hxxps://workupload[.]com/file/sjrtkkT2mpD

Analysis

max time kernel
114s
max time network
108s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01-06-2023 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://workupload.com/file/sjrtkkT2mpD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4972	vape loader.exe
4340	vape loader.exe

Loads dropped DLL 5 IoCs

pid	Process
4972	vape loader.exe
4972	vape loader.exe
4972	vape loader.exe
4972	vape loader.exe
4972	vape loader.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3396	4972	WerFault.exe	81
2076	4340	WerFault.exe	85

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133301141226800747"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4028	chrome.exe
4028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe
Token: SeShutdownPrivilege	4028	chrome.exe
Token: SeCreatePagefilePrivilege	4028	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
1384	7zG.exe
4972	vape loader.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe
4028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 4064	4028	chrome.exe	66
PID 4028 wrote to memory of 4064	4028	chrome.exe	66
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4676	4028	chrome.exe	68
PID 4028 wrote to memory of 4452	4028	chrome.exe	69
PID 4028 wrote to memory of 4452	4028	chrome.exe	69
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70
PID 4028 wrote to memory of 1904	4028	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://workupload.com/file/sjrtkkT2mpD
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff871f59758,0x7ff871f59768,0x7ff871f59778
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1768,i,4632882507674505368,17043316188531575093,131072 /prefetch:2
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1768,i,4632882507674505368,17043316188531575093,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1768,i,4632882507674505368,17043316188531575093,131072 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1768,i,4632882507674505368,17043316188531575093,131072 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1768,i,4632882507674505368,17043316188531575093,131072 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1768,i,4632882507674505368,17043316188531575093,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1768,i,4632882507674505368,17043316188531575093,131072 /prefetch:8
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1768,i,4632882507674505368,17043316188531575093,131072 /prefetch:8
  2⤵
  PID:4168

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4804

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Vape Crack by ghost_loader\" -ad -an -ai#7zMap28430:110:7zEvent13256
1⤵
- Suspicious use of FindShellTrayWindow
PID:1384

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4840

C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\vape loader.exe
"C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\vape loader.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:4972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 1864
  2⤵
  - Program crash
  PID:3396

C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\vape loader.exe
"C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\vape loader.exe"
1⤵
- Executes dropped EXE
PID:4340
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 1752
  2⤵
  - Program crash
  PID:2076

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
a0c0073e6ec2ce94f74cca4c645da48a

SHA1
bb26f600b27b504a0c906cd2536d52f76eee526c

SHA256
9d4f32e52edff004cfae87a34aac443a8d30eca2a462158564e6a0ad57e44e20

SHA512
c42c2aaf36348388d57022a587254e60c2417e099174400900bf87a94ff1203a5ae428e15bab2a2807e32c060b6afe9bd6160f575c2cbf6b06f5133e82617129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4efef93a5e663a3e8ceec85400e6cc8a

SHA1
e75a2f59d495aeee413e1032f88aa0c1604aff16

SHA256
7995754f662e9a7c189758772ad1795d415196f14a124c8d7b94e1c2913b9042

SHA512
ce6336b4646d61784732254ad2203c4c56419b4b5a3bc422357b9f6b1fed03d63f56f92727d9bb3aef58477483d9743c54f277190be0b823f723753f3339d932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fe907d0f5a2aef425ebe2512a3c5c3c5

SHA1
5714479cd1fb54fec428bceb18e926507c156db3

SHA256
f92e3fec25dfe08a09f25e54390ebd8e0ab1159043c8b39d8b796d399bcb5149

SHA512
6b7972b2819d8249fe04415767feede227e36f20b310b758b5bbbc05fc79be9a4b2f87b70ec046bcf0f2ba6b893e2c232967f33fa02b7baa4344c93cf270a381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5434473e1eea3fc3aa15e8203a8f1656

SHA1
f750ac1f5101234eaac0a530aba78dbecf746693

SHA256
82b269bf9a2d271ea822c6ec57ed6da7f2fd7832a45dd2b72fcd991e4571a8a2

SHA512
9337c8f12f06e41c6ea8079c437eebd90a08c0023dbbbb1eb3fecad08beb46dae280a846edacb97fc8bf3b3a1cd1d9732b084f50ab93847a415b41ae7dee44c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
38cd87458a0b80da2a1e42e6ae85c081

SHA1
2c461d5363a8944729de4e63f41a2704739674ef

SHA256
dfb105f46ce64512154e716a767fbe8b07f5f6c9111b5c75b83c559879933840

SHA512
a42bc1d1f4f0702359640a8021be86be2b9cd533e0756f91591715a6da8a83d348b4d608143375892ff93588cb3d0fd8a5efb3573c7ec32fd4c71e66e81346e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
7c4db88458a70b7fc35726725b8c2376

