chaos | 0a9f4f0c2cb65e6fad3182af10ca77c78880e5672192be7ccc82d7b476808e7c

Analysis

max time kernel
899s
max time network
894s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BuilderChaosRansomware.e/Chaos Ransomware Builder v5.2.exe
Size

560KB
MD5

02a37759bd104561f7730225388526fa
SHA1

e02d8913f43d8d7843045d25eb369e0e086d7fb2
SHA256

38adb3e1431726978b41a80227f22159fddfaeed174ddd2d569e6de4177d3589
SHA512

55967de3de1ec177fd1f1d34571072c8fc3e3e4e657d35260db405e6d9f02fbb143b3a9f3d5f423572212e46394fd6953bfcb3d7fcc199126b5710dcab5af0f3
SSDEEP

3072:ERbKSiIsAumFi2YcRVm16Pn6uXFsGoi2YcRTmH6PG6d5kCQLajjjjjjjjjjjjjjx:ERbKediWm16FEiqmH65aziym168

Score

10^/10

chaos discovery ransomware

Malware Config

Signatures

Chaos
Ransomware family first seen in June 2021.
ransomware chaos

Chaos Ransomware 3 IoCs

resource	yara_rule
behavioral2/memory/2836-1-0x0000000000FC0000-0x0000000001050000-memory.dmp	family_chaos
behavioral2/files/0x000300000000072f-18.dat	family_chaos
behavioral2/files/0x0003000000000741-28.dat	family_chaos

Chaos family
chaos
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806033468628720"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	Chaos Ransomware Builder v5.2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "4"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\NodeSlot = "5"	Chaos Ransomware Builder v5.2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Chaos Ransomware Builder v5.2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Chaos Ransomware Builder v5.2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Chaos Ransomware Builder v5.2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000005ca376df9718db011c9305789c18db01c0f507789c18db0114000000	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 14002e8005398e082303024b98265d99428e115f0000	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 010000000200000000000000ffffffff	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Chaos Ransomware Builder v5.2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	Chaos Ransomware Builder v5.2.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	Chaos Ransomware Builder v5.2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	Chaos Ransomware Builder v5.2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Chaos Ransomware Builder v5.2.exe

Suspicious behavior: EnumeratesProcesses 29 IoCs

pid	Process
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe
3576	chrome.exe
3576	chrome.exe
640	chrome.exe
640	chrome.exe
640	chrome.exe
640	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2836	Chaos Ransomware Builder v5.2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2836	Chaos Ransomware Builder v5.2.exe
Token: SeRestorePrivilege	3016	7zG.exe
Token: 35	3016	7zG.exe
Token: SeSecurityPrivilege	3016	7zG.exe
Token: SeSecurityPrivilege	3016	7zG.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
3016	7zG.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2836	Chaos Ransomware Builder v5.2.exe
2836	Chaos Ransomware Builder v5.2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2764	2836	Chaos Ransomware Builder v5.2.exe	94
PID 2836 wrote to memory of 2764	2836	Chaos Ransomware Builder v5.2.exe	94
PID 2764 wrote to memory of 3484	2764	csc.exe	96
PID 2764 wrote to memory of 3484	2764	csc.exe	96
PID 3576 wrote to memory of 2404	3576	chrome.exe	102
PID 3576 wrote to memory of 2404	3576	chrome.exe	102
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 4516	3576	chrome.exe	103
PID 3576 wrote to memory of 2132	3576	chrome.exe	104
PID 3576 wrote to memory of 2132	3576	chrome.exe	104
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105
PID 3576 wrote to memory of 392	3576	chrome.exe	105

C:\Users\Admin\AppData\Local\Temp\BuilderChaosRansomware.e\Chaos Ransomware Builder v5.2.exe
"C:\Users\Admin\AppData\Local\Temp\BuilderChaosRansomware.e\Chaos Ransomware Builder v5.2.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rdscumy5\rdscumy5.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6748.tmp" "c:\Users\Admin\Desktop\CSCA671522A723F4E1FA2756FC2A45E152A.TMP"
    3⤵
    PID:3484

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1396

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap2420:294:7zEvent21389 -ad -saa -- "C:\Users\Admin\AppData\Local\Temp\BuilderChaosRansomware.e\BuilderChaosRansomware.e"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa6debcc40,0x7ffa6debcc4c,0x7ffa6debcc58
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1940,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2012 /prefetch:3
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2344,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2340 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3444,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3748,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5208,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5572,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5432 /prefetch:2
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5592,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5092,i,16055392866275360668,1118732241585246755,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:640

