hxxps://www[.]malavida[.]com/en/soft/cracklock/

Analysis

max time kernel
79s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
17/04/2023, 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.malavida.com/en/soft/cracklock/

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
4700	Cracklock.3.9.45.exe
980	Cracklock.3.9.45.tmp
2920	IssProc.x64
1316	CLMNGR.exe
3632	CLMNGR.exe
3728	CLMNGR.exe

Loads dropped DLL 7 IoCs

pid	Process
980	Cracklock.3.9.45.tmp
1316	CLMNGR.exe
1316	CLMNGR.exe
3632	CLMNGR.exe
3632	CLMNGR.exe
3728	CLMNGR.exe
3728	CLMNGR.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 31 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Cracklock\is-BSJBV.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\is-VSG6C.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Languages\is-O2E9H.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Bin\is-H7BGQ.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Examples\is-NJ0M9.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Bin\is-F1MH9.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Languages\is-F7DV6.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Languages\is-STGUO.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Examples\is-JSE6C.tmp	Cracklock.3.9.45.tmp
File opened for modification	C:\Program Files (x86)\Cracklock\Cracklock.settings	CLMNGR.exe
File created	C:\Program Files (x86)\Cracklock\is-VOTGQ.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Languages\is-7AQ7F.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Languages\is-KN3J2.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Help\is-JUTC1.tmp	Cracklock.3.9.45.tmp
File opened for modification	C:\Program Files (x86)\Cracklock\unins000.dat	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\is-87J7B.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Bin\is-RQRB7.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Languages\is-AIOO4.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Languages\is-59F00.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Examples\is-JTO81.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Help\is-FMH00.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Help\is-OD3F8.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Bin\is-SD4BQ.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\is-ASGHG.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Languages\is-81AAS.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Languages\is-IN6BC.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Languages\is-2UGC8.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\unins000.dat	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Bin\is-I9K0P.tmp	Cracklock.3.9.45.tmp
File created	C:\Program Files (x86)\Cracklock\Help\is-UHBOC.tmp	Cracklock.3.9.45.tmp
File opened for modification	C:\Program Files (x86)\Cracklock\Cracklock.settings	Cracklock.3.9.45.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262358439766902"	chrome.exe

Modifies registry class 42 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	CLMNGR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	CLMNGR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "1"	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	CLMNGR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5c00310000000000915666a11000435241434b4c7e310000440009000400efbe915666a1915668a12e00000025300200000006000000000000000000000000000000b364030043007200610063006b006c006f0063006b00000018000000	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	CLMNGR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	CLMNGR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	CLMNGR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	CLMNGR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 4a00310000000000915666a1100042696e00380009000400efbe915666a1915666a12e00000026300200000006000000000000000000000000000000be89db00420069006e00000012000000	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 9800310000000000915666a1110050524f4752417e320000800009000400efbe874fdb49915666a12e000000c3040000000001000000000000000000560000000000a07f0501500072006f006700720061006d002000460069006c0065007300200028007800380036002900000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003700000018000000	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	CLMNGR.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	CLMNGR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	CLMNGR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff	CLMNGR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	CLMNGR.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	CLMNGR.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	CLMNGR.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	CLMNGR.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4564	chrome.exe
4564	chrome.exe
2920	IssProc.x64
2920	IssProc.x64

