Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
submitted
21-02-2023 15:41
General
-
Target
https://anonfiles.com/P7Lfz6Z9ye/crackedsense_loader_zip
Malware Config
Extracted
C:\Program Files\WinRAR\WhatsNew.txt
https
http
http://weirdsgn.com
http://icondesignlab.com
https://rarlab.com/themes/WinRAR_Classic_48x36.theme.rar
https://technet.microsoft.com/en-us/library/security/ms14-064.aspx
http://rarlab.com/vuln_sfx_html2.htm
https://blake2.net
Extracted
C:\Program Files\WinRAR\Rar.txt
-n@inclist.txt
-x@exlist.txt
Signatures
-
Modifies system executable filetype association 2 TTPs 8 IoCs
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 2 IoCs
-
Registers COM server for autorun 1 TTPs 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Drops file in Program Files directory 60 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies data under HKEY_USERS 1 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://anonfiles.com/P7Lfz6Z9ye/crackedsense_loader_zip1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb99df9758,0x7ffb99df9768,0x7ffb99df97782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3544 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5364 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4892 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5508 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5748 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6092 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6116 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5500 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5772 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6400 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6488 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4952 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5152 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:82⤵
-
C:\Users\Admin\Downloads\winrar-x64-621.exe"C:\Users\Admin\Downloads\winrar-x64-621.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WinRAR\uninstall.exe"C:\Program Files\WinRAR\uninstall.exe" /setup3⤵
- Modifies system executable filetype association
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2764 --field-trial-handle=1812,i,6306989807364918414,17185312656638742023,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
-
C:\Program Files\WinRAR\WinRAR.exe"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\crackedsense-loader.zip"1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\crackedsense-loader.exe"C:\Users\Admin\Desktop\crackedsense-loader.exe"1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\WinRAR\Rar.txtFilesize
109KB
MD5e51d9ff73c65b76ccd7cd09aeea99c3c
SHA1d4789310e9b7a4628154f21af9803e88e89e9b1b
SHA2567456f489100ec876062d68d152081167ac00d45194b17af4a8dd53680acfc9bd
SHA51257ab82d4a95d3b5d181c0ec1a1a1de56a4d6c83af5644032ff3af71e9bd8e13051ae274609bda8b336d70a99f2fba17331773694d7e98d4a7635f7b59651b77c
-
C:\Program Files\WinRAR\RarExt.dllFilesize
659KB
MD54f190f63e84c68d504ae198d25bf2b09
SHA156a26791df3d241ce96e1bb7dd527f6fecc6e231
SHA2563a5d6267a16c3cf5a20c556a7ddbfc80c64fcd2700a8bfd901e328b3945d6a1a
