vidar | hxxps://tmpfiles[.]org/dl/12981087/unlock_tool_5[.]8[.]rar

Analysis

max time kernel
193s
max time network
232s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2024 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tmpfiles.org/dl/12981087/unlock_tool_5.8.rar

Score

10^/10

vidar discovery stealer

Malware Config

Extracted

Family

vidar

https://t.me/edm0d

https://steamcommunity.com/profiles/

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/110.0.0.0

Signatures

Detect Vidar Stealer 27 IoCs

stealer

resource	yara_rule
behavioral1/memory/2640-1007-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1009-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1011-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1040-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1041-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1051-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1052-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1057-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1059-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1060-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1061-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1065-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1066-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1083-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1084-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1108-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1109-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1120-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/2640-1121-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/5076-1128-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/4396-1129-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/4396-1130-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/5076-1131-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/5076-1139-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/4396-1147-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/5076-1148-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7
behavioral1/memory/4396-1149-0x0000000000400000-0x0000000000657000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
2380	winrar-x64-701.exe
3036	winrar-x64-701.exe
2524	Unlock_Tool_5.8.exe
1092	Unlock_Tool_5.8.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2524 set thread context of 2640	2524	Unlock_Tool_5.8.exe	121
PID 1092 set thread context of 5076	1092	Unlock_Tool_5.8.exe	126

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unlock_Tool_5.8.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unlock_Tool_5.8.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
4816	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133711488190425013"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
2640	RegAsm.exe
2640	RegAsm.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3244	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe
Token: SeShutdownPrivilege	4820	chrome.exe
Token: SeCreatePagefilePrivilege	4820	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe
4820	chrome.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
2380	winrar-x64-701.exe
2380	winrar-x64-701.exe
2380	winrar-x64-701.exe
3036	winrar-x64-701.exe
3036	winrar-x64-701.exe
3036	winrar-x64-701.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe
3568	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 2508	4820	chrome.exe	82
PID 4820 wrote to memory of 2508	4820	chrome.exe	82
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 664	4820	chrome.exe	83
PID 4820 wrote to memory of 1348	4820	chrome.exe	84
PID 4820 wrote to memory of 1348	4820	chrome.exe	84
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85
PID 4820 wrote to memory of 880	4820	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tmpfiles.org/dl/12981087/unlock_tool_5.8.rar
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbb6b7cc40,0x7ffbb6b7cc4c,0x7ffbb6b7cc58
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1692,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2024,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4420,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3696 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5312,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4888,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5440,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5644,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5136,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4368 /prefetch:8
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5124,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5068,i,7637180060467830212,17707070747225775793,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:3796
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2380

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5088

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\0f024175b3384df0aa2dfbaee64419df /t 3848 /p 2380
1⤵
PID:4216

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5100

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3568

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\unlock_tool_5.8.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:3244

C:\Users\Admin\Desktop\Unlock_Tool_5.8.exe
"C:\Users\Admin\Desktop\Unlock_Tool_5.8.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2524
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2640
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\AAFIDGCFHIEH" & exit
    3⤵
    PID:3688
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 10
      4⤵
      Delays execution with timeout.exe
      PID:4816

C:\Users\Admin\Desktop\Unlock_Tool_5.8.exe
"C:\Users\Admin\Desktop\Unlock_Tool_5.8.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1092
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3852
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4968
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5076

C:\Users\Admin\Desktop\Unlock_Tool_5.8.exe
"C:\Users\Admin\Desktop\Unlock_Tool_5.8.exe"
1⤵
PID:5112
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1596
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3736
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AAFIDGCFHIEH\HIEHDA

Filesize
114KB

MD5
24757bb7a7cab9b18f87a6d59f4ddf3a

SHA1
d3c473bd80bc3a38275ea21d058c50f795b0baef

SHA256
02bb4a332667ca6360065c1485680536bb5f6418a2c159d61d5d39ecad3e71c4

SHA512
7c138fa9cb98ac634d7370997e85f921785c7fc78cfd55e5c3571cc3f49d7e9fcf2ff5b73f18c955d2f12f259b81c7ed1face3b2a8a71ac7c27058525d692615

Download Submit
C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll

Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\156887258BBD6E1FEF562837733EA04E_5BBC02CEDFD3F7AC9E268D830CF231EE

Filesize
2KB

MD5
62c5cca9c8b934e8b4dc220ac36f8ac4

SHA1
60151e9261c22fdbd9d956612fec64df9fa5c3ac

SHA256
a7aeb8e9a37eac23da57dbe3f8769099c4384c838931a42e33d7316c0d94fd5c

SHA512
b5c04cc643ee7ad74189e95477736090f99e4c26c5d8c4e67279044002415353a6210112c064653e9b1c345b960ff8090a1923e183d3692e565f403bf5ec11f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
2KB

