hxxps://files[.]catbox[.]moe/dkz7kk[.]zip

Analysis

max time kernel
238s
max time network
233s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://files.catbox.moe/dkz7kk.zip

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2724	WareHub.exe
4724	WareHub.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000001e5a0-99.dat	upx
behavioral1/memory/2724-100-0x00007FF6D5EB0000-0x00007FF6D5F46000-memory.dmp	upx
behavioral1/memory/2724-103-0x00007FF6D5EB0000-0x00007FF6D5F46000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\IME\warehub.dll	WareHub.exe
File opened for modification	C:\Windows\IME\warehub.dll	WareHub.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133540903994643098"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
3952	chrome.exe
3952	chrome.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
2724	WareHub.exe
4724	WareHub.exe
4724	WareHub.exe
4724	WareHub.exe
4724	WareHub.exe
4724	WareHub.exe
4724	WareHub.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe
Token: SeShutdownPrivilege	1708	chrome.exe
Token: SeCreatePagefilePrivilege	1708	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1112	1708	chrome.exe	87
PID 1708 wrote to memory of 1112	1708	chrome.exe	87
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 4856	1708	chrome.exe	91
PID 1708 wrote to memory of 980	1708	chrome.exe	92
PID 1708 wrote to memory of 980	1708	chrome.exe	92
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93
PID 1708 wrote to memory of 1220	1708	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://files.catbox.moe/dkz7kk.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda3379758,0x7ffda3379768,0x7ffda3379778
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1852,i,2858784660061198278,11011308916001770600,131072 /prefetch:2
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1852,i,2858784660061198278,11011308916001770600,131072 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1852,i,2858784660061198278,11011308916001770600,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1852,i,2858784660061198278,11011308916001770600,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1852,i,2858784660061198278,11011308916001770600,131072 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1852,i,2858784660061198278,11011308916001770600,131072 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1852,i,2858784660061198278,11011308916001770600,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1852,i,2858784660061198278,11011308916001770600,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 --field-trial-handle=1852,i,2858784660061198278,11011308916001770600,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3196 --field-trial-handle=1852,i,2858784660061198278,11011308916001770600,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2680

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Nova Cheeto\Nova Cheeto\" -ad -an -ai#7zMap3142:104:7zEvent28501
1⤵
PID:2676

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Nova Cheeto\Warehub old still works\" -ad -an -ai#7zMap21890:128:7zEvent8235
1⤵
PID:3028

C:\Users\Admin\Desktop\Nova Cheeto\Warehub old still works\WareHub.exe
"C:\Users\Admin\Desktop\Nova Cheeto\Warehub old still works\WareHub.exe"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:2724

C:\Users\Admin\Desktop\Nova Cheeto\Warehub old still works\WareHub.exe
"C:\Users\Admin\Desktop\Nova Cheeto\Warehub old still works\WareHub.exe"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:4724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dd24ebadcd0a01959fc4b59fa48821a8

SHA1
aebcc0ec6271702ce6be13d3e7614838bc91291c

SHA256
a98da8093ac51ad9d48f501cf4136c69f7a425cd617a8c587d9b8a5ba3f1c858

SHA512
8fb6ce2347c9041ce0a5e0aab565879355452e092ef6279502c33958bd88f9a0ac3c8877994ebdb9d46e1d353a7469fbc61d51709c31e771630013b0cb5a9b86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f558747ecec4f2e65ca78c895b8ad171

SHA1
26b90c2827d07e2354a183d1f2178160085d0ae8

SHA256
cb0e3ae930f473e0d2b9e93cfb2a8135cfa0608852e3abaebd8094ce9de9877a

SHA512
a549dca84648968300a3f251e674d49e3328e47a8c5f5d9dcb77fad9e3e9521a2a231251600591b1b9f61d38679bc23f057df442a685729d240bacb22249b927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1812380b85cdd86ef188db22fd88d61f

SHA1
8192707f450ea9e04848c4e2d6aa0973a1e3bc44

SHA256
f7ef12aad2e3d246eca3269980217be040bff62d7deb59835990d9a59b089115

SHA512
4400b68dc745e7fc438467b90f7cc96e45167165aa37430a7d83624b816e3bd14ccfe79e800d73922a0bab77fc8e0d13bf2abd516603af4ed753fb72c2cb6b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9b610927034898f0d682a799ffb53b6a