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3728	CLMNGR.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe
Token: SeShutdownPrivilege	4564	chrome.exe
Token: SeCreatePagefilePrivilege	4564	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe
4564	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3728	CLMNGR.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 1348	4564	chrome.exe	83
PID 4564 wrote to memory of 1348	4564	chrome.exe	83
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 5116	4564	chrome.exe	84
PID 4564 wrote to memory of 1048	4564	chrome.exe	85
PID 4564 wrote to memory of 1048	4564	chrome.exe	85
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86
PID 4564 wrote to memory of 4808	4564	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.malavida.com/en/soft/cracklock/
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd13199758,0x7ffd13199768,0x7ffd13199778
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1260 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4788 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2832 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5152 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5368 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5420 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:1
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5700 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6020 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5040 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6344 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6376 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6412 --field-trial-handle=1816,i,17012025011048340412,5866057903131267672,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Users\Admin\Downloads\Cracklock.3.9.45.exe
  "C:\Users\Admin\Downloads\Cracklock.3.9.45.exe"
  2⤵
  - Executes dropped EXE
  PID:4700
- - C:\Users\Admin\AppData\Local\Temp\is-4F3LD.tmp\Cracklock.3.9.45.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-4F3LD.tmp\Cracklock.3.9.45.tmp" /SL5="$A0168,1061748,53248,C:\Users\Admin\Downloads\Cracklock.3.9.45.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    PID:980
  - - C:\Users\Admin\AppData\Local\Temp\IssProc.x64
      "/modules" "2a434c4d4e47522e6578653b2a434c4b45524e2e646c6c3b434c534845582e646c6c3b2a4d434c2e6578653b2a434c494e4a4543542e4558453b"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:2920
  - - C:\Program Files (x86)\Cracklock\Bin\CLMNGR.exe
      "C:\Program Files (x86)\Cracklock\Bin\CLMNGR.exe" -add-path
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1316
  - - C:\Program Files (x86)\Cracklock\Bin\CLMNGR.exe
      "C:\Program Files (x86)\Cracklock\Bin\CLMNGR.exe" -set-storage-appdata
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      PID:3632
  - - C:\Program Files (x86)\Cracklock\Bin\CLMNGR.exe
      "C:\Program Files (x86)\Cracklock\Bin\CLMNGR.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:3728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3964

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Cracklock\Bin\CLINJECT.exe

Filesize
3KB

MD5
8562484e2d12947059d2835209552ca7

SHA1
1d47422349d4c9b828b6950be5048f4878568b4b

SHA256
67f7b4f85218bb9752b2a86a74cc68bb0959ea771ba06cd393e210f7f6046771

SHA512
d4b333a8f62d29fa09e57e0340346c4e7cc4da7364d3932aa04b5368ce3258057f6a36f0e73704f7abfdc6f283050991b3fbd64f2bc6e9b716263bb03b7eb18b

Download Submit
C:\Program Files (x86)\Cracklock\Bin\CLMNGR.exe

Filesize
274KB

MD5
a7b7455ccdcba11a61d2289740b4616e

SHA1
fcfa7ac2c91936e24d476593aea6e483a4d1352d

SHA256
1e914a94354ed367ab29d0c1199ffc69eafb57290420c4e28e5979ec77fe501b

SHA512
fe3a82679d906fbabc87948fc3f1fc551a60e4800b915e85a68fcfc41db1ae39d521846d19bb5f915c609428cc3bc86503bd33cd1399d4f4c833e884d5faf850

Download Submit
C:\Program Files (x86)\Cracklock\Bin\CLMNGR.exe

Filesize
274KB

MD5
a7b7455ccdcba11a61d2289740b4616e

SHA1
fcfa7ac2c91936e24d476593aea6e483a4d1352d

SHA256
1e914a94354ed367ab29d0c1199ffc69eafb57290420c4e28e5979ec77fe501b

SHA512
fe3a82679d906fbabc87948fc3f1fc551a60e4800b915e85a68fcfc41db1ae39d521846d19bb5f915c609428cc3bc86503bd33cd1399d4f4c833e884d5faf850

Download Submit
C:\Program Files (x86)\Cracklock\Bin\CLMNGR.exe

Filesize
274KB

MD5
a7b7455ccdcba11a61d2289740b4616e

SHA1
fcfa7ac2c91936e24d476593aea6e483a4d1352d

SHA256
1e914a94354ed367ab29d0c1199ffc69eafb57290420c4e28e5979ec77fe501b

SHA512
fe3a82679d906fbabc87948fc3f1fc551a60e4800b915e85a68fcfc41db1ae39d521846d19bb5f915c609428cc3bc86503bd33cd1399d4f4c833e884d5faf850

Download Submit
C:\Program Files (x86)\Cracklock\Bin\CLMNGR.exe

Filesize
274KB

MD5
a7b7455ccdcba11a61d2289740b4616e

SHA1
fcfa7ac2c91936e24d476593aea6e483a4d1352d

SHA256
1e914a94354ed367ab29d0c1199ffc69eafb57290420c4e28e5979ec77fe501b

SHA512
fe3a82679d906fbabc87948fc3f1fc551a60e4800b915e85a68fcfc41db1ae39d521846d19bb5f915c609428cc3bc86503bd33cd1399d4f4c833e884d5faf850