MD5
ed1b8c9857cb3300612b9339f6f4d22c

SHA1
4e53e144ca4e1851898b590df4853f3a0cb41761

SHA256
fba16f4ffd6fd89df324ba7a28c27fd7931d2e96c33548f1c0738f8f86f211a0

SHA512
69c55660c13829052f8e34a946c302d41c687e7300073a58c3d16033631537c5ce21653335e8925caf178bd636ac9c340ba74de23ba19c2dbeb9ae608e6033cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
1KB

MD5
8515f6b60a6e8becf75da139b0767c36

SHA1
a926e7923af47636662c56e51ec8e0485d0e7b61

SHA256
42f8b46499f0f8fd94833336b4bdc1e908cb2b6b719d72229764bef52b80a6d6

SHA512
67450b06ebcc344b6eee9e5913a741161b1cf081cdb0d4ea5a6224735b2d490c46f1cb4783299265ec13212672af49de8b271b284951c9c229c700468ed322d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\156887258BBD6E1FEF562837733EA04E_5BBC02CEDFD3F7AC9E268D830CF231EE

Filesize
458B

MD5
dfa66a07d6b251218a57a6f98e0b0144

SHA1
721afbc3ef1eb20319a60078b2d37bf935d269a2

SHA256
7510980268fc40371c0983809d7adabb85b8a69abcb4a01b2d95ca55379e25de

SHA512
a86046ce90cd662cc515377e4f141f63a705b8a4eb6632907ca01c47b545b04300e87d167065063a4e07463721debf323476a8028ed36f9a916903642be774c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
450B

MD5
0a998b7c95754c80fd0e23dae659e5fd

SHA1
b4fdc7bc1d32a2f18a561c370c3fe00dbe334c26

SHA256
b72e6369bb7c5d44bd05c27a7228181ebc43793bbf1eafd8d7970a02ca3592d2

SHA512
a342ab0ec1c8f7e781896700040fc6291a808282a7b79f44a2bca7cbac06ae9521c8bc3b1fc5775d9a5ce61fd960a0a9a0bbcfa6c91e131c80fb8a950dc56929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
458B

MD5
d55de5cd29f683edd857311bf64bebf3

SHA1
2d2a0c7804781aea05772f27b664dbc2e0db28d4

SHA256
1411be684ed2ea896884475bdcfcf0585a776e7aacf066181fad5b1c2d485cbd

SHA512
5147b4d281434c1687cd3a49206e5aede639e6aa53d254da8717c91fe210d06dc4593e6d001ac262d0a35c671056587fe4d35f54f3f032bc70c48d5b027ee229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f26bfb00dab9fd22a425923be5e86bb3

SHA1
86f17345055f555a72909c72ad2f01fffd6d3573

SHA256
00dcbaba6e56a736919610f6ee2f5f5cd0ed50e0757f97cd1bbf102928137e2b

SHA512
cb7b26dffbdccc15b7461dbbdfefaf09d141487b174edb893e9f03a01310778995d0269ab1feb7394749adf68d9badcaeea4dd3c0004a25e0b30fba56812b3b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a9ed7094528a32141dabeaa5bec0e86e

SHA1
ad2d1b9edb37e72a8adc6a9831d569142df46ae1

SHA256
e9e5b3405d372701bab1e91fa5543332b87263a080682fc9b54165bba8d73a39

SHA512
99019ea6b18e209769eae9a7a08212c229ca7cb1dd9bbdca9b290e99a26b517758989140d6c287e9fffe091679b8623cd0c981096da0d3ac67008eea41b1a442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
0383af22a2f70e017c9c25c29d8f6d47

SHA1
018dc3bdc4b48e8ec86f552f06289b3936f28750

SHA256
ba92285db84f8804486a093118b758347c0b53effbb229802615104852ec9718

SHA512
256573b7f8f1ffd6cfc6e6e5379a96bd0d32f5dac25889fe0592759880e3c7a0b862820aadfe00da478aabc0a5c940476a50068a863b7afc73864b64666079e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
c5e339f8e578f97111babbf07a4abc6e

SHA1
6a135fe2b860f5e7b2fa29767d0161db157babf8

SHA256
770dbc133c4cc2696634e78b43c9f191c1bb7108c9dd5fe52fc153bc039266ec

SHA512
e1bf0c0b92ae46d57ef943deab82360156fad770bfc9ee45808a1282bf6171bfd74692bec426b62c4762450ad1e4e272b8ef71557d94300be0f2736cb0e6dc05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
d1a1377997bfbafb0f4c573193dec55d