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
efcdd3adffab9500fae61fcd71c528db

SHA1
5b1e8a4a825e361994e9cc781c7058633d5aef34

SHA256
dec7132c5ea6f9cac4f3c31c044f8cbd063574aad87ae1e0a09414374d04c8e8

SHA512
977793a7fd5fbd6f4d528cb358bd3506eae1322068fe8e6e22161e488d2de960f183871a78c50b41f739f7ab03ac85aa9f875332cfb90230c7893f68542a90d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e4461079cbaf5a4cd4e2af43a1938716

SHA1
fde328be70ae5c9e3f4c6480f2ed0a0af14fbd2a

SHA256
677269b215d343a197fae9fb832f1963dfe5de7b4eba5e1b7ca713ccb92997cb

SHA512
2d5939615d5ba0ce3e784ea8217684c118f48f1ed3fd9c42802350850a9131490be03cef25319765f70e72db33b64335be2e0187ca5aafd27a09614d1a2e78e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f2ae4747b7be34e13a0fe081667886fc

SHA1
e564210eaa8821af6634d95176883f9f516b847f

SHA256
699dec873936bc9e5fc696bef679c47e0f70f979431b9786984de350ad5974b8

SHA512
e1fabfd244a565b414b02460b2e1c0d9396dc06fdfdb4785fba61db86aa001d888da2c21c99f4462827295cbc31ed45bcbfe9be8fbf378c0a1d70292b46505c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e010878db8ff329a2b2bd3b0e559e863

SHA1
77dadc26cec3f94a1f61bdc52457986261184d02

SHA256
ecff098e4ef8f44af28373fd8107bdf632dfcfa5ac33e2e7e44a1564bfbf5fe3

SHA512
bdb000347990f4238267426497eb1df276d89b73c04c99d8455b3d6f37735c94ca66615f18a46025caba2a6679d2bc6be5d66b8456705213a070093e7280b0c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
68b116a689911699b426158f50a13081

SHA1
454fe317234f523498c46c493799097a180b1b8e

SHA256
48df871eeb6f3cf6a78783a9dee18183cff306a2eb9ffefc730ff6ffb722c4da

SHA512
b42f263ee0bd8bbdeec53d487e3df3e9057ea05d8c45ba780bb014875861c0ac050512066cd51c2ec2102c6a3c6f7fa50a377eff0b55ab4d36d6a40c654b6c26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
833c320cfeff88c51ccec28e955b6534

SHA1
d278e7124b9db538b01edcc5d46c5e98416c9d4e

SHA256
a7b3221922f92f923e1fe9c148a40d66c44b40a72cbe6e4c87aea22ec5776c90

SHA512
49431aafb89a796af1c7c306e708164fb28091926022c7e98645eea0d184787a50a0e95f889d628973c32eab6beabbd2f2d1adf88d588915e08063dbda26656a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6458d92a30424df987262b701a2b196f

SHA1
0b8284f57cd2801cd43b5b79ae50c019df8c3e93

SHA256
c1cbf0ca20717b3b0fbbe008fccbd73275e4acf64ca83f420f194b917752b34a

SHA512
dc08a42e6efbbe71b75424259095fc73b9c39068f82c3c01f969da388bdf2d48bd7ae25c9e9c45d662ddcbee528cf15d5e083fb78c585f1a8947fe195d032c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e296d771a3f510363c0318014df2df12

SHA1
a6fb9afc568089666e2c38f410b474471b480a32

SHA256
b62ae6818eb47e08af182bfe6b9fe0737418b3dd1e8778bbbba9bd2945507fce

SHA512
872c0864c946a6be7d2edf3b6662dcdbad02f8d19d0b2eaf328f6f91db8f5270c6881bd9879d34833075a97986eb7b2680a11454c1867e576f44e6c791cc2e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b0dc43a3ecd0c9d4fcce789ecce17a1

SHA1
95162abe25f58964639ec68681a1823a02957010

SHA256
27665dbee85013a91f658371f925a50466209dde6fb205e7fc5f3787a4c5d35c

SHA512
ddf54e57541eb17443c4e73496ba69a915309195b4ea709094fbb9198219045231008dba0d6a8ae1980c73ade64043b30680e4449159b2700965140b432dd3bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
546dd270c1a7dce24beacbced6a4db91

