6d5ff2230c713e9372d23989c3ea247d814ffc6f19380be86f7bccf3c0b6ff91

Resubmissions

26-11-2024 17:54

241126-whcw2aylbr 10

29-06-2024 04:49

240629-ff5aha1eke 10

Analysis

max time kernel
149s
max time network
153s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29-06-2024 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wave.JohnPrlx.cracked.rar
Size

10.3MB
MD5

a502e43649c31bd6007912d68b37cad1
SHA1

9076425d466c78f4cf458ab9913fb0880fecf7d0
SHA256

6d5ff2230c713e9372d23989c3ea247d814ffc6f19380be86f7bccf3c0b6ff91
SHA512

cebdaf98e4406fcb95c3086c976c16313230c2630c610d542c61e1c8a655c28a4a6555d9c40a8faed760827d24613acc624547390d66e59f1a77ef7e45ff7ca0
SSDEEP

196608:3xLL5xzen4Pdl4KmMJpgkGTSLv+gaiPBgy/fxKKXWK22Ddd:hPKn4PYhT4ai/xPGQdd

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4404	winrar-x64-701.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641102634924716"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3860	chrome.exe
3860	chrome.exe
4776	chrome.exe
4776	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2564	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: 33	1724	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1724	AUDIODG.EXE
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
1212	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
2564	OpenWith.exe
4404	winrar-x64-701.exe
4404	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 1928	3860	chrome.exe	77
PID 3860 wrote to memory of 1928	3860	chrome.exe	77
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 3844	3860	chrome.exe	79
PID 3860 wrote to memory of 2884	3860	chrome.exe	80
PID 3860 wrote to memory of 2884	3860	chrome.exe	80
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81
PID 3860 wrote to memory of 3128	3860	chrome.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Wave.JohnPrlx.cracked.rar
1⤵
- Modifies registry class
PID:3508

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaff459758,0x7ffaff459768,0x7ffaff459778
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:2
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4600 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2836 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5056 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5028 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4924 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:1
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6124 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6024 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5876 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5876 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:1
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6596 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6832 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1532 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2468 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7156 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5896 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6776 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5596 --field-trial-handle=1868,i,3506446136718832167,9571027454990955156,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1724

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
47KB

MD5
1af625b5988f4098155457b42c9e7604

SHA1
f101a2737ad079176c92bc2684f8961b074ad710

SHA256
44d44ea3935d534f44d0e33117954cadb08b712269e12e10093755e3d4885014

SHA512
b81654c38578ee6acb3ef12ced4fb5edaeb698add94d68a6745db933582494170ac6a048022eeb2dd734372232673f7ed50102fc8fc3094e3804110b20172d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
808KB

MD5
2bddd552038fa6582707fe3e183855ea

SHA1
7e622e9b8256f94a9051934534f85137a8b9c9f1

SHA256
5a196c59e04a05a940f87c32c8a2c531a68d1f31570d324492b0c71f41fdc6f7

SHA512
e8c0ea81cdb036468b9ed3b8bfdf6a18202c4babfcf64d1c5bf69aebd0780c485779d4bb4a3774b690a64564bc33f2d957a006aa1e3dd81f7405eb9c71131334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
32KB

MD5
fe0cb11576905a924b316b72b715c2e3

SHA1
31a833346d235602a4fc51b49ef9bf57d9d1409f

SHA256
ee9fdfd767036158d8d3bc22f6c3095c5bfa6c17d4611eaacd45a5a829a864b9

SHA512
0227816287e01021bc07b84db89642ed0cc5e1c3a653a8be2c38bc53dcb17cd62b1a45051cf143ba9c2a5880df961d281192547fbb0788d95659ec5169e98ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
32KB

MD5
a37cb5b2be3ac24f85e18e0f6af90e18

SHA1
7888cab4667f8997bee7cfe1357b6d090e5f987b

SHA256
38322e4056896c3d332335130caef7ebf6f02a9e902e87adeb3141aaaefc5eb1

SHA512
f2772d825de479756299954d0d6b67c3c940e41a2e2329a733e755b8b3d107c53fbf845d64330ae9b75f75f56f872b9f6fbcefacb55606a0ae7fda58eab6b384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
014409e82e2c7854eb0ab78c3abdd339

