hxxps://github[.]com/GlebYoutuber/WormLockerRansomwarebyCYBERSOLDIER

Analysis

max time kernel
92s
max time network
100s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
07/07/2024, 07:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/GlebYoutuber/WormLockerRansomwarebyCYBERSOLDIER

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	camo.githubusercontent.com
12	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648105973807269"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3637012076-1497690007-2831451688-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WormLockerRansomwarebyCYBERSOLDIER-main.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
396	chrome.exe
396	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
396	chrome.exe
396	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 3872	396	chrome.exe	79
PID 396 wrote to memory of 3872	396	chrome.exe	79
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 1724	396	chrome.exe	81
PID 396 wrote to memory of 484	396	chrome.exe	82
PID 396 wrote to memory of 484	396	chrome.exe	82
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83
PID 396 wrote to memory of 792	396	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/GlebYoutuber/WormLockerRansomwarebyCYBERSOLDIER
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffa240aab58,0x7ffa240aab68,0x7ffa240aab78
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1656,i,15520898743052019096,5224079278298808587,131072 /prefetch:2
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1656,i,15520898743052019096,5224079278298808587,131072 /prefetch:8
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1656,i,15520898743052019096,5224079278298808587,131072 /prefetch:8
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1656,i,15520898743052019096,5224079278298808587,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1656,i,15520898743052019096,5224079278298808587,131072 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1656,i,15520898743052019096,5224079278298808587,131072 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1656,i,15520898743052019096,5224079278298808587,131072 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=1656,i,15520898743052019096,5224079278298808587,131072 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1656,i,15520898743052019096,5224079278298808587,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1656,i,15520898743052019096,5224079278298808587,131072 /prefetch:8
  2⤵
  PID:2408

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2448

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
22dbb057c6ef4dc7370649234eb3340e

SHA1
5ffcb13a6db0fa5f473f5f49ec037520993672d3

SHA256
f3364c08079731b20e60ec01916a4581afe8337c6deef341e0d0deddd5365f72

SHA512
a9dbae678a736da4947f511ed198705fd7e7ace2b40a25c5c604610928e43d286994f6d88815ca898c4293370ee62440648c76504a460f9a75f0403d49ce0e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
369106e16eba824ddbea1605c8515f5c

SHA1
813b6e8de7971477c6902d6c517c95326890c397

SHA256
0eb3902a7f51d0e979bb261b6a012c2c9387d6fd9b6ffd62ccd6fd4bf2b8ab89

SHA512
277b1e3b4e5f5ac58dca11f775b47b712811c01c5bba773d7967d4e8ee5cb225692ff1eec87215405f3c6474e5e878cd1202bc16928098395a4c46bd116487ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bf40925d625fe23dcb20311cc87fcd1f

SHA1
ae28e8020f53536187ed5ab60cea0ea3afc45da6

SHA256
b14ae9d899a6c73babb54ab49448069efad81ad64b719a78daf693d35443673e

SHA512
3c34136497c606b1343495ba03584b013632b550c1661dbc0b2196d03c32a660c5cfefd649746c41587d360bb8a730cb2c05e18cf962874caf49d6df7743cdf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
939c7c788932b8389748c75d730357e8

SHA1
2219967144a4648b5ab8ce5e14f9881f3dae1f12

SHA256
5645f7a91754a38a5bd514f6772128744e08625b208e9cc04e036491b983445c

SHA512
67001000fbf438cb2beab7a68fa7365b7098c61e79a77df0fe000540a056be418f8c2f5019eaf23d022b723f290126f1e9fc68885a9f062fa04c32d455e78455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7d81f86cc29d7ea50e83edea365d4600

SHA1
a7d0a492e2610d7bcd3bab879563be8f473b82e7

SHA256
3bf9b50f1a5ec55342544d478de98267e023b6756512ae6168f6f5e2bc9c718b

SHA512
5609947cb22fae56377c35f0bbb8d8ef2a06f25fd60c7037d5bc6078b1ff23ff5c04ad8fe61297a36f1a4056fa87607bfbba34f333f6f311d53f98824ca664a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8c554092b27ecea1aea0e92f8c39cbb8

SHA1
dc296de7f0dd515d9b6dcf68ae52afe63211a655

SHA256
42d13ed167cfd2cfed855968e1198d26e8f8fe46db30a8124dc451701b9a0e27

SHA512
c181fe788576088f6715a7e47f43504db9265024afbd88245dfe57e595955df5bac66d4750333950bd07238fec8fa302d411091fc779db7921b924c6c9f78999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
da6632eae2590a5f1084b9fb83498028