Download Submit
C:\Program Files (x86)\Cracklock\Bin\CLMNGR.exe

Filesize
274KB

MD5
a7b7455ccdcba11a61d2289740b4616e

SHA1
fcfa7ac2c91936e24d476593aea6e483a4d1352d

SHA256
1e914a94354ed367ab29d0c1199ffc69eafb57290420c4e28e5979ec77fe501b

SHA512
fe3a82679d906fbabc87948fc3f1fc551a60e4800b915e85a68fcfc41db1ae39d521846d19bb5f915c609428cc3bc86503bd33cd1399d4f4c833e884d5faf850

Download Submit
C:\Program Files (x86)\Cracklock\Bin\CLSHEX.dll

Filesize
210KB

MD5
1762f5899895ee35ffb85cfd6c46bc0a

SHA1
d5ebeb5f9f4402b0f5e3ad7a6b39d24fc7047ab8

SHA256
5fcb9dcd7b51f8d2b1d45fc84205722090ee7ce1aad738bd93243937987e16c8

SHA512
74e5969b2ad5cf640fc76d331104f8c90a33b090d90ed05ef5fac9a20bc3889d8304136d8c95afd297c654c4c4c5b5e031269a8d49d1025440bb3b8ef7308b47

Download Submit
C:\Program Files (x86)\Cracklock\Bin\CLSHEX.dll

Filesize
210KB

MD5
1762f5899895ee35ffb85cfd6c46bc0a

SHA1
d5ebeb5f9f4402b0f5e3ad7a6b39d24fc7047ab8

SHA256
5fcb9dcd7b51f8d2b1d45fc84205722090ee7ce1aad738bd93243937987e16c8

SHA512
74e5969b2ad5cf640fc76d331104f8c90a33b090d90ed05ef5fac9a20bc3889d8304136d8c95afd297c654c4c4c5b5e031269a8d49d1025440bb3b8ef7308b47

Download Submit
C:\Program Files (x86)\Cracklock\Bin\CLSHEX.dll

Filesize
210KB

MD5
1762f5899895ee35ffb85cfd6c46bc0a

SHA1
d5ebeb5f9f4402b0f5e3ad7a6b39d24fc7047ab8

SHA256
5fcb9dcd7b51f8d2b1d45fc84205722090ee7ce1aad738bd93243937987e16c8

SHA512
74e5969b2ad5cf640fc76d331104f8c90a33b090d90ed05ef5fac9a20bc3889d8304136d8c95afd297c654c4c4c5b5e031269a8d49d1025440bb3b8ef7308b47

Download Submit
C:\Program Files (x86)\Cracklock\Bin\CLSHEX.dll

Filesize
210KB

MD5
1762f5899895ee35ffb85cfd6c46bc0a

SHA1
d5ebeb5f9f4402b0f5e3ad7a6b39d24fc7047ab8

SHA256
5fcb9dcd7b51f8d2b1d45fc84205722090ee7ce1aad738bd93243937987e16c8

SHA512
74e5969b2ad5cf640fc76d331104f8c90a33b090d90ed05ef5fac9a20bc3889d8304136d8c95afd297c654c4c4c5b5e031269a8d49d1025440bb3b8ef7308b47

Download Submit
C:\Program Files (x86)\Cracklock\Bin\MCL.exe

Filesize
79KB

MD5
32ad5920d548a4aa9538690fa04d91ab

SHA1
9f07e988a4d6ea185f8ee4f9c39b94855b6591fc

SHA256
0559f97fcc513da8307494af423c41107c8be18d83d125165c87ca2804f21b5f

SHA512
6c7205f23534010dcee66ec342bc3f739601d3b20b5018c61655bcedbd8776550a1155dcb8e2f49d2933c9da8536201b0254100202ed449d9c7ab22a228fd038