SHA1
61f74935ad690b8ced99ed109b262268f3332eb9

SHA256
69cd83a3247787f8e69ff7b567a4451b6c97d5542dad55c81ac60ced10aac729

SHA512
69c5593cf0d64cdc87783b78518275ff48045f4854acc98b22240c893586ce65be6b3f3942f895e9d2c4ae5199692fb02472b628429ffafa038fe6c79e696d19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
f5f4b2307522e26ec7f144996605da62

SHA1
2a3906092a4c71fd080d340c93db8dbcf29e33cf

SHA256
36f7d921c6a20608648594e25573b10636bedd1012e30b6be9c970a4b507ad30

SHA512
a46bbeec64becbfe90d96cb0da2c71c740e555edccdbf2a24ceec48ee2db599e3979d0fc6569ad76f065159066e99cc45e7cb064a7efe1729b54828103ff9c03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9d2109c93937fcd386e7a4a2c52f4b8e

SHA1
73cf9e83f3eb31ac3b96071447aa24b215f03325

SHA256
2d185a54c59eff1927d5ab5f45de83c9186efbfc1562bd29287859b3e8f72502

SHA512
86a3dda8adbe864634ab983e8c6a0f5c45749b439c0cb16874e9f0deb66ffca0b8d4bba1fd6d4cd4a59a74d0dac3ca8c778514d912a2e158d5ff16961118284a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
031d1fc360acabe6bd9beefe912ce8b5

SHA1
2d41d237f05ba6fe76a2800265b76819b450d6c9

SHA256
dd57d85ae2ab4db621ba2a8e641b5586eca0b67f35be2d439e43341d3ebb46ec

SHA512
8ba746fb6d81925eb1474aa816c7f146aac875848dbe22949a19a9ed8b2840ca0faa66c95bbc858c7cd3e402517ffc52a90863e856dcca9adf2bd83b48bd50ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b88550f59eb57f06e4d0680ef7471d86

SHA1
ff87db3586933d32fa92884a3be900b6a8868a2a

SHA256
c488ddca77dc0da283d24be694556899257c7455ab46b3feb73376a35a6b0bc9

SHA512
4979b71a72ed8a52b895f46b5d73f5ea894b4a637f74f1aa80c691c4d430a667dbb8cfc97bfbc8091925e851e63ed099ac4f5f71428458cd5264da54dba301d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
bbbf67ff2419abcb72292d2eca9fcba8

SHA1
ce7433d9e3debdc379a1ae924051a2fe5171ccde

SHA256
23452ce9c21aa486b1e5e18dc11485a87f7b6f746c888051acadcb4117ae60e5

SHA512
5beb9588e42cb55c18182d7e6436002e2589261c99eea18101448ceab0d04339ecd0b86c4b728660c29d4cf641560b9a8e0c6279b8c298bfae0913b3393006af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
8e0f4952b90128174fe99e4763dbbea9

SHA1
9962e42fc6f9b710f438cbbebcb4236b5e75ff1e

SHA256
96cfd33e24d28cdd47b67a29a5459e3c5eebb3cef1b8cc9ad75f46844ec27832

SHA512
8d9a323aeb5cb149502f569ba618f77ab41d61788cdd79e0a8ffdf99593e505455b589f7b559956ca53e2d470577424dee2f1235a61cdb5ec09e6abed1ebe559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
f52731d79b1ce679f2835f7113e3b53d

SHA1
e26d0386f88607bb24e1c7aea352a3021694abee

SHA256
d5bb2c225d773203cb15a4e2c2b704ae17ba26cfdea5b62d0dffbc727fdc2c81

SHA512
9580a36fda49949de15a1c15bf66ae8fcf66ea28526c4a80dfcc6c42497bf19d397a27b2a9266e48160468e046da77570b3e551b709531ee8d4e2ef31f95301f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0ed1d2f81a647043678c473f01abb04e

