29eacd2be2772cea63cdab823fc2f5664a7227820f5e1946b9b622e9afb392dce5bc3e15685ce01e33a88d26ee113d61317803979059a9135

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f80b69b1dde0dc7e_0

MD5 3db9fc43c68db61d51dd67b00965b353
SHA1 d3e6a4579ee2d469c67d3ca8a9838b13af551e3f
SHA256 b606cb73f175b55e24767a166045d822e99bd806711551e28b4d91c24b04f2ed
SHA512 6b705802c6121f9f5c0f0a32e55370c25438b679a60af0a78c785ce3188949e95c1181e88b9419c2be6b7373dec3c1febb95e2285eef84e974a3a588375f1ffb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 28856535d0755273b4a56b0325bbed6b
SHA1 9e466349161a2db3741537be565bcccc807a12df
SHA256 7a209a7741050326f601a903afc367692b5ab2314ac96d8ff71141c0ba6c6538
SHA512 9fb6b94978beb58d68ddcbc8e549239f54e858d2b0b9fd5b3a43da8697d866f4b1ab1e6bf340724965e14302ee8a839678bf2d4364125103e2e4bc38e465fd1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 317704b3d4b34a7c5df2bf203edcba54
SHA1 cfc40b61c5c6751514f960ad813cc121124f4ff7
SHA256 b5afa808497382c82f322d628914edfe24bb9374ff833f5415035b1e3ac2401b
SHA512 6010e36e3c6115660fb33e30696ac0f4ed4a94e038939e377637780c6541664a57ab90e5f913c04ba701086769e27fd9f5603c0b82dbe368f35763fc42f58513

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 960eaadc2425452c440c3217d7dbe849
SHA1 926bed0d87beee0d80c4c5ee9563a6820e7f6fb7
SHA256 e4f15ecb11ef5308be96b754970e45af93e693892deddfa577995c290483265a
SHA512 586d2b1617ba5a5a96b54243b364a9d9885892ce6135cc816756ed925280e9a41f60f4df995f905d328c4133bb50117a52ebd49371ab8f0e8793abd2c5ef51ea