SHA512521ada80acc35d41ac82ce41bcb84496a3c95cb4db34830787c13cdcb369c59830c2f7ff291f21b7f204d764f3812b68e77fd3ab52dfe0d148c01580db564291
-
C:\Program Files\WinRAR\RarExt.dllFilesize
659KB
MD54f190f63e84c68d504ae198d25bf2b09
SHA156a26791df3d241ce96e1bb7dd527f6fecc6e231
SHA2563a5d6267a16c3cf5a20c556a7ddbfc80c64fcd2700a8bfd901e328b3945d6a1a
SHA512521ada80acc35d41ac82ce41bcb84496a3c95cb4db34830787c13cdcb369c59830c2f7ff291f21b7f204d764f3812b68e77fd3ab52dfe0d148c01580db564291
-
C:\Program Files\WinRAR\Uninstall.exeFilesize
437KB
MD5cac9723066062383778f37e9d64fd94e
SHA11cd78fc041d733f7eacdd447371c9dec25c7ef2c
SHA256e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad
SHA5122b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59
-
C:\Program Files\WinRAR\Uninstall.exeFilesize
437KB
MD5cac9723066062383778f37e9d64fd94e
SHA11cd78fc041d733f7eacdd447371c9dec25c7ef2c
SHA256e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad
SHA5122b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59
-
C:\Program Files\WinRAR\WhatsNew.txtFilesize
103KB
MD54c88a040b31c4d144b44b0dc68fb2cc8
SHA1bf473f5a5d3d8be6e5870a398212450580f8b37b
SHA2566f1a005a0e5c765fcc68fe15f7ccd18667a6e583980e001ba7181aaaeed442b8
SHA512e7f224a21d7c111b83775c778e6d9fa447e53809e0efd4f3ba99c7d6206036aa3dde9484248b244fb26789467559a40516c8e163d379e84dcf31ac84b4c5d2a8
-
C:\Program Files\WinRAR\WinRAR.chmFilesize
317KB
MD5381eae01a2241b8a4738b3c64649fbc0
SHA1cc5944fde68ed622ebee2da9412534e5a44a7c9a
SHA256ad58f39f5d429b5a3726c4a8ee5ccada86d24273eebf2f6072ad1fb61ea82d6e
SHA512f7a8903ea38f2b62d6fa2cc755e0d972a14d00a2e1047e6e983902eff1d3a6bca98327c2b8ed47e46435d1156816e4b0d494726fce87b6cbe7722f5249889b88
-
C:\Program Files\WinRAR\WinRAR.exeFilesize
2.4MB
MD546d15a70619d5e68415c8f22d5c81555
SHA112ec96e89b0fd38c469546042e30452b070e337f
SHA2562e503ad5a9c800f2dac2fed2b3e8698d96d25b219ed86ed1a54896232cbe4781
SHA51209446dc9d0c768844213f7f71ba65ee4e86b61d7a61610b63892d1b142952bdd346d14d27d878c026362e012e22fcb49c6746912d5e02db6b40223cafa6d01fb
-
C:\Program Files\WinRAR\WinRAR.exeFilesize
2.4MB
MD546d15a70619d5e68415c8f22d5c81555
SHA112ec96e89b0fd38c469546042e30452b070e337f
SHA2562e503ad5a9c800f2dac2fed2b3e8698d96d25b219ed86ed1a54896232cbe4781
SHA51209446dc9d0c768844213f7f71ba65ee4e86b61d7a61610b63892d1b142952bdd346d14d27d878c026362e012e22fcb49c6746912d5e02db6b40223cafa6d01fb
-
C:\Program Files\WinRAR\uninstall.exeFilesize
437KB
MD5cac9723066062383778f37e9d64fd94e
SHA11cd78fc041d733f7eacdd447371c9dec25c7ef2c
SHA256e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad
SHA5122b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
1KB
MD5b68f19d96f41c36f409b93e271d1350f
SHA130578501b16f98aabedac83b294f93f118ac6e91
SHA25662c7cf115e87cd19ca5135d04ecb5b9ed59285237f5514e9a374a3b47c2357d4
SHA51221d80a9a76cd9ba58e2a6b9a55c4c6b4c0e2170ffd40fe874ad043f07ce62cafb11f6571da2ba1b0dd49b3645d70eda738023003a034de1256370d459a836a2a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
724B
MD5f569e1d183b84e8078dc456192127536
SHA130c537463eed902925300dd07a87d820a713753f
SHA256287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413
SHA51249553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
410B