SHA1
2f7e59c206464bb28ffd9b93281dbcf6e124d9e2

SHA256
60c684fb9146f2429dc8e24b4c9a341e068cc280661e07f9a2a598cae2dfbcc7

SHA512
ba0f0e9f8179437a1c82c8ea161346233bdd370d46238d17c7ab3a7a291bba2d60d7c12060b1770b4adf764dda861190d548f164e0bca6fec07623c223bcda01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd87d1186918981491b79dcb62667c75

SHA1
9e23a93c707fda6e2796791da762d68b8f15c97e

SHA256
279e700a7c2a9607301537131de8f06e7e9b036b75b743c58376482edae09e80

SHA512
d911115d17cad4bb845aef0fb295fa7fa934ed8f9544b6adf2c845a73ccb8a992200f3949e18e1bf71cfdd3a8068a4354eded289d2f07fcb3ba4803a4a04aad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
09be76944dcdf49aa8005bbf6b903659

SHA1
73344f2b9f8dc76d60d033eee9eeb483e71d5739

SHA256
4a2a939f6d98495a11a398a6c816f4e30c88e007413c9324382b813625286bb9

SHA512
148bbe738cd819d10caac1fdb408cc7cb3453bbb65b602c6b4d2db0aff36abfb2123b35843bc1d2170d19461b5ef47370837374e579597e36b2323830b9a3f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
e8af0a972d9d3f45c0e7a2f7a23ff1aa

SHA1
43fc4d5030936a17d8d0dd7acf74917c91b98335

SHA256
67cf1616e9c3806e9e0926cc72643be340573cf1c0bd0375bee54a45d1a00238

SHA512
e82f11fd747b5cb24fb0aebf761f0eb3eaae72b8577c32eaa589b092903c3460ec514d4d8df214b7bfe7a892e24fe6f48ed0e64d320cc70262683c09d750bf2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
b9d44cc423da8c1546ff038f84043db0

SHA1
63c16dac04f07ae90ddd2261cca09b254b178172

SHA256
4b59c5be460d9f7d1f6998bc3ab8a9841e8a56913887c7da613b76fb2364a6d9

SHA512
1015ff1c6aa40698dd16656ef07d4ad8a7d96a2d34dc453e49c86509c92a6ca73d98c0f2696d012e0c611cee0db4a6a43843b4f6b307fc2de189f0b167ddec27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a92c.TMP

Filesize
83KB

MD5
6f014eb8aa62a5c9ee0fa82bde18a4b3

SHA1
89cfac2c04b175446131c60ae143bbf975c7c601

SHA256
f18ff44b26adca216f644d1b35ea75124fdde086db368af9ff0939d07b380355

SHA512
04ee6d0e48c220177fcdd0892c2ebd8f7bcdc3edf46d3f58263e4a00be35c580471d6aa6a2656c9c8c0bbc8367e9faf817ce22d1f8bd8637ced1bb46b672f893

Download Submit
C:\Users\Admin\Downloads\WormLockerRansomwarebyCYBERSOLDIER-main.zip.crdownload

Filesize
114KB

MD5
76bb39f6387c4b1e9dbe8325a5691d1b

SHA1
2e6b8630b777a9eaa01ce3fed336e23751be7974

SHA256
bf58f9e12eb28dd6982fbb6d6ad83f87b73ba8ddb6d6616c442eae9cd3c80c89

SHA512
6d6b6dae773abe2a8856c643486a7c00015702c6a9285becd212795f0f48699bdca1e5578bf447bee05e3a37cc1aa4c72516de55a8c33144cac02cd9f8cb0b87

Download Submit
C:\Users\Admin\Downloads\WormLockerRansomwarebyCYBERSOLDIER-main.zip:Zone.Identifier

Filesize
211B

MD5
e846178b6d3c7c4b776479589342c3ff

SHA1
850c330d1f6c23f1ef6514b5874337b26e2847bd

SHA256
cbb4cb67b31276e01605d8b47c8946b45ffd28c79af921a81509560c2f0f371c

SHA512
dcbc851c6007d1528344a12ab336020fd9f5c7bb6516d8dae8a0a789569a45f8c9ef093255e63715b7781e907c64c34de9157c03d3b848e36c06e34f871779e6

Download Submit