SHA1
cdb4d108f450a23913983885e89331c1dc9f7251

SHA256
124e3652c61ff07e9a45c84469e48cbc9af0d2a1c8b04b200b1173f023ab04ee

SHA512
1ae706556097223d08a9be53236915950af31b1807bf094fc25a2644ead98a3f220a8ceb564fe0cdd2af7ba49301d459bddb2bcab8897e68356dfccfc030c128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c264dfd0bce6c211002a6bfd230fe6e

SHA1
9d6ccc0111092e5c41dac1c8c9bbb92a5599093b

SHA256
de2bf8f821e6ff8eb0619b7e93abc2a9d6b6a0608bf71efa7fa7e0b09e31e44c

SHA512
c7deafc7131e0831daa9a377d6e790aa45b7ac74310d75fd984ecc8a5897b18d7f24586e8e61bb8e61396a8e16c0698fb5f213b55232e20488638073e204d460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51f97b793646c92a2057273510eeb062

SHA1
c36de9346d1539db7ab61e76a2ed11823195df78

SHA256
31f263a0b9cd470ed356b93180b00f97529392545117679f6f4adeec6264a3c7

SHA512
5abc1bc2fa45045854164b7a92b019d785f7917370d681f85d326ec8151a702c03cfdd79c2d0003a296dd4e7e493f6b3235857e9ce9e48e0eec5941eaacd8409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8dd00445f21446ae7ebbc227b6d08cc

SHA1
d032ff552a0b9391217c8f41c2f5228df441f3da

SHA256
1e51e82f4103b1f842ecca7e25797014b8e3048348c9b7eefae5162887c319ef

SHA512
595409b64348ea0f8147698e6b588cf18f1b4df3c63c9de0671aba56ac2b89811c7734c5500e9f1448efbc0d44f1fe868d7ffeedfbe000a5a54aafdd49061ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de5f2d35fe6fe14cbb9ba2991b6c9061

SHA1
1fd1dd4e4dc64772072cc8aa4cca346c02794f3a

SHA256
bba3af7d5940a3bb6da280a1ff546863d02cb3702bd759789268f6bbc1412ec8

SHA512
4eb25d9c0bb82c1707a483436eafeb94e5d47c41bb83085d80fde762dfeb6f060396842d633c2aefec75c45b313944cd8754e30bd6d6911504386cde7cd0eea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0eb7ff42d3c72a0bd53ea2569a0f86ec

SHA1
e4d587d2eb403f76f76b9502f834b93553da9c87

SHA256
9bc6c8a276c44cb1b07d180c4e98e596571cfd4e6d323d6ed88a9bee25f7b0e5

SHA512
0da3998bc46211f73220d0f22a1859153d563a70d3a4c7e2f1f727c88947df387bf315cea23a7682de6c8990b6cf44242de6056ffba434fed50152933630dd4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10f15c79b0915475884f4ccf5bbb8197

SHA1
55e9bd4d5b42b2d31218cf1c0e6a05970ca563a6

SHA256
7b6f557ce86bbd6422d82a30b2c4bac62a936138e0c81e0e51e6df359fb5d10e

SHA512
c9e72be96ab7bfe905119eb768f609d598053915942f44659ec0a597b1ea2f94b4ddd9be65c5fca1c4ddd8f84023f3008777e9d6fc9fb9b74ced02a1492103d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a63875f50c3378068388af0778be6b5

SHA1
b7ec012a31e9d4bb3d3b31ea109553726edc8765

SHA256
9b276f621ae4995e730f792dc69b57c783c0a22ec2781a3d71a9b94e7c527b68

SHA512
17528401c0d1d3fb00912c75e421e92626aad9636a31d6c76a6df44240f8db88008add22b8730c9369711894c6a25dabf5516bdfc47b873f60a4720fb0c98752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2149341a3d7629106948e65947910dc6

SHA1
e036cc00d6e5a59fc9320b8b20d072197e1b0e43

SHA256
de298fcb00b5047056ef78915c457a0b0c7c6384fdaa525f23f777eb26066f4d

SHA512
24c4163f81d17d2854bfd6d14205c481dde31a79f62910f88bd072ed408d2b54500f3be80438b05e384e34f2d0ddbbcd8ef2b7c0530af01d58945c444f17c88f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cda59c33ce34f3c663c4f1e79fdf5c7d