SHA1
e785256ba2dec529182928597b9a35f3d6a868d2

SHA256
51ae32fe70c8e8e77bd237c5b229ab65946d6f7bd1b1ee724c49979e64c76c8c

SHA512
ae9bc30bece5884d4d44d8c0be930abffa15535d4a39bda5dc74e1df303528d2b52e63577e8242428e17916e00563fb01692fd2c65de77829fcdb051497b9a25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a425df6bdd21d469f95b07a09e1a6b77

SHA1
22902887b38ccf05b6f0f42e4b6ee00822e028cd

SHA256
ae4cd3abd004b190921f365fc1c112472eed5ac45983c0d80d7eabe0c01fc460

SHA512
e22155422eb363a25f6b4fa716b0adf3df81f762f71f4b7169688c1e9c66478c11a6d7c6515a8d131b3a96c9b26b48427c5f61658e63ecb0b0a761147806bfe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ab32b6a77ae98af39f1a5abcd949117a

SHA1
86b83dc3b49d95d176b586cea7cf7c18acb4d375

SHA256
ffe213a49dba5eda07b2c98281ccab953d609a8eb834fc33af353cea95dc8736

SHA512
87965becf8987f456b5d5e5068e616731ae16dcad935a1a6da7b437956161bb318ce47d0583ef750a2d119ad346c7784ee6896b951fd12763f84063a325e5ce2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b4c15d0af95e3d979618c7808b74aa0b

SHA1
fdcf3ed507d0bc64a3841b41787847acfc5415d6

SHA256
622b4e3b8d3e7cf50a8394ac88e04919bf1ced16d5df13fde1669600f5dc00ee

SHA512
7faac5e83f8652c21d1a2bb0c6eb9b64908c76722d9492005fdcc5d4b72825078385fb63855ecb1eca388b0c7ebd8f3e1b4fa56aeccf6c38980e8bd111d21c20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b46c5f2066622ad3cef5c502e0330709

SHA1
8b2a667828e64754ba3c452ca635b830e2f4cc10

SHA256
824e13f9f5e63f067eae10ab88734c2dee2ecb54d7af17c12ac6ac5153ace992

SHA512
0cbb3175321bfca54aae295663b55a73fbaf349e43ad714de17ae317a1283fa4b0d3b205d475a38167078bf21c5b22d4e902e580fdedd906c0191118e3420873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1f73777634487ce74c78535a907ee4cd

SHA1
c6b58cadee3ef460d937b4cf9cbe1cf9b386bee7

SHA256
8f4be7972f4c2c24110b1d6535a21bca88cee573c8443225751728cfdf10be12

SHA512
0ce9ae05add1d7f6e7fc60d5484ced13228619676413fd380f9fda31e2d10f80aae979c2cf52994a8597bd44847a5083b956eeae2c3521dba56b99a5d5d32e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
43904b06c1400afce15b64fb37db3184

SHA1
6d7ccb80c5005ded574031791c40a4c0a0d68ade

SHA256
6380daf6f3dc416e41692fa294d63866c4349eca1c8d3ad62152b03a08a138f0

SHA512
de7874bb3504f85a257a50f756b3b2fefe5a2d0a1fccbc3262489cd68b87fc7afb99c5a99b299d557d54fc79f1d6f5d74fab58139af0231bef90c17c2c5b88ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
44fed81d1099de81cb702df6e9a38a2c

SHA1
e08ae2d5c9571858cfead875cf1710ef23700541

SHA256
c9791cdfcf5ae6f4dcb0fbf9746138801a8b8e10e771504b66b27fa5a07c17ea

SHA512
8511658661b77bcbe4cec1f720dd453fd36d26fd709e7a3ed7f6162cea9ec2a16fc67ce877ae0c974c8f7365b246ee7d11fd10065a4c32ec1f9a6e0e76d42a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5e77cdbd64db940fdbccb17c22e87cb2

SHA1
9d61608f04c4a56e406a382b1d5fb6b952298c84

SHA256
e5a6bfb52eafbbbd41f0b3c0c4d1e97348065430c95aca11deb4f6867d7c3a62

SHA512
20a48657d6c8667f96ece758e3a12f95985fe0f528226ed7ee0a25cc5539a581be32b043c1d881d0ebc2786fe1288b09ed02406340eff5966821a57e2585151f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
73ce7b628bab749334682c173c853c16