Download Submit
C:\Program Files (x86)\Cracklock\Cracklock.settings

Filesize
977B

MD5
2dfc3ff2040d98a1a9836c24c49fee22

SHA1
866b661c70125a6e0f82c78c2947de91b00319bd

SHA256
3579e50d663c7b6379413195f3fbb5ab10f38f67da182223ca5eab3fe0c65d4e

SHA512
1ff7eaf6d97e9134e7e78bd2630a7917d7b4b641fe2f21a194f4df45bc976c969dd1dd4344cf5fa3ee38bbff3ed081052449e9f96bef0fdd13cb729a1bf179a2

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRESUS.DLL

Filesize
17KB

MD5
eeae2610ff241b1f7525490766f27c2e

SHA1
695198397b624fb768375515383f65df20a2d252

SHA256
1cf98b1466ffd5b7ad04df0215adcfd0db3d6a55f400e321f5f1c7d378e66bd5

SHA512
ce183446e7a7e8354873be5dedb1899ec69561e4405174d10c43df8274587c229fb9e7b397fc0e15d5dd0d6a097fcb6586af065b46b858181cdac087a8f510f6

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRESUS.dll

Filesize
17KB

MD5
eeae2610ff241b1f7525490766f27c2e

SHA1
695198397b624fb768375515383f65df20a2d252

SHA256
1cf98b1466ffd5b7ad04df0215adcfd0db3d6a55f400e321f5f1c7d378e66bd5

SHA512
ce183446e7a7e8354873be5dedb1899ec69561e4405174d10c43df8274587c229fb9e7b397fc0e15d5dd0d6a097fcb6586af065b46b858181cdac087a8f510f6

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRESUS.dll

Filesize
17KB

MD5
eeae2610ff241b1f7525490766f27c2e

SHA1
695198397b624fb768375515383f65df20a2d252

SHA256
1cf98b1466ffd5b7ad04df0215adcfd0db3d6a55f400e321f5f1c7d378e66bd5

SHA512
ce183446e7a7e8354873be5dedb1899ec69561e4405174d10c43df8274587c229fb9e7b397fc0e15d5dd0d6a097fcb6586af065b46b858181cdac087a8f510f6

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRESUS.dll

Filesize
17KB

MD5
eeae2610ff241b1f7525490766f27c2e

SHA1
695198397b624fb768375515383f65df20a2d252

SHA256
1cf98b1466ffd5b7ad04df0215adcfd0db3d6a55f400e321f5f1c7d378e66bd5

SHA512
ce183446e7a7e8354873be5dedb1899ec69561e4405174d10c43df8274587c229fb9e7b397fc0e15d5dd0d6a097fcb6586af065b46b858181cdac087a8f510f6

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRES_AR.dll

Filesize
16KB

MD5
4b9370d4460a296f93ae249daf224806

SHA1
b5f1bc59be6887b58e2e630e6ddd5db0521ba411

SHA256
3f0fad00e6a7081040f7b2e5f68de0848db4ea0c3dde938adfe78b9b508a91b8

SHA512
0ced0425904e5a4bc3828bc3bedd255a480ca1f13248522941dd8c32b6bdd227e2b5143edaf09d3a438d709c4930ebfc13dbf6bf431e091f6443151824adccbc

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRES_CHS.dll

Filesize
11KB

MD5
e2817837eecf654967f31dc8b14661b4

SHA1
4d1c7f08b3a524a60b3444fcee52091445619627

SHA256
2791ab7469beb94d38d2fe105042f1f454da609125a91f38ea3bfb6ea6851b07

SHA512
94babf1209f0e7623df7268ad12bce5f5f10dcdfe34d715b8eadd15ce530562253e0135e74e4b7829284ba26b2b74305523b69be279b8a021b8e777b476ca6de

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRES_DE.dll

Filesize
17KB

MD5
15364575c1404cdd91645b8ff565c04a

SHA1
9077bac994d897a238b08b73edbf73ea401a4af3

SHA256
308af3859fab932f160f132a0960202347ecce70eb6182458a935865e080c689

SHA512
62d7274b8fc697f845940061b35c12dfea8e226e71d06614cae6ffb1411118ba4f81ff25c2d98ba250de6fe2d1be20722a082b64d41588625541c606d4ef0fbd