MD59b2de0aa2dc71d296744aa00f20ba395
SHA172382ce16a6490a5a6bc0e7a8bec0c4c3c8d8c47
SHA2563f36ae5c6262d8f391fa6dd80bc7156127210eacf662f905d930235257d804a1
SHA51291dd6bde84c1a80b7c526ce0d8effcb97ebf73f0bbfa81e4aa9a250f944726c9c288e5cf703351bdf38f02fd2bb3f3eef62bacbcb43a9789591ed61ceb0b26c9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
392B
MD5ee66d4913b82124e4ae210c8d93c07f6
SHA1aa809d753f6b04c0c5ed282f41491a473c40ef08
SHA256ec7cd04a7b69473064e57d66dff7ced01da1ad7ff6971f07cd9d9de047a3e247
SHA512d49038c21bd42dfd2d812fb28199f2027bf47141655182178ab3de0b0cb511f740dd0be0491bc5efd089809a4ac7e0c738c4cca7782a6b5ef757055e0c201899
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\169da561-0b6f-470d-8e7c-a9e60f0077c7.tmpFilesize
114KB
MD575737e9d613fe8827a4ccd5a3bb2d7ef
SHA1d3699815d5181bbe92228bd4ff0505230dfdf6d0
SHA256001eb51327df2b6de42f24c859780d862014a9012b41654bdeac8685565a8f62
SHA5124728091ab0bf40598a151102d0a16398a18fecd7f60ccca20eb1b7731c8c74bb8710a86f4fd76efdc367258dcdf72cedcc3ee7ef63bc8168577f1afec4be881f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\53e87c9f-99eb-49c9-9e02-87682325333b.tmpFilesize
6KB
MD5ad9ceed6881f8c5feb95e335607a85bd
SHA16d47a1fb16e678209e0572b3a8ea01f0a6fed4c3
SHA25682eed047630d2f70fd7b06a67c8687693bb5ce8b154080d09c54e926318db547
SHA512caa6d8afd233020284b61003ccffc6d997854cfdf9a8e1bcaca1a3ad39ced108e5173cbc7a0e995e2dff83231614249935805d8ca60407882d273430feb0b6a3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
552B
MD53b89ec3542d7c6773e2d798a8cd14534
SHA1b6c4ed5f577b4fcddf6ea30da43d4fe5d346afd5
SHA2568b92ec649bd4c4bcb05926c68bf30c6aac165106e72ec83d052093158af70ec5
SHA512180c5e386019faa54491392601b4f309a8a2e80593a31967fe4827a381cf16e29e071b0ee3056eb8807866b5f1735bdde478f9e269192b5cb06f2001b4b8ce0c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
5KB
MD5c4bc34d0b28507764ae54a7741a8c6f1
SHA1acd3f1f80ed3a5036baec73f25c6c5caf35ac8fb
SHA256d18b83ea5f0e7b21a4f61ce746abd5145ec7af68b40bf5249828648ec9a73131
SHA5129bbcbbe9fe05429e1fc6eb1b358b9c48592317f0680fb1d8778017d84a50362227c3566df633579ca6eaf4a781c264332c218bf9848c2063b0bbb0ab25bd0883
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
5KB
MD5e89b8e44f6d2730da93344da0c7596cf
SHA1655e63f851d3e931cbf25e670b8e0da823abacc4
SHA2566f711d2efcccf85f75378856eb60f3a70262f24ebaa42efdcf98aa3204d54fdc
SHA512b4a8c4172aa3050ebfae2c4d01190ce1ea6bdc9c75a0a90053c3c218ae1b96b58287e7be5e751ab10df4d18ced2c92a8fc225482373dda363cb8705fd0828caf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5045ff7b5ecde5d35e92c596ffc351fcd
SHA1eca376a153aacdf809fa85a7be9f82aaad0fd4a9
SHA256afe4750f9266e05d45c41e10079cb38d5129a6abb592e0cc47cda64b0cad211f
SHA512e35e83a9d159dc1339f196d1fd23c06f1c144cfae1fd4ec027b94e8b616661307a611d3441752f9cc7a107669fc8a03cb3f3984cfba785ebc43b2f1154ca380e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD523cb165f50e43dd65edc9722f805ae6c
SHA13866e8b9219d9d85c99f0bdc9fe78c3a1366102a
SHA2562d7e52b57401e5d9ec10e0046cf81eba0cc089a9181659b8149cc8e445b6da3b
SHA5120a14b1dfa675b73f4d6ad4c33b5779ae3ddb978f1fda8f45fadfcb426e7a8de58c6fa9647f2c5f73ed55f52268f221112c0c1b0bd7087296f2e9b51b462b2954
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