SHA1
96c30d9e397d6c1ebb97529287c8b76586be0139

SHA256
abcad1582d97d71effda1d3080f7319d27b86514977a48f1d8d20dd10daf1477

SHA512
e3384fb3c92dd8188b6d88ea907a8303a4cd0b2e9db9252ef73e5103ce4268b04c7d545fd82d5c1e8278792231b8660b8b3f43736692b5e0b0c60d30fb29476d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
e408bc574136d8a059cd9c82a5ba4151

SHA1
c170a4df67ff8169049cae07e8f7bc1f7320dc62

SHA256
8a553c86d9b75b0876859f73c40e5b9269417e80cf23717ce3b22d5ba8c71c7d

SHA512
4a49a5ade0c8da2a3827693ba8a863d1d2d5124fa88f9ce6de6e810b2a4f22dd2d3ca0083ca82777176643e39afe6f27e78f7840b07e98cc0af08db46685868d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5761d7.TMP

Filesize
105KB

MD5
086a7cd85a76dcc676464fa60b00a18d

SHA1
a3fc000a2f5762f97e5e7f9f96fb6afb3a33bfd1

SHA256
c77db459c5398b4ce2b82c3d6a3941a026d68e08c1b52ca40ae402a29ae3d878

SHA512
679566248d9984a0f041bae1a0249e3b95a52116bbacf9e82d46e01ac57a04da72059d79d978e354c4f47d02114ae7b38cff9f974141f94ef66038baf8a7e636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\Microsoft.Web.WebView2.Core.dll

Filesize
451KB

MD5
7e2bc58a005e0f41d74ce4b762e0fe89

SHA1
c2afc3173048be6f8b678c42e833e7835913b0b8

SHA256
af0e477405aaad87424cf3930818b4e7901a0077b13b8e0882e9b435ed6f4b4c

SHA512
d4cd340df3787e6c839c9b349069a425fd4f272e5e7478251e435d13a3a7d4ea9a5048cee6386be3874750baab14ede8ebf6009aa1db07b9cea4aa90bbadfd8f

Download Submit
C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\Microsoft.Web.WebView2.Wpf.dll

Filesize
43KB

MD5
021975a0451ec73478b2a7a5759105ee

SHA1
e9fbb98a24e8d9ae67d948fbfcbd227961d8c7aa

SHA256
7a6b8c5658fe8ffb05f8df283fe7ee5d2b68bd34aaf70cc847fc7c935fb14767

SHA512
69683b1b8caf1bb6a200b31661ca085b3d9ef263c1d588f8b40d00c2c695f0f6fce3884a52741e9c1051961ccc25dd4c9518d5b17b4be48948577b04a03f41bc

Download Submit
C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\bapeloader.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\bapeloader.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\bapeloader.exe.WebView2\EBWebView\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\runtimes\win-x86\native\WebView2Loader.dll

Filesize
112KB

MD5
578b9a2d5baa0dc780bd20b7d68f3e7d

SHA1
c17a61599736e5c5fa344251e7757c239fab5094

SHA256
75ec3d7faaf3f8a7e390d229678cf54c606f3dc2312c00531c58406d90f93156

SHA512
a052a9dbd606ef94847fdc6102baa4e4f24120fcf3e53c4e6dd7d9aab5f120c40c4b33080808b25076d463854dbc055350aa2629d1dbc060288d48a38642b90c

Download Submit
C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\vape loader.exe

Filesize
358KB

MD5
9308af476ac03db6ea0794423747b890

SHA1
49240b7b294321b7f98efe257f7286d70cc7196e

SHA256
b61875723aa0211a76195cdc2f2a95127571e7ba1cb9d5e3159f922622180f9e

SHA512
1ac278c4a061a3d350bf4074c2213bbc95fcd6e79ff8659ebd92186031241b1197990463dc49bdfb2075d8dadbcd5f7eb5947b0f117e2a201a5a5cccea3e700a

Download Submit
C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\vape loader.exe

Filesize
358KB

MD5
9308af476ac03db6ea0794423747b890

SHA1
49240b7b294321b7f98efe257f7286d70cc7196e

SHA256
b61875723aa0211a76195cdc2f2a95127571e7ba1cb9d5e3159f922622180f9e

SHA512
1ac278c4a061a3d350bf4074c2213bbc95fcd6e79ff8659ebd92186031241b1197990463dc49bdfb2075d8dadbcd5f7eb5947b0f117e2a201a5a5cccea3e700a

Download Submit
C:\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\vape loader.exe