SHA1
185e5b0b26cf97b48c5a591edeabe4c6983d3a26

SHA256
52c58e51b3579ef5605721e223891295a23a3a535d38fc0d8f893197edc6c68a

SHA512
6e6007fe6be32dce4adc29367ac1cc362e430b9403e3b56255e57cb13a68666b0418b4a6927b61d4054d446c17729a8f7566b148ec59b918f7b087c1ce191fa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7facee155ff0387808a37aab372ab000

SHA1
0ee1342dbfb1995b88c1cc8e308c313252f2d96a

SHA256
baa00763acd06885235f1714f3bae9da389514463fb59a8096ae778d7748e704

SHA512
90831a7bdd8a7718577e11339fb0c4802bdde0032eb6ad53f38068a4c47877d8098bd999ea1831a154bc088ddc83207159f6845dea23a4f3639bdf8f1d87f1bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa6fae9f52f16a46941e5892970bc2f5

SHA1
2c58ab474ab175e90900c93829006740b35e5d19

SHA256
2f7113d0944e8331a467b11d4d863333dba4c179a4ed4d6b9e733d2af89cd665

SHA512
e57effd248e53fd26557e395ab9c12eb8f4ff622afc293949246d8a7ded78d424d544c55f4c8e3bcc602466945ed96e7fc90c7e262a7d927b85ca1724fbb3809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3483f3b50f6422f232114bc47d352377

SHA1
a7069b5bbef1f1094faa304764ea6c318d26e78d

SHA256
25dffddc59705dc0950531e043c86efb025c3793f26f040399fe3b65b5677e83

SHA512
5683f65ee4fbf95b44cf116015f7bfb7bf1d8587fd3928806055412a5d1dac746901b09358b9121d9fbb56541b8739b0516ab7055e126afeac520c08872876b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f44f0778fa7d6b2601310444d233be8

SHA1
a14cea63f0588d2657ab1eb351965612affe8f1f

SHA256
8ef404d60a87ab14e61875ec568b854a5e9b3854a33e32abf3dd528782e17de3

SHA512
60f0fc5b7c941c2ae06470889055f537934f74442cdc418336e730f54a66a8e1f232e76537e950be6db74a591643aa8226b7d8070577fbd8a842c55c0ad9cb9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd7619abf5da522a1f6da8481c50cb30

SHA1
954982d9cfc2981b1fa54469cff81c0e6857cc74

SHA256
b2d5985708a71ace187fe1d4394439e6770214c4bed7c3814200826a44ca3b13

SHA512
fa4ee8da290335c251037ca8608ccd4bc08ce1f5d7ddd6d1c8250e508a3e0806480de8bc5e48193aeae9663b3c5d16408b0ffa5e5f00ad76c7c46fffe9933e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2ec8e0e741e72b30e5571d751e0f185

SHA1
06fecd58de8d70427522897b0fc9e08f4747e111

SHA256
e10a46286ac50ea99974141c46f61187101bb124314315345bb9036e1be657a7

SHA512
f10b175dcd576c88f5eef2b82a733d6b01ee37a06ef72114a913b2c05b95c313ed81bf7927cfb77da16de4fc3df7ce9e7a23cbf7e812cd87444c96415dade347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f5a32b2e9738fefe91a917b81ceef647

SHA1
a44093d41ed850518ad0b784d6df0d3437ef74db

SHA256
5b56e6bc28ba6fc54f18d45d2693d2ff68a7d6a33ec1ea7beb67bfeffd96ea6f

SHA512
41bb9425f2a75be47f2794f93f4f1344a23da3fa2ebf2c5be199cf52e60b6e07333c90f742456a570eac58149cb0340344a13d67150a1fdf2b02cb0f5063d1ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5e320de8e51acf303fa42def3fe33340

SHA1
b56ccfe474ff0f8c4b7389804a0f236e0eda2ba2

SHA256
18e5f3840c9f7ddc21e23cc664aba1c5fc16caafe83edc73c44b7fa26deed82f

SHA512
65bbc59bee4d7ec19728fd68c48bb5ed084ae2ba7a59e9525cefec9524e749a04f69b77398c8a722fe643b7dbd1c8aeea03d0289988f58753bf2f42ba5998c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
79a0b872e2e2efa5dfb5c0b4fe7ceded