707B
MD5a0626f8f4f5eabc81465a86784f737d4
SHA18c0426f6eaafd250ac57d0407e0d3e6410e3c7bf
SHA2567c41c0cdc5214b7048e107359aea2738bbb71a25ead542f198dff50cd6620e87
SHA5121b200451671a5b86f91f9e167979b9f79d5de200daef37f91198c8e89c10638cce98bdbdce03bc14edbfac902365d66bf938eb7df8963ac182c580d5cfa6aea0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
707B
MD50c405aa90db47af20153b607fb3ab0e6
SHA163648a12a1494e33fcdf4b31cf06f9ce659c72d8
SHA2560eaa4f46404462cffdac6c107a64d034b33460647203360fc41223b38cd986e1
SHA51254d11d22e517c3b9c0d0a987a3a6c6e035d4be199a68ff127ebf3c7cf69acdd8655aca04aa994bb49c811be3aa1fdc978babe205bd240da6127e8b5cff8d724e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD52327fd38877afe0ef8fe42ee70e7703c
SHA112554c0b86322d73adb9ad1ea7a21fb819cb4a61
SHA256e469f150e9764fb4379de5784eb8d7f0bb6cd089f26ebc454a88e5fe6d1f1b62
SHA512a0ff1e6bc5ffe4f0b2b541c4c41c3b210352a4b15fbc29719985a15c8fea3bdb8e4d721e7ef073acf052d760a32e771990412b717ea307f5d839fbd620595da5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5b55823c94cfe031051fc8064bf5e346d
SHA1dc80970d84a7510d82bab4010f3735805fe08782
SHA2569d509287016202cc81b8be7a6b5a9b1b49d7ae1e8d2a818432180daa5cf3b54b
SHA512242017d7fbd670411073dad217048708b5d0416a8520c4c5623b6de56465c9876f9c4238cccae102f71b8b582da01995eef02f3bc2acaa3611b00f0893515107
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5d989fb7f97f16c0935b3c291e7e8cea2
SHA1e38e0c43fc0ac80f5933264375ff840b9f0cb5f0
SHA2565c260b4aacce7aaeb948cac46c03cd81918d178d47e84d41a6021793c61bded7
SHA512ac894e2c36a39e3eb0f9853b731992fb01268a49506344b10a0db309377444907ff332f35ddf0b95f71954ded8a120c798884b3acf60dea62aa2ed7a5e141050
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD592ad0205381e8cbe6aba819685da9b27
SHA17b4a5e7e54927975e347f4bad4a1732d65b210c2
SHA2565e0096e6f00bcf9d808a85404f665b294000473605a306441dd6048cbc179e31
SHA512aeab408cacd7af41f68bfeed0eca788332503b45690f89b3e80c987580eeb2dedaf16aca56448b808c6a46fc8015b6d5a1b352f138f191d069679d1f45652e57
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5f8d42a130e91c1253db601aad2dbc0c8
SHA1222c1fac26bc52fd1f94f062b2b6eedf4363d6fe
SHA25665d4f0815e3f5a83caac5a3cbded4a6328f3857958369f97405b7fc84c979696
SHA512de4cfc7d7a251eb08ca2233c668bdf8e9cd5dca5f9f73c580f0d3ab027a3dafac0127d053ab82c6702c0641759ab6bd9e96c8d3f3d4e9fe13b0618eda05a3e5d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
15KB
MD578f0f425d71bdb0fd7ca9689c508fb1f
SHA128c7b8018d01dccb07c02747dd7f449a8f38e563
SHA256c6bcefb0e1c231509ca0e62c03a91d6f0f026f3cc1c6ba85a1d1c503f794f3ec
SHA512478db81dba006ad8b4468289ebf500a6c7e4c839a6fc210604d76160e422a973808afaaaee3f89043d4ce8f2f59783587f56fc103976acdcd0f599b1eb0c4dbc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
96B
MD5a95c3b21c4a53043060aaf05cb9bb165
SHA1d272a87677fef54dc8dfe186f54d468c87a4fe7b
SHA256b62e67201c049e7d085cea16c0eb68f518510b81951349403551b1fda5e159bf
SHA5125944c5c0f3bfa60d21eb532023fe711037eed01cd274e1ea435159f1dd72c9f15f8e7ddb50fd9f6002a08bb92e39509a76562a588d191aa018f867ffef007273
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56ca98.TMPFilesize
48B
MD5ce23a52a4027730d56d3857386b01183
SHA190047caa37d2248aecb8df30cf80097b500a77ca