Filesize
358KB

MD5
9308af476ac03db6ea0794423747b890

SHA1
49240b7b294321b7f98efe257f7286d70cc7196e

SHA256
b61875723aa0211a76195cdc2f2a95127571e7ba1cb9d5e3159f922622180f9e

SHA512
1ac278c4a061a3d350bf4074c2213bbc95fcd6e79ff8659ebd92186031241b1197990463dc49bdfb2075d8dadbcd5f7eb5947b0f117e2a201a5a5cccea3e700a

Download Submit
\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\Microsoft.Web.WebView2.Core.dll

Filesize
451KB

MD5
7e2bc58a005e0f41d74ce4b762e0fe89

SHA1
c2afc3173048be6f8b678c42e833e7835913b0b8

SHA256
af0e477405aaad87424cf3930818b4e7901a0077b13b8e0882e9b435ed6f4b4c

SHA512
d4cd340df3787e6c839c9b349069a425fd4f272e5e7478251e435d13a3a7d4ea9a5048cee6386be3874750baab14ede8ebf6009aa1db07b9cea4aa90bbadfd8f

Download Submit
\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\Microsoft.Web.WebView2.Core.dll

Filesize
451KB

MD5
7e2bc58a005e0f41d74ce4b762e0fe89

SHA1
c2afc3173048be6f8b678c42e833e7835913b0b8

SHA256
af0e477405aaad87424cf3930818b4e7901a0077b13b8e0882e9b435ed6f4b4c

SHA512
d4cd340df3787e6c839c9b349069a425fd4f272e5e7478251e435d13a3a7d4ea9a5048cee6386be3874750baab14ede8ebf6009aa1db07b9cea4aa90bbadfd8f

Download Submit
\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\Microsoft.Web.WebView2.Wpf.dll

Filesize
43KB

MD5
021975a0451ec73478b2a7a5759105ee

SHA1
e9fbb98a24e8d9ae67d948fbfcbd227961d8c7aa

SHA256
7a6b8c5658fe8ffb05f8df283fe7ee5d2b68bd34aaf70cc847fc7c935fb14767

SHA512
69683b1b8caf1bb6a200b31661ca085b3d9ef263c1d588f8b40d00c2c695f0f6fce3884a52741e9c1051961ccc25dd4c9518d5b17b4be48948577b04a03f41bc

Download Submit
\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\Microsoft.Web.WebView2.Wpf.dll

Filesize
43KB

MD5
021975a0451ec73478b2a7a5759105ee

SHA1
e9fbb98a24e8d9ae67d948fbfcbd227961d8c7aa

SHA256
7a6b8c5658fe8ffb05f8df283fe7ee5d2b68bd34aaf70cc847fc7c935fb14767

SHA512
69683b1b8caf1bb6a200b31661ca085b3d9ef263c1d588f8b40d00c2c695f0f6fce3884a52741e9c1051961ccc25dd4c9518d5b17b4be48948577b04a03f41bc

Download Submit
\Users\Admin\Desktop\Vape Crack by ghost_loader\Vape Crack by ghost_loader\runtimes\win-x86\native\WebView2Loader.dll

Filesize
112KB

MD5
578b9a2d5baa0dc780bd20b7d68f3e7d

SHA1
c17a61599736e5c5fa344251e7757c239fab5094

SHA256
75ec3d7faaf3f8a7e390d229678cf54c606f3dc2312c00531c58406d90f93156

SHA512
a052a9dbd606ef94847fdc6102baa4e4f24120fcf3e53c4e6dd7d9aab5f120c40c4b33080808b25076d463854dbc055350aa2629d1dbc060288d48a38642b90c

Download Submit
memory/4340-3245-0x0000000004A40000-0x0000000004A50000-memory.dmp

Filesize
64KB

Download
memory/4340-3246-0x0000000004A40000-0x0000000004A50000-memory.dmp

Filesize
64KB

Download
memory/4972-3211-0x000000000D160000-0x000000000D198000-memory.dmp

Filesize
224KB

Download
memory/4972-3220-0x000000000EAD0000-0x000000000EB44000-memory.dmp

Filesize
464KB

Download
memory/4972-3216-0x000000000EA30000-0x000000000EAC2000-memory.dmp

Filesize
584KB

Download
memory/4972-3215-0x000000000E680000-0x000000000E68E000-memory.dmp

Filesize
56KB

Download
memory/4972-3209-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/4972-3232-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/4972-3233-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/4972-3234-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/4972-3210-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/4972-3208-0x000000000D0E0000-0x000000000D0E8000-memory.dmp

Filesize
32KB

Download
memory/4972-3207-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/4972-3206-0x0000000000F60000-0x0000000000FBE000-memory.dmp

Filesize
376KB

Download