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRES_ES.dll

Filesize
17KB

MD5
e7a81359597b002fb182c40a29e7b665

SHA1
0269fd160fd59bc039f2a4021ef445014dc21751

SHA256
6d4056c60a703e1dbcea09b7eee2662c328821b48df42ec13478a120c7a0e62d

SHA512
e9fe890d4f3019442a18664510882f8c4096e7f8707043fa56cb92ee901e92788b19a106f4a784289d2b6d74dd59689e6eb9423249347de0fb1159f41b46c30d

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRES_FR.dll

Filesize
18KB

MD5
00d3a8c6a16379ce202d10d20bca68c6

SHA1
7d5e1ba489fcef969e502efceb3647e5ca9d2b38

SHA256
4049f9c5077c30ea547323f260c5878d06a12797a536739ede26c1c2062cca87

SHA512
1e0b26ce9408f357c39cd896a24c43ec6dc714b7157fb054e50bab7f2476987a4386425668f2688446286f816b978fe8266ae6d1f654d7884111956d825506cc

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRES_HR.dll

Filesize
17KB

MD5
21a7e5ee12de9569f01b8ca01a806765

SHA1
6632cd1c92d74c6371462ff6268edc749564017d

SHA256
ffcdeebf55096915f788dfb59a6acf84fce4aff8e47b3d48a2758488ac1fbe82

SHA512
416cb8f870e094a5303b3e28e1d324e029ac94fa8d1cf1cb518b13a3b2b2ea7da535ac6efed1d28c68e2b00dcceb02d0860d7ae8020ca032f8daa8a763f58c51

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRES_HU.dll

Filesize
17KB

MD5
969a28b78cc6141c2cd0c39c408eb629

SHA1
701ec9eed8a3866f552f5db3d2aebff77f5fbd9d

SHA256
4234a5244cb40f231e217086cdfe2cd7b429a4c643e05baf57d53007c5333678

SHA512
e54de1bd83daccd63275b7cb5bb64f90087446b9ba296e730f7eb8a663adb7475e378191651b0ba09a0fe356858055360746f2d5c39aae82ec0ea07645c61898

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRES_KO.dll

Filesize
15KB

MD5
2c555df1fddd42f910e3ea8efe3fd30c

SHA1
0e9afa26655d0732bd21075dc79c979e2d42b94b

SHA256
ccc2ad6de2b61748056e6e02a00f71fa84abf8ad920b690ef5fe69c56e37a773

SHA512
1b17cf214a96813a3d53d136d8410974d4ace3162e4433d93e748928d906da02718aa7e649ee5433df7f7ddddef4413d706b1c5aa6bd8f81befaa4f8ca2313c0

Download Submit
C:\Program Files (x86)\Cracklock\Languages\CLRES_PT.dll

Filesize
17KB

MD5
2c7e7bed47fd1f50333a1fb253b303ba

SHA1
3b90e70ac550cae3ca113ffa9a8cdb96e76e6b08

SHA256
05157462d313a056708e09ef353a3dae024cdaedadd8ff388d07942b49c1ba49

SHA512
d31f1a0a94d3c0306f1d95a29591366d50e98a7f30e84a42245b4291966ae79840ec80cdde28acc0ff92f3da9b6a47186a3c0f4bbf9265540e02d901d05a3e60

Download Submit
C:\Program Files (x86)\Cracklock\is-87J7B.tmp

Filesize
184KB

MD5
8eae382eabf41d58cb4e4f6bccb48bca

SHA1
104b402efcf67cfb885d3d5f2c3cbad9837c6fd2

SHA256
154cb086cf647d673cc0646ab3db30e2c68974743eb8348cd3d77113bd15d18b

SHA512
bc1d46e2b91b51c2adb84f6fa08cb5c0c95909fd7761e0a19a6db8e7f6a0e768d575530dd920e722ba5440cfcdee48677d3260bae473bced72a1a1c62ab0e469

Download Submit
C:\Users\Admin\AppData\Local\Cracklock.settings

Filesize
703B

MD5
6a14e6e255df68b9b17803c8b500ed32

SHA1
f09f13d397650b012287c9f307fe91a52d6afa0d

SHA256
c7717712bd2ae23827429478f300c20ad4fcf1c3f08b58049e783ebdcbe1c25d

SHA512
d78fab5957ad8865c1d2714f0db9680a81fa3709413ac153739b95b43d7650d75ce2692b795b3578f12a915c43525ad1107db7c0343612337853685bc8cc2bce