SHA256c901b34bcdedf80c1d6d038b7ea8adbce38bde34b4889369828b42ec655b4ece
SHA512f5241f54c9745e00e84beab2e31356041058607d7b4a3f1ced7ecaee62e2e348b228b2cd2fa0e278e8c310f22d8dd51d9da3cbf695a3890a7bb5a4a125864aae
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
140KB
MD525a6a8fc07fb4758e7814769780115b6
SHA13b01b9d9a311d7a1b6ae47c3d6bb4fe0a7867fe7
SHA25659d06e36c980ae5ebab66072cf2771043f97dfc751c8216500e1e0e6ecfd04d2
SHA512b087d6feb6fd533bf512ed338c61d91eaba7af72e5446b12198e94e54e1883ce60c76daa7ca5d33e153d1a1396910cde284063a15837579294eec45e7bb2aaf5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
140KB
MD50c17276ef290a31aa0124a4ad0ea13ab
SHA1e6105d643d38d54f0c54e405ab53f473113e6265
SHA256fc4d9c97b924d1d8fa8c49cc9bc11fc5e73197f7c9000d56e9817a830e076980
SHA512330314b87b6b7d77569299f8f0e8d9a3f87104b44fcc71628808c0daf7a09ad19def453c9d5d9227c4298821cbf0cca1dce6c78cb5bc861533cfdc1f2eb33c7e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
140KB
MD55e8d602917a6e3c246e1b31f2031414f
SHA14951160e2cfa052c66f2514a90b0c1d75d9308fe
SHA256bc5f28ca293a09cc4956dfc04923aaa102431ba762642b6f9d9c9ade41b3862c
SHA5125afcdd9879155b36d1637ca96bfce3f48ebb4e8b5d5145bc8fe8f2805471dcf2cd904f522af33980f211def489505ee5e17925a861bdd4d1678550304c9df528
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
110KB
MD5361b275d0f7440cf86f43abe2bb1eec8
SHA1104302569678942e06470a37b9ef256911eb9b23
SHA256cd428e1c325ff0202b8cad2fef765c6a3f33acad856f8207a0fee95add0a1bbe
SHA512670d00646a3bf05c81696c6211bd427f317a45d4ef51c8c4ed2b662645894db574b5c705c7b29768ca46e07167b990c5e6b4853c1f4534c8e462c7a7e1ec0ef2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56dfa7.TMPFilesize
101KB
MD54c54fc3e948ad4f722c881a458e0729f
SHA17993ce57f70c4b5aa20954b837f7243d08912917
SHA2566cf6db023e4c26009f6c09f7ba90a7038a34718335723d5a70ac03b2890991ff
SHA512ae5f7a80a8fb562f75d95df5be6332e84889fe584927d60fc3ca4325565d9fc612c27f12cc37f5e6f0f85be03e2649c569623c8fd039a8e45fd0c5a8c87cd64d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\Desktop\crackedsense-loader.exeFilesize
630KB
MD5f45b062770a8e8d662a8bcd10852a745
SHA17e7e269e9f3b5f144e405d60124dbef55a8a3709
SHA256406a9e4913796d00071cbc46967ae221fa38fdb683b9eaa164830e7c8e1d933f
SHA51231a0bcffec2d2cdc41e50a2016eee1033fda2b34e9ff8dfbeffb53e48243e4dcd2cfb16983c4797292ec3c5063270b8a9f09f7802895b5b8cffd48c4f4d00969
-
C:\Users\Admin\Desktop\crackedsense-loader.exeFilesize
630KB
MD5f45b062770a8e8d662a8bcd10852a745
SHA17e7e269e9f3b5f144e405d60124dbef55a8a3709
SHA256406a9e4913796d00071cbc46967ae221fa38fdb683b9eaa164830e7c8e1d933f
SHA51231a0bcffec2d2cdc41e50a2016eee1033fda2b34e9ff8dfbeffb53e48243e4dcd2cfb16983c4797292ec3c5063270b8a9f09f7802895b5b8cffd48c4f4d00969
-
C:\Users\Admin\Downloads\crackedsense-loader.zipFilesize
522KB
MD56aa7ae258a5372022049f43c68084a7d
SHA133dc555fdf3b00b65dabad6181bb469b67c7ce78
SHA2566fb5b136b9b39fc099fb300c97a706852222352cd10b6bbcd21c1a0c15eaf82b
SHA5124189a5dbfceae2aa7a24338158444a8862120ca33dd3f6dfdac1628b7c554ba68b206a990b5e19f52e5f490db5f10b445e989a550cc8b2d2fcb9b12446adb479
-
C:\Users\Admin\Downloads\crackedsense-loader.zip.crdownloadFilesize
522KB
MD56aa7ae258a5372022049f43c68084a7d
