Analysis Overview
Threat Level: Known bad
The file https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/NoMoreRansom.zip was found to be: Known bad.
Malicious Activity Summary
Troldesh, Shade, Encoder.858
UPX packed file
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-21 11:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-21 11:22
Reported
2024-07-21 11:25
Platform
win10v2004-20240709-en
Max time kernel
149s
Max time network
147s
Command Line
Signatures
Troldesh, Shade, Encoder.858
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\Desktop\[email protected] | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133660346349762864" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase/raw/master/ransomwares/NoMoreRansom.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff904346f8,0x7fff90434708,0x7fff90434718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,17400405778938111267,16662504175630584977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff80e0cc40,0x7fff80e0cc4c,0x7fff80e0cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1740,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1736 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2456 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3392,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4516 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4840 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4916 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5324,i,11450505293904766831,1793703975618013858,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5376 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:57742 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| US | 8.8.8.8:53 | 244.244.23.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| N/A | 127.0.0.1:57755 | tcp | |
| N/A | 127.0.0.1:57762 | tcp | |
| N/A | 127.0.0.1:57766 | tcp | |
| N/A | 127.0.0.1:57771 | tcp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a499254d6b5d91f97eb7a86e5f8ca573 |
| SHA1 | 03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1 |
| SHA256 | fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499 |
| SHA512 | d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c |
\??\pipe\LOCAL\crashpad_3532_CBIEJLFFOCTXCNKW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bafce9e4c53a0cb85310891b6b21791b |
| SHA1 | 5d70027cc137a7cbb38f5801b15fd97b05e89ee2 |
| SHA256 | 71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00 |
| SHA512 | c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b99802bb4191f6b47189af3f3c6be246 |
| SHA1 | 0ec187ef3ec6582fb1c64499d96c14327cbd4e5f |
| SHA256 | b9341e55e1dc1140bc45194a9003ff7869480b1918eeb1a995cfceb923f754db |
| SHA512 | b0329ea1a833893a23af1e35fe082a41f6ad1706b259835e4a285b97e78c8f5c7ee6186da342d2b1a4d60da265c20cfb48aeb0fb32deb495caf3200d33fac28a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\NoMoreRansom.zip
| MD5 | f315e49d46914e3989a160bbcfc5de85 |
| SHA1 | 99654bfeaad090d95deef3a2e9d5d021d2dc5f63 |
| SHA256 | 5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7 |
| SHA512 | 224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3ae48bbc68774b383d41127bc30a06b3 |
| SHA1 | 3777df8d86439ef625c86eaa1cc44e31ba309529 |
| SHA256 | cf7edd55aa5ba4ec4a69b9d9be220d8a485b0a1c9fed6c35e427da29c3d95781 |
| SHA512 | bd6448c7432c4c77e06d5ceff72bc2ccd894a8182a0f467c85e5876a3f78432074b473c36acbd0866053b9aafb10db2328e1b5f5aa53ed84105806572968e7a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0b09b426565ba8b55629190172c064da |
| SHA1 | fa747fd4f2c6281849b1c09af533d04cd48fa1e8 |
| SHA256 | 6b49de4270bde53964dbd511ad702cef468b15798b8cf820a44333c1d22caada |
| SHA512 | d2727f8375f68d3dc4f28825cb9b4643ed382e8c78e25177a878a444c39dd3e1010d78783b66c216a5dbbf457157b89d40753b18e5a2bf8a836ce197c2ce03d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2c2e6472d05e3832905f0ad4a04d21c3 |
| SHA1 | 007edbf35759af62a5b847ab09055e7d9b86ffcc |
| SHA256 | 283d954fa21caa1f3b4aba941b154fab3e626ff27e7b8029f5357872c48cbe03 |
| SHA512 | 8c4ce1ea02da6ffb7e7041c50528da447d087d9ee3c9f4a8c525d2d856cf48e46f5dd9a1fedd23dd047634e719c8886457f7e7240aa3cc36f1a6216e4c00ee37 |
memory/3712-136-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3712-138-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3712-140-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3712-137-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3712-143-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1544-144-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1544-145-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1544-146-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4552-150-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4016-152-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3712-153-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4180-155-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4552-156-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4016-160-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4180-162-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2256-165-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp
memory/2256-166-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp
memory/2256-167-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp
memory/2256-177-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp
memory/2256-176-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp
memory/2256-175-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp
memory/2256-174-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp
memory/2256-173-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp
memory/2256-172-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp
memory/2256-171-0x000001DA3D6C0000-0x000001DA3D6C1000-memory.dmp
C:\ProgramData\Windows\csrss.exe
| MD5 | 63210f8f1dde6c40a7f3643ccf0ff313 |
| SHA1 | 57edd72391d710d71bead504d44389d0462ccec9 |
| SHA256 | 2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f |
| SHA512 | 87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11 |
memory/3712-179-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3712-180-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 78f3dd894aeb1530d2a97e2025476668 |
| SHA1 | aa855aeba1e4c1dd6d4c33c5617b4937374f178a |
| SHA256 | 8397c08ccff92c027d1b407d8f0d1fd474f0c39947a5a06e168a819f5c528bd7 |
| SHA512 | 6f85af30dc07c98d1787cffba3a196108847e3a60cd73ed60109f3cff5cbd761e47173a64721a4b6af17220f50fe80770e21e4fb272f2afcc10655568ba0b77a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | baf30fdd36390395e08110764b8fbbdc |
| SHA1 | 06369c38c1b47364551d111310e1d11076e28539 |
| SHA256 | a64b40162f91b3d5a550c6a395dc00ba95ddddb62b5811a190953606b8d89689 |
| SHA512 | 856d2088e53666612522c4bb49fc44a8940bff0445596e93140063b10241585a523563221f5e02583381012706eb5a184d6c4c0ce05ae533aabe1f0dc0bf62fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 38c85ea21bf290989abc012517407dd9 |
| SHA1 | 6acbf91a6e78b96f20f0dc99009d4ebc902b1cd7 |
| SHA256 | 9d64dacc4c54b0e1340df77988b2cf01e6e98586d3bfc2bd04dc6cd0de73205f |
| SHA512 | 9c25bb2b34c522171063e8c497b27563cd35456640833671538a3d0db6399a743d5d70e0fd58785f56e60f0498ef2b108e20483873849c81848b7f768cae5016 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1d072a9db966275110a6ab4e93bc1e8e |
| SHA1 | 7b0cc49cc83429e774bc18d5b15c179a468acb4c |
| SHA256 | e5848302d9f5c57add0e87f5a8d398ccbffca7d71df154ed3d8b7d3a470deb26 |
| SHA512 | 164b2ac6fcd261f1f5b671273e7573a4803aae649002a440df0cffb73eee3731415b39973f2abc5b896dc56efbeb41fd8b28a105d001210b61bf0a464c46fdd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | abb43758e5ac28dda6ad6d8421570e92 |
| SHA1 | 9b47f0a008d0d94e111c83f864739c1147ed4bda |
| SHA256 | f4a42650461cd31db49ecfb078975a085f29dd4b20e338bbc5dca418cad6a3f0 |
| SHA512 | 82a913e86cabfe0112ef3e21f1b73d1c40206d9790c3840ebaa0cb47f089fc5086f784e58cbf186a6767087c9ebeeb216ae8f5363ea62759caf49aad43fb3fbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5a7eec352961c379e07765e8964338c4 |
| SHA1 | a0dd1beecd3951b04d3ecd49b5541fdf5c397982 |
| SHA256 | 6f5e0baa06bd019d8daf149c4a17e7d2ec3ba7809f0436efc6f01c72d6d77189 |
| SHA512 | 6b37e5841f08a2154ce8dd23ddd7faf08d619ad3db77d18657bb60a788947f02fa3d5eccfba0fb1393d76322601108b98373af57a55a97cde3b7a5cb8cf085d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 72dc1b00cbd8678c7ef6f4562ca80259 |
| SHA1 | 6b1a342a7b9c10f8c3d4c97ddab3ad666df2cee7 |
| SHA256 | 105cfe13a8390f50fdbec81c990a9b8487b44fc4202bd3362084cf365c484e30 |
| SHA512 | 5a84d16b20fefefcf1489bda0e1bfc9c1aaf1bb1d93a2f199fd39697c34a7b0b8c56275378ee854c4c7a947c864419783c6f880169164025b0cace7079fd4df8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 70abdfdef4ee4ffe9db904afc930f50b |
| SHA1 | 31964586279c7a0c8399ba2ebdc595c31152ce45 |
| SHA256 | db7bc923e10fdbb24d642e91b60e1e8d160ba0871dac229406a508415af20f4e |
| SHA512 | b3a0561e7a8669dfd5661ef52f99e5d89e6ea21ab065a02fa6805504831cfc42619c9267b714da59081ab91b33eb78ca5bf7b731a0cb296fb2eeb3646e093de7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dbd27c0b90fa4e98dec670ea00f87e34 |
| SHA1 | 439aa9ca3420a76ddb55fa22ffc747be3673dba8 |
| SHA256 | 07701406c637a10f479139b88abec60dcaf23af188d6d35a228aaf9aae1c2ffa |
| SHA512 | c895d76d56fca02aba53f3ccdd4e5b78b3bb509c3a26a0d9808d9eb28768fee319e45713fda2456f779d477d7630d2600480ea976a0914a0e62516ab3de7e1fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e93980c4122c2570bf17a0d1e2c890be |
| SHA1 | 14efc026bd1c58446e9788c98d57aa83d466d639 |
| SHA256 | fbb4f93711e0764d9da85564803f688cd89f5763d5ace9ea169ef4d9d7f9c5f0 |
| SHA512 | bead31cbc82774ceab7dda8c8219052588a0143d4a0c05905e9f798405175952eae07d795ce62600a3292860db2086888e00f6cf153d29cd102e59546a2fac52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6883dc81f7876e35e7be9a6b25af53a4 |
| SHA1 | fbc94714a05e5a33fc2f81702ba6ce30365ed2af |
| SHA256 | fdd313f03d764d84a2bdcc60a9bf04db113068c949c8dcacc87a62d54c0c469d |
| SHA512 | 0365e0f065dfcfa32c4469fc74d15add7300d8d8e8aba6f36d0b5a7edb9e0366f258ee7aa073540dd3016d03afd5d255f10708720dd37ff09a8de872192b5de0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bdfa8584bc88b4cc74e522fe3c2846ab |
| SHA1 | ab51b216e45ad6c5998a20bac4740d5997f2b648 |
| SHA256 | 1a184fc12737f81de3bf36c18ac724605a4cde30acf781690b409f893eb8db80 |
| SHA512 | 21c05950f71341e133395dc4cbb5aa3bc9cefd2e54dca22b6976ce58713c6de687264a0199c698a648f50032e413e7a5236d97c0a832f8fea72184f43b0c417b |