Download Submit
C:\Users\Admin\AppData\Local\Cracklock.settings

Filesize
977B

MD5
d149e484c50481c533eccc9b626ab01b

SHA1
ccdaf4e1b858dc69089f9fc8a8dda296a24720c2

SHA256
5b15750236e336d4b7583fd35e401f7cd374e3f7e4b39e2722297cd5ed0823f8

SHA512
14a97a25dce3ff0e89b1d11085c3ce32ed594f0427cc2e52b759de91df50b8a73ebbbb99b8cd28a8a5eb6a04deb90dad2902a9ed6993904844690deb0e8faf58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
48KB

MD5
d4a02a4690dc0a2c58584efd3972a5a0

SHA1
420f64c8b7e2b78dd1df6da6fb76e0de988b1c49

SHA256
94fbb30a0ca48c246676f55e55de5e15a4ff0dbd72a5026fb69d16b2545f5f92

SHA512
aa8f1a75fe2b1e14825c83c365f4701d878d4147383fe5129d97306c3bb87f11bb5fa0ff6805d1033d4dc85743823822c7a58a922484f7f4b573585171d8396b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
1.3MB

MD5
b43040099861cf8d9b301733506d45d9

SHA1
039f84eff11e0c53d23c467de549890eb79de81d

SHA256
21e711cc875bfe98296b466c814a92af3f93a0b2d7be7e3e041b9ec91c2a9348

SHA512
74e345ce34bcedfd02a9b631440e21fd5012b0abfc327695a6cd7cd09c8b883aa822f7cc40b32158ff9e39b99e341fb383e3613b815fa82c6309b46687e310d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
d07f3762eaa8b9c58abf7159da04e6c0

SHA1
fdb14dbb0bee0cd3ad4d072eac4c3e9b72258b1d

SHA256
c4dade02c45687028ca708b97a74bd0586ce0737f02dfc800b8fb5b649930260

SHA512
42d5587d94752f8591b9b6ef2d6bbaccc17dac25645aa39e897629915e4a726c98349746a02a07b7e65705efff82b12326dbad355d364b191d0f1f89afd07665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
c3114e7edc74c2581b7c4401c6bd8e57

SHA1
55b70dadc356d0e0c54a4cc0e34af52472d4cbd8

SHA256
6dcfaef4514768e158ea94bececc90a3aeb11f0cbf18cc84d1973d1e800050ef

SHA512
7ecd4005fc505303051eafbff6d1165304f9e1ebcc2d50d5dc1b29c6692557aa66016eea26965cf47a0222b6f10f67a1ac36046ba12395378677bab15a204b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a1cbf1e6b0ab19d7f3163c47ed6549d8

SHA1
2e0bd248b3ad4a037cc9aa0248cc14d13374d26e

SHA256
7f99eb74ca75da6be76017e2eee436dc7ce17b299bbef3a4271b5334eccd4f3a

SHA512
6f4495121f4aeed5c4b0795488ca67342f5422cf42f5e92af64732a09eba44473222f46cb79ecc3f22ed36e1e865100a12fc1a437b0ee74dbdf20bb5283bcbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
696aa25a02d7ddce40d205fa7bf7c856

SHA1
d388a7a80dcd52e60ae9aabe70a6df530ab45063

SHA256
728d950417efc9a120dd999a96c1fb222add1c113297fe9181c3d7c292d1d871

SHA512
633ef39b9edcbcf2b8f2d935bbb1daef94d7bd5a19790dc05c6c5fc7706b31b2695a12b7dac22577f19726f0379ee9804e27c753a77a782f85e705d60a0872c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cc3b02dc29298062649f1711b1866ae0

SHA1
d8fd641ab4b9ce12afd60174b5387b93b981bcfd

SHA256
4ed08d41770921af07e131a9df05f6e44b1ebdfcde2c460ef773acca0ee1ed75

SHA512
7aa74933437f2deb5f3945e5f898a12f56d81d05d2a6a7236cee01a89fba0c173dee05cbf7b3ceac3e17f4f494734d8ae20e66b3167983bc4b3fa6328660a457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
75318dfa7538770af5e0769cfb396774

SHA1
e6e2787f3ceab919eeec1973f9f0ce74099ef855

SHA256
bedc32a96e461ea974aa20632d55172f18e545f8ef08d62c38b31fdc33f1a8ec

SHA512
2a1e3dfe2e5f42c49956ba1889fbc08f2e69a81aa52a697f35293269f30c8bfc8a38ecda1cff2de2fed68fefdd651853481ddb5ba516f568990d14c709cfe230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
400740e33cb565c1bfd17acf5c96fe02

SHA1
658d79d18b871c0717301e3a09af1d9ef3e823fc

SHA256
ca5ba687be653c002194fbd92b254ec06b0455bf3854fbf325a82790843ea49a

SHA512
f1592520cbd5b0597adeffe70a11d028cd88eb21a9f0cec1a0486666ff67e9ab7aa5245250d5f063e68c91fb4871b24de23cebd44c14435a9d8d2a24c2a2a246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f8f09da8e0d004b957a28de263b272a1

SHA1
f25bc245d391bfcc48b2411dc3aa5981a3151d68

SHA256
ed6817eccb3cde70a490a7e3a0db4bc69b44ccddf37b61bc242c1dcfe79be833

SHA512
b4880db74a8b15c692d5d576cd1c50a31e88475353822109e3901d21921e53318ebe8e0f5a1155eb5a7b536b75537b5315b4b57851f21e95f7e276519c80fa32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
7795094386d1404aac96a9e1ac4e9a6a

SHA1
6abfe081e54a61c00fddf79635d65487929cd844

SHA256
f28a43e5195f46f22da33e58a501d0f2e54f347b18b5efaa55195c153902b798

SHA512
52e2f3c006b5280cadf25111995dbf8bba3d9eaa9292b6820feb6b8d95451b9c71019b75dae295d12363315829600840929f7de4b6da36d74cf778404ec31a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
cd461f9b071bcfd0816bf6712a9bb84d

SHA1
bc54f00731465f57bbbb38d87e2acbfcf27c10fe

SHA256
38bb53d5734f4bb80d2c6df99b4615fd18b3f1cc0a609f8da36bc029624a792b

SHA512
8bb5b656bb77e81ae9d3e32c4149c83427f245b38e607f160b11e8435ce00dc3ce6d3f19cc68f1d68aedf6b2284ba69601555879ae04ee6e31cc646f99efe48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
abeaba926d6d888027923f7cb8ad0149

SHA1
36ffcd9f328b9aa00204827729e5af40d4374175

SHA256
47f390a86fc2fb5f7ebf317ca9e37d5f6736099f0f527f5b030a95728712351c

SHA512
c4a01ca542c791868c06eaa44765db98252b1d35ee00572a2a54df9c78486285daad091e71ae7208302f0b34e97ffd0171ae33c16c911841a2e3a7027fe5b790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
c3a7378218c3db9ecad7f96acda551ab

SHA1
4d7af46eb7e59a1b7a1bdd397c292028f2db184c

SHA256
c87c31359e763e3a31429166c8e0c85142096fb1bd99b8aef72ae41f8eec6e32

SHA512
ff26524ffb813b4a397fa7c21e65048325f12f4af03848ad735cc6c38d7159c6973340121d41ccba215cc246e5e8a61ea1ae4cd383f15f283e83499ec15f929a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IssProc.x64

Filesize
85KB

MD5
ecd5413beb0767c5d15bf6bd9b744a2f

SHA1
efa8dd670de607ef480e8722574f676717ee975e

SHA256
03c9c39f0f3ba25f13a1acd6f08fcfa6f3a2972f574e753d95485f4abe6580e8

SHA512
b0e353216a9d8c33e99031701c7f62640778efac4007e8156ff498d487b1eb601f85ccfd5f76c2b055d6820ec82141a64bcf288c5a63459f308c6810275f31e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IssProc.x64