SHA1
750a1246be724fdb45cd10991a9f6c79cfcf407c

SHA256
a2fd3a1e59b0a98ac1fe7f2c7597c33841c642ca399094e937fdf411445241fb

SHA512
5ae94bbd1b644c0fbe34d7f87b5091a7c9e477f62c2424e2b0d58704f9e8d1fa118b4f3359cf4ea34f9c2f65464d268c0b3e34f8925f50df0f09ee2bbf1db343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2de9a36bec21a9bca06d41a3096e632e

SHA1
223983ef0c369a72f94d6b332f6a088f3ae1d6c0

SHA256
53f2a2bfb0c5791e68ee1c913301a9b04cca39927d32779927387872c147edea

SHA512
b7aea847b79f9b0df5fe3247490dd0e37c90af1463aef1fc45b831de09b2399f89429ec7abfd3d0611c873c6d483c4340aed64340718548ea4904550135a07fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
fd83e5373079f25cc892825938435ac7

SHA1
0bcf6ad75b410ce955522dd69ca73c21026af228

SHA256
119c0dbe44a034038204e15a41e27d934fae30a1ce6b8494b382b679a6649b4d

SHA512
a26d16cd5dc8790dbedfe1fb4df27c7c108c52aa0402d7b988357430e1d649d01872666b25529df5d584278bafea1d6cf45b5faf408aa06e7bc9604042a1b722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
738b7553bff1d98c28818fc7e67f8125

SHA1
b563a435da15c3b9fa47f133698935866e294c60

SHA256
d427f07d3d80bc5b7a9e7a1bea84899ccdb08a5c0596401b7851241fe3d0f4a5

SHA512
b01379e8529b6b28829e22d4948c806249aaf7a275097fab0f70d91ba2932c75836cb34aa409c8560e9f508e4eb1fdef5540d61fae908fcc209ab97579ce95cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58875b.TMP

Filesize
103KB

MD5
cd6b0efdf01bc4d78f84ab51301fd8ce

SHA1
0d698bc306abcb5eb3e9fa2c350803a49c1e425d

SHA256
44a574d9d507192d362edecd6c0261e2425d89f23703a7de5a3188ff12dafaea

SHA512
c11c09756e192fd3002f49a5c8a44eb75975c9efae9bbdde3421292294539f73c5ce596ba8ab636f14abd9001c521440a22e89156ff4d2c305518b78855d1a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\Nova Cheeto\Warehub old still works\WareHub.exe

Filesize
288KB

MD5
d098c0bf1c83217584e2e38734627a7f

SHA1
4902792181f976bdc8f76f80a42a13d7f34d5714

SHA256
ad6e7b84ce21f9670bf8f0a2a980d72363d06ae7213cc495ba9e88fa6da2f511

SHA512
ff75c6c334f8e542beeff11464dabbc320bd2b980d2021e6123e9d1f33f4d57fc8fded93280b5c96d91564636222931177bb6d98ea60400612fdc7dd3e9deb44

Download Submit
C:\Users\Admin\Downloads\dkz7kk.zip

Filesize
1.6MB

MD5
45e931ccf92c5067a41d698af4493ca1

SHA1
a51b29fbf4111830b8e7a3a2c385b7b2037fc85c

SHA256
2ef63fc291319082213f8d9fcda73926a10dda3810a14a03c6a3e78ef9cdee12

SHA512
17febb0612332cf5ebce4174fb176e78a65928ee5c0d53b22e2f8e25987770e4e48a12f8276763c41016e737a480609f9412015737ce0ccbb6a6f37ce743d219

Download Submit
C:\Windows\IME\warehub.dll

Filesize
509KB

MD5
a9ce29831d7873563bea2ae38c681155

SHA1
7e75e30db7e5b6171e3ca5a7ec237a60852ec23a

SHA256
9624f6a36095eee15de30e09f308a87d6cfdd825e759a8b71d05c7202fb678f0

SHA512
b5e2d119d480c4d45046ed45b30632926a3ad685feb4f89ab55c44eed1cfedd0d849d68e7bc53a8eb4921e7535e4a84e3f388acca28556ccb0b2254d6d18dfc0

Download Submit
memory/2724-100-0x00007FF6D5EB0000-0x00007FF6D5F46000-memory.dmp

Filesize
600KB

Download
memory/2724-103-0x00007FF6D5EB0000-0x00007FF6D5F46000-memory.dmp

Filesize
600KB

Download