SHA1
53c4a43f249e8f8b39556ca23bf30ee779820f3d

SHA256
6b519c61a5ec939b5042b28d3a63e12881f8c0d7286841defebea34831177368

SHA512
743a52d7d84dcb0c16464fb99dcd28f4f8e3e73f3d97b44f0aa8a5d2bd7322aa7817924144dd33ee494e01656e851a09ea22a8c655caa79abddaaf36ed4d606b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f602e24806fa7d8b530f1baae564a2e4

SHA1
9d39446d06d3b15ec32eff943f7a20604a04a4f2

SHA256
cab5a47655b1f50762485ecba4a1830258fce0b6946e18ccb12b719a2c89ab20

SHA512
f8a99804e8139110f15943f089d30db6f827459d7ffe7eeb3a9d86da226267b9b29d77c7b71a19bf5266a578853bb58e2aec207cfdf364b37ec7d5da0bea772d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dafbf97e06fd60809cd5fe6eba0148d7

SHA1
1051865b5d0ea37826465ef1087d56edb137bc37

SHA256
da64b8fd3a91639446f672b1a89f8dbde9a5052eb1d798cb5ebf62017c0f546c

SHA512
631b377a7a54ba9e33c0c3bc78212b6182bd7672ea49e81bb41353417d318824c674a77d10d2ee3a3e53cc0f9101d1c6a89945c040cab47fa6a044f656d0992e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
dbad2ff5dfe184af76f31d1e33748c11

SHA1
b0c6665688bd6c6ea79d5d8e3cac0eba8284b483

SHA256
919853e90fad23f9c71d1fe65accfe076e7a9a39e3791327e29969f42351315a

SHA512
af2add40e5692eb9f6d6fa3a68f64e1160832ceff1cd8f2c159103736b5dbf187a0a8e27420e4c219f80e4ec7257a29aa9b433952a7175e71bf9da22c15052d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
a0d4338781e1fd9cccd7a23f0bc5cd09

SHA1
138150a3d2ea3168757891e5da990cb1ee4b95ae

SHA256
52fd728b338ad8695e90e6bbce9b510666e0f3fd57f3f84e115ff14ece32a9d9

SHA512
6414d6f6d559b685d6fd73d452ac0a88c0f052eb72afcbb0be8fcf7bbd59c8f8bc0bced52b4879528607edad0bc798cf935bfdf445bbe4d7f957d9a6553279b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
9a10b09a2b1cd7d037e9304e5b79cb29

SHA1
79bc6912a62612941cb12ffdd479ef7a4be12204

SHA256
9058abc82fef6b6f8acde347a14a815cf2ec47e8b49ff0ac704cbe19a0b9fe69

SHA512
00429ce8541e7789e1f56d2eb75e753ba54933ec5c2e513a51287c6c5ff158bb0c91a4d1b3f155c3deeb4a31d08d294d8e9f4c7ab8ab50f07f42e77944db93eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
6d75c0e2ebb67a0ef7908b880fce1e36

SHA1
4029a892680536457ce2e4877af31e90590903d7

SHA256
21eac6e434027f936188e2dc9461131db850eac6a88044f9b2d119cf051cff25

SHA512
407f5c319276bf48023e64adeab8fb256539b2171ef65c066f0659b7f32ae735dca9bf6347de5909779ca8dd97a651fd8fa025ca7803f778dde9778486939b72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96044268d863a027894802848ed817fb

SHA1
4428d6f3be0f13f5e18c7954b4f58fa506af9120

SHA256
f3db47e37483dcf3f66584f95859073e4010bc53287b3418e3c5d80916396af4

SHA512
3d68872c529a832fb09f35b3f12cb365a3014132849d8debb21b91d47abd444f1c26c38208f0d8967669d70f2f7113822896ef7c7caab7c1096ea2cd251ea96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9457d47f85d80a3c13162b4b67553aa

SHA1
819b8df9505ae7ea28f304e3d1ba57c65c15c502

SHA256
6f37086f0eadc7fa8dbd574229ebdcad4665cab8d686c1c3ada0a361ba356355

SHA512
6db287cf23d21377d04215078166fe76220f1627a24506230db42ffa38687128805ae0642a0460f1e764194a71740ed1a9f46e417762f6f87bc5884ba6288667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c54475a05266fdf512982644c38f520e