Filesize
85KB

MD5
ecd5413beb0767c5d15bf6bd9b744a2f

SHA1
efa8dd670de607ef480e8722574f676717ee975e

SHA256
03c9c39f0f3ba25f13a1acd6f08fcfa6f3a2972f574e753d95485f4abe6580e8

SHA512
b0e353216a9d8c33e99031701c7f62640778efac4007e8156ff498d487b1eb601f85ccfd5f76c2b055d6820ec82141a64bcf288c5a63459f308c6810275f31e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2T4T5.tmp\IssProc.dll

Filesize
184KB

MD5
8eae382eabf41d58cb4e4f6bccb48bca

SHA1
104b402efcf67cfb885d3d5f2c3cbad9837c6fd2

SHA256
154cb086cf647d673cc0646ab3db30e2c68974743eb8348cd3d77113bd15d18b

SHA512
bc1d46e2b91b51c2adb84f6fa08cb5c0c95909fd7761e0a19a6db8e7f6a0e768d575530dd920e722ba5440cfcdee48677d3260bae473bced72a1a1c62ab0e469

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2T4T5.tmp\IssProcLanguage.ini

Filesize
8KB

MD5
605fa6a745bf38413a33d03245f02b59

SHA1
bcd05d23ada650e91377758b09423cdfec55902f

SHA256
a6c310774cd3594e4cc3911a5cdbae4b5545210cea3f7a9206c077215b9ab611

SHA512
290e213714544ea02687c8e2a637a06c58440d10dfd2d3cd99f67264332c693277c79a704c708063bb9e7eea679f72e287e9b359f161ef353eb5e76a638fab6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4F3LD.tmp\Cracklock.3.9.45.tmp

Filesize
669KB

MD5
52950ac9e2b481453082f096120e355a

SHA1
159c09db1abcee9114b4f792ffba255c78a6e6c3

SHA256
25fbc88c7c967266f041ae4d47c2eae0b96086f9e440cca10729103aee7ef6cd

SHA512
5b61c28bbcaedadb3b6cd3bb8a392d18016c354c4c16e01395930666addc95994333dfc45bea1a1844f6f1585e79c729136d3714ac118b5848becde0bdb182ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4F3LD.tmp\Cracklock.3.9.45.tmp

Filesize
669KB

MD5
52950ac9e2b481453082f096120e355a

SHA1
159c09db1abcee9114b4f792ffba255c78a6e6c3

SHA256
25fbc88c7c967266f041ae4d47c2eae0b96086f9e440cca10729103aee7ef6cd

SHA512
5b61c28bbcaedadb3b6cd3bb8a392d18016c354c4c16e01395930666addc95994333dfc45bea1a1844f6f1585e79c729136d3714ac118b5848becde0bdb182ba

Download Submit
C:\Users\Admin\Downloads\Cracklock.3.9.45.exe

Filesize
1.3MB

MD5
b43040099861cf8d9b301733506d45d9

SHA1
039f84eff11e0c53d23c467de549890eb79de81d

SHA256
21e711cc875bfe98296b466c814a92af3f93a0b2d7be7e3e041b9ec91c2a9348

SHA512
74e345ce34bcedfd02a9b631440e21fd5012b0abfc327695a6cd7cd09c8b883aa822f7cc40b32158ff9e39b99e341fb383e3613b815fa82c6309b46687e310d7

Download Submit
C:\Users\Admin\Downloads\Cracklock.3.9.45.exe

Filesize
1.3MB

MD5
b43040099861cf8d9b301733506d45d9

SHA1
039f84eff11e0c53d23c467de549890eb79de81d

SHA256
21e711cc875bfe98296b466c814a92af3f93a0b2d7be7e3e041b9ec91c2a9348

SHA512
74e345ce34bcedfd02a9b631440e21fd5012b0abfc327695a6cd7cd09c8b883aa822f7cc40b32158ff9e39b99e341fb383e3613b815fa82c6309b46687e310d7

Download Submit
memory/980-369-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download
memory/980-562-0x000000006B700000-0x000000006B72B000-memory.dmp

Filesize
172KB

Download
memory/980-560-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/980-679-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/980-680-0x000000006B700000-0x000000006B72B000-memory.dmp

Filesize
172KB

Download
memory/980-396-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/980-397-0x000000006B700000-0x000000006B72B000-memory.dmp

Filesize
172KB

Download
memory/980-398-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download
memory/4700-363-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4700-384-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4700-681-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download