SHA1
fc9dada59aa8b73f271438c585f0799b7fd4e1e2

SHA256
f08c233a761f5964d7000643949da35ca0e97dfe40eb9da6b2fc247b8c85eabb

SHA512
a8604ebd3dfb9471473b8efee2b9354a9b1d0f526964b57dae22477d16f36fd312cde301f7c8cfd3c8d75af74fafa03628067094c91d91a6b71e3b6d7ab53bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b2646079-05b4-4a87-ab5d-6e8f504086e0\index-dir\the-real-index

Filesize
624B

MD5
ad165d4475da98d48ac0ffb8ebc509e1

SHA1
c73ac2a46085c9f8adf688d6dfb00d2e038ce97d

SHA256
fc223eebf0c6f65ca3402e0cb89448e07fbf5b8ff7819625cb16ef15b59d8e4b

SHA512
f90710f6f75852a38069af0e6372d68f664dd4124e4b67c9c031c51de4ac1270581ebe8b5ffb06bfe3dd66dd28aa144caba0d0e4ac0cd788b0f27b3496618058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b2646079-05b4-4a87-ab5d-6e8f504086e0\index-dir\the-real-index~RFe588642.TMP

Filesize
48B

MD5
ae1154ee88e0ebed10946fb73dd183a8

SHA1
3f382605735de4236c7b185f0682f0e0e8d04b0f

SHA256
5be0cab14b4af13287897486808afba4ea51bd022392f4aed28c82d220bc539b

SHA512
468fc8a4dcab1531887e40ab8285daca86f42bfb92a4ab344b0abe682262b2b097359dfa4ba6939c06948df6e887d3f958d05b6dec2a3f7afe05707f10f35be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e44d1a68-513e-4140-af2b-3b1aa96ae62a\index-dir\the-real-index

Filesize
2KB

MD5
9661fb7965e5f2448843af26fc62124a

SHA1
bc0a3de8e6c7e5a6e6023125a5ed9cd21aa4153b

SHA256
43d4b1480065fd99c69870bf3a8210de9e3751efcca536c77894c9bcde7e9091

SHA512
b18975a97f5ad13714833c97ba3d6dc3587ce39c40db48f78f13ac32ac15c92c07cd84bf4989dc289ed828ba2030bb879340dcde36572203f7b8abed1fca639e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e44d1a68-513e-4140-af2b-3b1aa96ae62a\index-dir\the-real-index

Filesize
2KB

MD5
05359435b84ed7296e864ad399d266cc

SHA1
c9d1ea19f015344db2453a78157fd76afab8bd4d

SHA256
6cd0b929aa2c4333c650c83aa6265d3f3c3d1f0ef5a5052197e439d7323fd1e3

SHA512
a4a33e81ae53817d14fe9837687c1821987d421d6959e361fe3c161da55704717c45e1b35ad35d615350e5d1252850892bbe5acb6fdcfd2c1be3876dec1833be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e44d1a68-513e-4140-af2b-3b1aa96ae62a\index-dir\the-real-index~RFe582d16.TMP

Filesize
48B

MD5
2827ea7724a022a2787a965e8ed31a13

SHA1
7a6d15a8586f451cdbd662de9eb2d5b60769c14a

SHA256
ede464e0a55e117da45732c17bd284d6842a94df3acafdded136df4c084fadfd

SHA512
f02d56a70c5d9c3dd4043263034b2545edd557891c194049f03cdb498b150691ca05de7e9bbb8fcaeda62d58eb395d88d444f4078b2fa77195f2e037b98b2ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fbf7e562-8e0c-4bcd-8ffc-fafa889e961f\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
0e73faacc7e36ae30f9fb62327d4ebea

SHA1
160b4dab167510c4fb421676f4e8b64cd67b46eb

SHA256
86f5dbeadf7cd7c1f24054565f7fd8506bb348e7a394316b391d91168b59d173

SHA512
e33a31fdbb0371625984aa0629877baa015d7b62b655f28526850c55a4edc69d9120fdd05fe1551dd375c143cb1bea0dd3349dc7de97e6c44731c1ec6f2b7429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
582c4f3bb3fd68edc51b60c88baf6f1d