SHA1
cf8ba9f6d7cf3d8e1268e974d2c41ab3bae8d38b

SHA256
a1759a9cfa3082990a22c6def09ba5e8e8a9ad744ca0543d0b4dcff91ff608d5

SHA512
f7013914e762513e58f8379ad9bdf4456107bd0c0f9579a0c972dcac2ab52d69c18b9d47f37538708aa6c8065fda65a5fd7ec4c7782b0bf873a912607475f495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\af44e2d9-37ee-4e01-85a3-b677b4ad9ff4.tmp

Filesize
9KB

MD5
650f1ec5a84d05cbcee8e311a93038fc

SHA1
46f29692dc2f344e564adfa24f5755a8ddfcff6b

SHA256
ba6bb37a8fd90b0084c6621fc74acd4eb83204de05a3be0d2cbc11185e036835

SHA512
3b9dc0b197edc7413a3623fe4f4efda5d3dd6f9ab2a6fb563929bcb0b0669d3e929fa1418db17159239a7b4c67caff2234e3f37e516c8515f7f8eab013d51bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
61ea557dc8f419cbf144ff469437027e

SHA1
207ec16426e2438774a84f1fa77b6487dfd53f1f

SHA256
45d1c0b96c16f9658eba3ca23b74d6992619fc1a3728f1597e05c4d12c288298

SHA512
68a362deb1629a16cc5bebd92198f5843305d253907d60f5283e5274cbb3a3245ebcaad96ea62105163377e7c0a3b60344aa3063fc06dd333ba341b092428875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
c38e391d92a9176cba5b8e4d65cc77dd

SHA1
3c433d01b171c2857baad6fc624eb2cbc54792f9

SHA256
29a37c272a950fc08d38a05804a68a6ff096fbdcb4b261259db83d46ff6fed28

SHA512
b663f44551b0d1d16a269eb7162e02ea5c8c852258ebfa2603f62ff8cd2d6aab8d169e42dd667ce7489ed23372a07575bb1f1f676ef1089f84c8180ac43d9459

Download Submit
C:\Users\Admin\AppData\Local\Temp\BuilderChaosRansomware.e\gooning.exe

Filesize
24KB

MD5
564b6d4d5393456a5e618d95f3dcdacd

SHA1
ae08e71706341d36e4dc0a2655fb6b3d7e7a1f0d

SHA256
95e0338bdb98f4f883d69fc6c411bbbf2676df852a7a6079f48a89d1cbb3a7df

SHA512
dc65f25c4abfb94b0db72b121f88f76c6ddd011fd9a1df4e244aa8e11cad65c4b7caff302699d05d3dfe059585116c982b6233dac4b42cbf8d0b111e63985ee2

Download Submit
C:\Users\Admin\AppData\Local\Temp\BuilderChaosRansomware.e\khsud-decrypter\Decrypter.exe

Filesize
221KB

MD5
66d143bb6bd01d4ba6f6177caa55438b

SHA1
88e42ca6271d70cfcef1a6bbe9c30157b79daa48

SHA256
fba37712e5238d5e01feb629e7eda6e527952bde7e2d6f7e92f943a836423010

SHA512
c1f9363dfed10b8b24af94b4ec27e11f55dfe0412d8d0222448a8cdeca0f06e2bafb3f16e3f788c2a5e0f138f586ca77b9d7fc2250824acf2f80eaadeea0d834

Download Submit
C:\Users\Admin\AppData\Local\Temp\BuilderChaosRansomware.e\khsud-decrypter\privateKey.chaos

Filesize
1KB

MD5
7472439f77bf83fbc5d03d9b4a7f5cc1

SHA1
22f5e576df0e43cca020b215b6f740f3074afb2b

SHA256
efa5a1b5b1657f90351cc6321d71bcaea43d5f6d0b4853408630f614d3bc7710

SHA512
6abd52dc06c375b49b3636b2f8a45a2b25a4e4863ebf9b8a72eb2e04a494ef684bbef3992ed3dd249ff26edf8bcc7eb45f122e3ff31c55a683ab725a9abc9672

Download Submit
C:\Users\Admin\AppData\Local\Temp\BuilderChaosRansomware.e\khsud-decrypter\publicKey.chaos

Filesize
569B

MD5
7d488d0b25c8f4db3e934d069b6e0358

SHA1
72858a73b7a4e43dd225ab78faa07dc3320780cc

SHA256
20eb50a277b86b4ee87c88a2af7d37b3153453f3f18791fa627bb97cfdd645d1

SHA512
123ab17789625dd123fd4ceb4a5f0bdd43d4faf4e30e597691742c5f636b8afef271761f72de77c520c084209907e04eee9c3b4a08cb876e22a821ebb256076a

Download Submit
C:\Users\Admin\AppData\Local\Temp\BuilderChaosRansomware.e\stephcurry.7z

Filesize
45KB

MD5
44a9ac07d3f6f4dbd91074bc993ec8e6

SHA1
eaaf8900442826cde73c9e520adf5965d42f00c1

SHA256
b7223f190f33523fa627e7e74f36c92c13a37acddcf00ad0f4d5109a9b7f195d

SHA512
d06b9dd1e0c4782b2072daae202c035b419345f08a8b709387f8bbf433b8660ba143b021e30e76c2ce0982f11a1b41f37414ed9bca3789040661ace5372b73be

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES6748.tmp

Filesize
1KB

MD5
32269b26250e8022e6ea2e62ac313ddb

SHA1
878069f19ef0c10ce5a12d13b5209213e100e2d3

SHA256
492f0046179d49cf6056477d745ba2c7a8b99a7370d020d425c7a2dd46d3b8ca

SHA512
c82b76ce4c69094b56c55b10aa6c5f40508310a8aca145f5d77524dc5649dd25165b1184963a5283f048dec1e78b2b8f1f8edca1ad20307ee7d2c3d3efd6fa15

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3576_1836122331\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3576_1836122331\dc1cb7de-8242-4014-9d4e-8c1017ea795f.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rdscumy5\rdscumy5.0.cs

Filesize
36KB

MD5
57c85b3b7ff57b677960b0094d54770a

SHA1
0928447bf7589f2558f27a6c171a2a0b67d5ffe4

SHA256
7a849e7451df589ab26023eef406e17928a0baf99151710065343de9115b8c30

SHA512
5183a0e3af77227657ec2acc32a90cdaa06b135d9dccc834c49475cd1ca00ecba2336c0e58a26139d62cc672640779f82bcad6aba7cc05f3747e8954c7091630

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\rdscumy5\rdscumy5.cmdline

Filesize
358B

MD5
db702c9872599181c8c511b77cae7964

SHA1
a9e3b3014368a48c618af83c9ba67f25579416e4

SHA256
90a812ec6c4661feaaa47e1bbf6cfc76f6469b18827766a6c061a70a1e24f0ff

SHA512
57a6ac8b5cbb8fd30e3184a9438bcd27b9efaf4a86b187bd38c4256357cb01e20b325d1808776360a15472147f43080ec94d8c9eaac403de9c3ea16d8680b123

Download Submit
\??\c:\Users\Admin\Desktop\CSCA671522A723F4E1FA2756FC2A45E152A.TMP

Filesize
1KB

MD5
c8fdecdd6aab80b613b9a1e4d017ad70

SHA1
4c7a8c6d84531b29b3cd1915c078095dc010f11b

SHA256
96250dc6afb8df1e33163fec74362714b955abb22296cc6a991ec076477ac12f

SHA512
943b8ac5d1c716d41b05f5ff23de3fb2385b36532c8be2f39796231445cf33bbef9de45eed0737a113bd52e824d02a3365dd82c214a733db65b8e7273d84aaaf

Download Submit
memory/2836-27-0x00007FFA5E940000-0x00007FFA5F401000-memory.dmp

Filesize
10.8MB

Download
memory/2836-0-0x00007FFA5E943000-0x00007FFA5E945000-memory.dmp

Filesize
8KB

Download
memory/2836-8-0x00007FFA5E940000-0x00007FFA5F401000-memory.dmp

Filesize
10.8MB

Download
memory/2836-7-0x00007FFA5E940000-0x00007FFA5F401000-memory.dmp

Filesize
10.8MB

Download
memory/2836-6-0x00007FFA5E940000-0x00007FFA5F401000-memory.dmp

Filesize
10.8MB

Download
memory/2836-5-0x00007FFA5E940000-0x00007FFA5F401000-memory.dmp

Filesize
10.8MB

Download
memory/2836-4-0x00007FFA5E943000-0x00007FFA5E945000-memory.dmp

Filesize
8KB

Download
memory/2836-3-0x00007FFA5E940000-0x00007FFA5F401000-memory.dmp

Filesize
10.8MB

Download
memory/2836-2-0x00007FFA5E940000-0x00007FFA5F401000-memory.dmp

Filesize
10.8MB

Download
memory/2836-1-0x0000000000FC0000-0x0000000001050000-memory.dmp

Filesize
576KB

Download