SHA133dc555fdf3b00b65dabad6181bb469b67c7ce78
SHA2566fb5b136b9b39fc099fb300c97a706852222352cd10b6bbcd21c1a0c15eaf82b
SHA5124189a5dbfceae2aa7a24338158444a8862120ca33dd3f6dfdac1628b7c554ba68b206a990b5e19f52e5f490db5f10b445e989a550cc8b2d2fcb9b12446adb479
-
C:\Users\Admin\Downloads\winrar-x64-621.exeFilesize
3.4MB
MD5766ac70b840c029689d3c065712cf46e
SHA1e54f4628076d81b36de97b01c098a2e7ba123663
SHA25606d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219
SHA51249064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608
-
C:\Users\Admin\Downloads\winrar-x64-621.exeFilesize
3.4MB
MD5766ac70b840c029689d3c065712cf46e
SHA1e54f4628076d81b36de97b01c098a2e7ba123663
SHA25606d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219
SHA51249064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608
-
\??\c:\users\admin\downloads\winrar-x64-621.exeFilesize
3.4MB
MD5766ac70b840c029689d3c065712cf46e
SHA1e54f4628076d81b36de97b01c098a2e7ba123663
SHA25606d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219
SHA51249064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608
-
\??\pipe\crashpad_4844_MITSGGPYCJXSLRJDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3804-407-0x000001830D440000-0x000001830D441000-memory.dmpFilesize
4KB
-
memory/3804-398-0x000001830D440000-0x000001830D441000-memory.dmpFilesize
4KB
-
memory/3804-397-0x000001830D440000-0x000001830D441000-memory.dmpFilesize
4KB
-
memory/3804-402-0x000001830D440000-0x000001830D441000-memory.dmpFilesize
4KB
-
memory/3804-396-0x000001830D440000-0x000001830D441000-memory.dmpFilesize
4KB
-
memory/3804-403-0x000001830D440000-0x000001830D441000-memory.dmpFilesize
4KB
-
memory/3804-404-0x000001830D440000-0x000001830D441000-memory.dmpFilesize
4KB
-
memory/3804-405-0x000001830D440000-0x000001830D441000-memory.dmpFilesize
4KB
-
memory/3804-406-0x000001830D440000-0x000001830D441000-memory.dmpFilesize
4KB
-
memory/3804-408-0x000001830D440000-0x000001830D441000-memory.dmpFilesize
4KB
-
memory/4060-583-0x0000029CD2B20000-0x0000029CD4197000-memory.dmpFilesize
22.5MB
-
memory/4104-136-0x00007FFBB4E10000-0x00007FFBB4E11000-memory.dmpFilesize
4KB
-
memory/4368-209-0x00007FFBB5320000-0x00007FFBB5321000-memory.dmpFilesize
4KB
-
memory/4368-210-0x00007FFBB4CF0000-0x00007FFBB4CF1000-memory.dmpFilesize
4KB
-
memory/4456-704-0x0000000009940000-0x0000000009950000-memory.dmpFilesize
64KB
-
memory/4456-701-0x0000000009940000-0x0000000009950000-memory.dmpFilesize
64KB
-
memory/4456-702-0x0000000009940000-0x0000000009950000-memory.dmpFilesize
64KB
-
memory/4456-703-0x0000000009940000-0x0000000009950000-memory.dmpFilesize
64KB
-
memory/4456-698-0x0000000005630000-0x00000000056C2000-memory.dmpFilesize
584KB
-
memory/4456-705-0x0000000009940000-0x0000000009950000-memory.dmpFilesize
64KB
-
memory/4456-697-0x0000000005B40000-0x00000000060E4000-memory.dmpFilesize
5.6MB
-
memory/4456-696-0x0000000002BD0000-0x0000000002BD1000-memory.dmpFilesize
4KB
-
memory/4456-700-0x00000000064E0000-0x00000000064EA000-memory.dmpFilesize
40KB
-
memory/4456-699-0x0000000009940000-0x0000000009950000-memory.dmpFilesize
64KB
-
memory/4456-695-0x0000000000790000-0x000000000096E000-memory.dmpFilesize
1.9MB