SHA1
3fa23b3b7834ef38d1cf6b5532c6f4bb630758e4

SHA256
230e7409cd934d1cd40494ba0fa9fdcb712c6d5f52cc904d61986ab4bc95bc35

SHA512
4b9cbae87bfcdaf1e4543a1107abe21c5c286453647868a46a20d27cb00e63a106e1cddc123711b2c9c61005c4526906cda56d3a60cdf239af7e621a63c4fc27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
b043e2fa547a9e01b57ad5412154c7af

SHA1
dd342bbfb873c32d6c615e44cf3ebcb10107d3b1

SHA256
0cacc465476749b063612a203e5bf32ea7e4d75dec95a5a7be06260068759e65

SHA512
6e931056c9dc633f26165fcdb85bc7e6e42f6c918f38d01b9ecebb30cb14d205df6c773ca90ba263a53d4f0afac3c43784143805738586f7b47c354cace6f4ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
6f9ace72f1a644696af620a3de9cc3fc

SHA1
615a9b8c61a380b23daebdcfdd692802d5c45576

SHA256
5f276de7d6a90b9b25230a6ee10e05b780e2abc2f6e51c4a276d8fd277a1ab87

SHA512
3631609262cdf9e196b7bf296a5ab28aa2b762cc38ecfddd4c062d1da8414fb5be3024b6daa2f846488a81f4c07a61daeb191c4fed80124552043f18b39297ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
268de753a3fcd51dcaf93f198a2e8e05

SHA1
c570f70bbbab5f139f5f1553df10861faac5bf4a

SHA256
87210fa5096231b268323a72920d8846d8ecdbe35f46fb6d479621d178ea6bd2

SHA512
dcb8747e274f1c0ead131a2d405333924105c4c4b7c0d6edda40b2638060dad489899e4d1d394517447d600efba8b41fba5b5fdca7a7eac71340c18a654a4aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
8992331974f6204368ccef322e25a0e3

SHA1
5a6976b7f946901f267a3f35336517f5a7c2b13e

SHA256
8c5e26d0d989f85d7564e5d58e114f3a87baed85f9402ab1c47a477ab129011d

SHA512
f5376ca2a0a68b4b9653ddd6feb31056e0ea44f20c0f5547ee93b1e62d13d91fe37d4bf8d50f025c88ecc5af6e30d5747aff3c9383912a67b783fe553d8ef149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe581d09.TMP

Filesize
119B

MD5
b5a333b598f0da945c98f0582ee42c0b

SHA1
b3708a7074c4e38601c4da0835ad0da58a3b01df

SHA256
ef1654ae920ce113237a8eb83236cf915cd00d0edd55bbe4e7ed61d089566807

SHA512
6aaf81d70dfc1dd75f21b07a74a82c4132d00839ef4b5f8dbf29ad1de7899429968ae08d24079cd41834967c6a50b22345f3e7a58837e0d9ea28c49e353116b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
77e6ccd5875207d36f259ef3c29dfa8b

SHA1
2bb4f215d13b8ca2b537ec3e851f7cc969a40763

SHA256
276d0fff45b330c3d12b59528d99f98b8e2eda6ca8942cbf21c44585f0ba7dad

SHA512
7aefa221cbf7af09fe2ccc048670f5916cd1533de35450b0cdbd0d16c0f8fe50b0e7f2572a01d89042488dffcddcdc40392dc968137c348cae9153de5a7bf200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
6c66aad2ef01671fb444bd68e83dad83

SHA1
ad6113e3a3271fdef1059fe33a33203dc5ec5eeb

SHA256
a4fa3c2fcb207d784af467c2725adc26373808aa8c5dda9c7eba39534ace10fa

SHA512
bdce296b10f69ab78c3e3a806c31f451d5f39c6f5b352a0b151414158c182e31d2614f78f27b02bf309e712a7febd6c611148f800bc51a35ef32a63de871e0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587fba.TMP