SHA1
d568c842e067c6d0884f5196e3968db373558f43

SHA256
3076d5b1b0371a6201affc062636720854e35d895663215a3c36ea5396677bed

SHA512
3284f8b12411fbf486b326f4524cb702007e8171e735e11d03c77eefeb1c427e62bf6277178c5e62ac83b51f5e658b611ecf5265f42f6b8e23cf669da3760bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d3330f4f122d6e04cef5c92b5f1d682f

SHA1
f8a88267bc1dbdd1bc38f6d62fe1d1c5b7260e12

SHA256
a2d6212c934aafa87f3369eaac9dce8dddacfb55ca2ae231aebb5cbc79ff9f82

SHA512
07fcedd8869849cac30684358d203f41be4e310556b0ad8d665fa54ae79de11953172d29d036ecf9f4df80f4ded5ca09368b2c6606fff7548d279ae22808caeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a5728d4e7a0d8680612c0d4d2760897

SHA1
a5742e8938f3a6d0eb9230b34cef79e4a2ae43e8

SHA256
db7cca48718ebb1cce410b20831563768e5adb564c0c510f1a7c116cdc81945e

SHA512
b6f8098832d1a89e2181c07e15befb602ff42fdfcc58b0f8199bbe54a1d11b34a7440b6f20b2b84ae6574f10077353d2aeb7980197e6b978448ef70373d5bfe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
329d7e671ccccd7dce102ca200fe831b

SHA1
248962905641c560fed222ec14e7222b8f417aab

SHA256
4c8c00fcef8e3e532096c5073d9f58ef3d4b2b868ae1171716b8c5f0b9b51898

SHA512
9558921086332e3afc30dc9db6a586c54d9dd9a6670ff51356f554363a8ef4008fd7b319d3787d151211ba793280527fa5deaa0b3e106d8ec9cdc4be17c73db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d56f71da3a9e06095a539b917cdc916

SHA1
7e3397c6d954b5d333a874730e4494f7b156c114

SHA256
e8554c9900c7385e679cb710d8f9102099fccc24c330bbee5918223f84a8eb69

SHA512
dba4f1d52d24048cdde20a211684d82b7378afa356953d7e4a5060aa5b5fa419bb06d8783c00b4491f8676f5ac0864f8af9bb468adcc54515e0d66245ccee4fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32c8f8eba0e7b5de320082ef7d103733

SHA1
c0beca4c49ac5ea67844d81fda77372f53776d7d

SHA256
ba196ed6fd7128b6030d9aec1561a7057761e15e2e06fa8fe30d6bdc704f4176

SHA512
e85728b0cc51457c8bbf23fb895d3d67a1d97c552e1a26606d47a8c0ed5d60f9dbcc20526e061a7acd0ef4c72de588a7c85c1c885b43134babe4c2bb97a11dfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98d42b97a39a3b9ca97d9174ca76ef51

SHA1
0c7c1e3a91667c51e54c8b465f5faebefd7b1316

SHA256
d4757975c67afce4578078a4553b9a76d29dafd163d383c6e5cda148d54c012d

SHA512
dcbce89473eccc12c9e8dd0cbb6d5083030cf7fd47cc78bf469ad57c2e656e9713e45bcd8e7581fbed2f49a5b63ee31e83d637b84d629b8cfb23c121328be40c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
7b6d9ca7d5ea8aab78eed9b2d362810c

SHA1
ac70fe8f9df3d3753855e0f9c885e52354a2e2f8

SHA256
5f946250a93e7dd39464a54d19285df0520b385129013c38b3fcccee197e1bdd

SHA512
cb01c4fb1870b9181a96e4412da2a75e8b6c608e2e86dcf9f241b8e9294a0ae5a9d204f5c46795aafec4e3aa6970c0b305b191be5b1c72f955aef9c3ad8f3a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
36ce822d1ddeb397e2ab7fa10f2c0823

SHA1
f78a5b686719bf53b9a4bdfbca073884b8fb5c9f

SHA256
c89938ca2476b4234fa1deb6690837d25df2a84ad5e01daf1c18423d41ffce3d

SHA512
d4d2b2309cd28722b455dedc26bcedfe80e1301edd293f106cc33c726bbde667f3019599fac0fc4b61d8a25c07f2d8300c082c6f2894950beca339d0a751e644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
9b40170e72d907d497b7d59092e5b770

SHA1
7238bbb75194ab61f4b94e5461d31db2faf58d19

SHA256
49cbbeab8fb4c3284c3c710be6d1472c761618b5bb1adf5cea34115ddd10a2ad

SHA512
58b041c79094f7eb4f8114eafbf840948d9fd929bf092422ea49c50ca5bbe7a52ef2a4197b47531243b136ee69f5f1ebd721d9d28228489154127fd850830c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
eab7ec8f45ae747366005080d9e7015f

SHA1
adc824eb9f491a361d3e9a2646dc46ba5b8cb812

SHA256
c6c136a67c67cceecd7453b0cc0404465aff19ee1819afbc1f5eea09d5f9401a

SHA512
a7b8e12777ca39034c6e7e6cc0de9537ec758505b9e0ab80afab070db1588dc2c4ba2da6e8458d74f04a753a760ba202ec20b49dde8f48ebe259055701895dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
3bab38da253aa73299d7fc51ef7cbe8d

SHA1
4be98c1c5caacb2ecb547980d2120819ed058c53

SHA256
783e99b962af36c419cd2f6f667265069c1934e349f7cf22979fa5cae017d96d

SHA512
e87b988b87924374e35730a01f159e1fde52e59848442535e15527bdac84278df6a8d191657b468e4e9fdf2f80680f3e93f8a61dad62492874543a50a8acdf5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Unlock_Tool_5.8.exe.log

Filesize
137B

MD5
8a8f1e8a778dff107b41ea564681fe7b

SHA1
08efcfdc3e33281b2b107d16b739b72af4898041

SHA256
d09cdd05da4e3e875d3d5d66c542404519759acda2efa7c00ca69aa3f6234de4

SHA512
a372330793e09c661e6bf8b2c293c1af81de77972b8b4ba47055f07be0fcdfe5e507adbc53903a0cd90c392b36fe4a8a41d3fea923ad97fa061dbef65398edf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECAC8902A\locales\resources\Data\level4.resS

Filesize
128KB

MD5
64d183ad524dfcd10a7c816fbca3333d

SHA1
5a180d5c1f42a0deaf475b7390755b3c0ecc951c

SHA256
5a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a

SHA512
3cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e

Download Submit
C:\Users\Admin\Desktop\Unlock_Tool_5.8.exe

Filesize
274KB

MD5
b9db8d2c863446a9731f2ca5dfffa182

SHA1
e124a2e43d826f41fba6a893f8d42369448fa378

SHA256
c54a154a0927237e7e036ec08f587fa64bcc00803db1900fd2db98ff7dd44737

SHA512
6c21b3ee8fa812ca6d224f46714a16761923cdbb1872998e97b7349197ed6bf8d886f5b71b828e1a546f029b4cb6b5285e0c768e3da32582ed09aa94c7f7473f

Download Submit
C:\Users\Admin\Desktop\locales\resources\app.asar.unpacked\keytar.node

Filesize
691KB

MD5
c5c99144e2e1589628e14999ba59ad73

SHA1
9c80f8de6b5cdaf38677d5368b5287bacb9e465a

SHA256
90e35de89ab5e5f9290e4ff1bbadcf221a82b2aa0d9b922187dc980adff3c831

SHA512
0bcb99953397c6604d8e08bf2ba89248ee82f92436c2dcc779157b65227b0e1350927273a1b6d150a9db914d0a8830680df05ef651ee291b40657a3025a721c5

Download Submit
C:\Users\Admin\Downloads\unlock_tool_5.8.rar

Filesize
43.4MB

MD5
121ca5b375ba05814dacad99647ef9c3

SHA1
d35249a099628beda6ca971a693443d2a62c2c46

SHA256
c28849911013aa447cf0f9dde2ce767a88a1da0c8f0a51b6fe50830243a53643

SHA512
6cac27aa08b2ff1a84133645634d02997a8b9ebddf137ecf074d1e23bf93d500b49e0f991a12a76cdeaa680a60fdd37f22bb4f079d762f73f15a3bb214937649

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
memory/2524-1005-0x0000000005160000-0x0000000005704000-memory.dmp

Filesize
5.6MB

Download
memory/2524-1004-0x0000000000270000-0x00000000002BA000-memory.dmp

Filesize
296KB

Download
memory/2640-1040-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1051-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1065-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1066-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1060-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1083-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1084-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1059-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1057-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1108-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1109-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1052-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1120-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1121-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1042-0x0000000020420000-0x000000002067F000-memory.dmp

Filesize
2.4MB

Download
memory/2640-1061-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1041-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1011-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1009-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/2640-1007-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/4396-1129-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/4396-1130-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/4396-1140-0x000000001FC50000-0x000000001FEAF000-memory.dmp

Filesize
2.4MB

Download
memory/4396-1147-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/4396-1149-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/5076-1128-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/5076-1131-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/5076-1139-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/5076-1132-0x00000000226E0000-0x000000002293F000-memory.dmp

Filesize
2.4MB

Download
memory/5076-1148-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download