Filesize
48B

MD5
13172e98420bac39d6dd3a70c7e85465

SHA1
a5016150091963b0ffefc1ad32da5a4782d314e2

SHA256
ebf74bffcc6b3900fd4da414e78caeabeac6df98ee340d309ff4f303344252f2

SHA512
2297a988518027c72659561c0aeefd46fc43e48800f60a909ca26f313be292faf8037afa089b1d26406c3e707450b27e7ab0658ee59bd8096bd71dbcf962ec26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3860_1432653953\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
289KB

MD5
f84b6c50da17e9d0c84c8ca987dc66e0

SHA1
14f0a1d38bc1f4f88afcfa2a7776407fe5408aab

SHA256
e01d8f1228fdd7b42ddef982db27ab25be4064673157528fab71c10991c42b5d

SHA512
45c7cadbf8a4d58e7d5ea4702fcda15cba9b3b6205e3e1a82f32b71ba376ecc16e7a8c876247c18d05832b9796d7d88183f689172d29c628bd7f53bba7fb3d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
289KB

MD5
caf5a9ee83e315926f503016d5a9dcd8

SHA1
4362f943fae0f51e1935079cddc099cf8b0f0cd6

SHA256
9ebf1c2019707566a3220197fde3cf649ff5ba70a9ac7559a97198e5e0ae5d85

SHA512
927506892192d38008e8e3f5026d34e13fa2311743b1a68bd5e1b2ab2e25309168a0cffcb367ff5e29429c7fdcb91854ece75de75bc18961b46d58bd1e0c65ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
517315c27ee7a4fb674f0ac1d39a2b42

SHA1
bdca90dba6c05d64fa46bc911b252af3596f1418

SHA256
6b7ce2c27cf8296c9bc6ad9c084e1818710bf5953a0f215df3212596486ba8e5

SHA512
bd4790b3f13d6372526fef053f62e0d0d8f4e17617d9c340ea1d73e636082e066e5af7351c5a44ea8c59dbb9ffe3f0e1911986d8ec499f903504a17fa7002568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
30337d7d164cf434166aa24560df1d37

SHA1
5cb06455f5b0f5c35ac5b61204d269b10897b1be

SHA256
0690c34244c3344a5cc6537b30d15d7b4a0d2971b81e61928754cc128ddded1f

SHA512
cb252724a154fcc983bd32be4a0ace546fedc65b4b0a2c9d0d5c6df8a579034a4c86fcbefc1aa5e069f687ad0e3724a4ecfc3d5cdceb90ec637c00709b63416c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
e93c0a45f955baefe292e52b4707a0e2

SHA1
4176adb4cd13ed70e0aec186fedecf9e602b59a7

SHA256
bbbbba0dc80c20fe73dc879a62914c7e321d4ddbca53b8a44fd371cce5829840

SHA512
8055e797da6ad02477f350f51aab5ebf91b6aa22c55ec7b1f246f1d6c18595abf8db02d28b5823a5511f1d7bcc9d9ef5ac67f8a82aa2aff7da65faa3d8c60886

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589045.TMP

Filesize
92KB

MD5
5fda4ec3e799145934961679d40c5f38

SHA1
4e6028f013ff890f84e2d67e65e5abd349dd05ed

SHA256
a6f87ca405db5563c8e654edfc065d8ab5eaedecf6bbfcc1092abf14bc57067f

SHA512
1e57df4e56b74f75cba5fcaae99d5628c00ac3fb55a9a4013d343f3592666568b093b8f5dd97f5b01d0243ee7c8f95f6a43498b179d9b22619d863a0f991cf8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Wave.JohnPrlx.cracked.rar

Filesize
10.3MB

MD5
a502e43649c31bd6007912d68b37cad1

SHA1
9076425d466c78f4cf458ab9913fb0880fecf7d0

SHA256
6d5ff2230c713e9372d23989c3ea247d814ffc6f19380be86f7bccf3c0b6ff91

SHA512
cebdaf98e4406fcb95c3086c976c16313230c2630c610d542c61e1c8a655c28a4a6555d9c40a8faed760827d24613acc624547390d66e59f1a77ef7e45ff7ca0

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit