njrat | hxxps://google[.]com

max time kernel
436s
max time network
440s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
12-09-2023 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

10^/10

njrat hacked evasion persistence trojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

5.tcp.eu.ngrok.io:19587

Mutex

d8c514f6c639c3b8951aabb752c3344a

Attributes

reg_key
d8c514f6c639c3b8951aabb752c3344a
splitter
|'|'|

Signatures

njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
2684	netsh.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d8c514f6c639c3b8951aabb752c3344a.exe	saads.bat
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d8c514f6c639c3b8951aabb752c3344a.exe	saads.bat

Executes dropped EXE 2 IoCs

pid	Process
8	DCrat-main Crack.exe
4272	saads.bat

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000\Software\Microsoft\Windows\CurrentVersion\Run\d8c514f6c639c3b8951aabb752c3344a = "\"C:\\Users\\Admin\\AppData\\Roaming\\saads.bat\" .."	saads.bat
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\d8c514f6c639c3b8951aabb752c3344a = "\"C:\\Users\\Admin\\AppData\\Roaming\\saads.bat\" .."	saads.bat

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops autorun.inf file 1 TTPs 5 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\autorun.inf	saads.bat
File opened for modification	C:\autorun.inf	saads.bat
File created	D:\autorun.inf	saads.bat
File created	F:\autorun.inf	saads.bat
File opened for modification	F:\autorun.inf	saads.bat

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133390195184460368"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4724	chrome.exe
4724	chrome.exe
1816	chrome.exe
1816	chrome.exe
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat
4272	saads.bat

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4272	saads.bat
780	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe
Token: SeShutdownPrivilege	4724	chrome.exe
Token: SeCreatePagefilePrivilege	4724	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
3056	7zG.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
4724	chrome.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe
780	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 4716	4724	chrome.exe	69
PID 4724 wrote to memory of 4716	4724	chrome.exe	69
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1472	4724	chrome.exe	71
PID 4724 wrote to memory of 1348	4724	chrome.exe	73
PID 4724 wrote to memory of 1348	4724	chrome.exe	73
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72
PID 4724 wrote to memory of 4904	4724	chrome.exe	72

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffef8739758,0x7ffef8739768,0x7ffef8739778
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=256 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:2
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4404 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4856 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5072 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5116 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4932 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4664 --field-trial-handle=1744,i,3027093894430860195,6670222511252820582,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3616

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4200

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap30431:68:7zEvent13098
1⤵
- Suspicious use of FindShellTrayWindow
PID:3056

C:\Users\Admin\Desktop\DCrat-Crack\DCrat-main Crack.exe
"C:\Users\Admin\Desktop\DCrat-Crack\DCrat-main Crack.exe"
1⤵
- Executes dropped EXE
PID:8
- C:\Users\Admin\AppData\Roaming\saads.bat
  "C:\Users\Admin\AppData\Roaming\saads.bat"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops autorun.inf file
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4272
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\saads.bat" "saads.bat" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:2684

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
44KB

MD5
d716b6013bc03f1e4fe2d5cd719c595c

SHA1
01347f66988db64e410b5ce8b8a8c353ff059296

SHA256
fc8a8b1cf010979eb77a33e4c8fcc744a884fed8147a326bcb39f7ee9aeeb32b

SHA512
cad4f0b076fe741297b4d1845013cdb7e7f092202f1e8b9c23532623d7b73bfe8c7c37af5078bc6d571e4b7276e6510a340838d34e84c470f6405281c7f2e9ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
39KB

MD5
f2076aee264cd170e1dbf8199a212b24

SHA1
1d148ca799d92254a7b220175ec646da5fba948b

SHA256
b71e5fe5c42f5926533698a38fee50cb5eaba3cd7f17801327934d9cd8fc7715

SHA512
5a10c0877ca7a4348d8fb194bd27634bbe270a158840e5780408aabe9c34e4ac7ea5673aaee166656b48f4b7000a048dfb6c806743acc64297bf2a5c2f0e8714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
32KB

MD5
04cb676d26899df8beca1fb9da675b11

SHA1
ef369339c3643b564d8c5234dc24060c8f027700

SHA256
0112d431af82a350fbbf05dc09f67eb57639e82959d31488fef908cfc4df60c2

SHA512
55579fbad58fb0d45c6b077627954acac1772bfec2ee6b91f03e9ebcca046eee4c1fc5de4abadf4af117a43be25a10384f08689daddd7a2ae88cfb6f7337c5da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
26KB

MD5
03f23dea324e6a2027c146d66037d1e2

SHA1
1ddca456e407fc3d07db78be9decb1bb36ccf77a

SHA256
4ad3cbb2f12576fe8a1250c5688ea8a1c29f120f0755c2f66b76d36c9bd7f05e

SHA512
18320e666de94edbaac8df776b3b762449b3daebddb5e99ccfa25b9c02c217878759d0d586c9d72fe10d29b52cf4fc7e96a00bcf270c2d49de92d919df2c5099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
19KB

MD5
49943bc015e9713f646c021a2f9a7f48

SHA1
7bcd637eb823b04c425775fa8c914e8b8f2ac2a5

SHA256
f6e0b13ad81727a0d9317a3049fd06ecf2c473060e9d6e4f8eb564a1d82ad289

SHA512
2203c2dbe9482b0b351a3f70ea0ba9f63dcc87a66d4a4db63a060dd7dd04cb73a73bced407d57c2bcf26cf7ed78b18c7555c87b22db9bd744cb6491cd040305d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
59KB

MD5
3af456969e5ffd8955773b6e522c1ad6

SHA1
c0fb7efcd404d59dfe85ede5d10f06f101d57b02

SHA256
226721c69e4e18a9f10e3362ce12b57762472f9f5e49196454e8f0a1364c76c2

SHA512
eaee632e2bb840477bd7f1d67a62ac5f79afb3cffc181092b9460cf972ab685952176d769903863c84d270c1baf2226abbf44802bcdc3d58a5271ea8170c9d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
17KB

MD5
2ed573fa7bbf4c0d0cdb8759a5c07f59

SHA1
e3f97dd2260d1d3eb9d58fcde64bb83c3966e969

SHA256
01beb0df4815b98a01628003ce71809680cfe4044a25d3e0f16f0f2e70a8d50f

SHA512
5fc3f840dab2da001fbfe6dd8fb33d44882ae4781f1ef88e84ca9b31d7128fdb5e794bfe3741487e7a9575b7b720d1a49b59a56374b94664b8e2ab35cdc36c26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
08813b23fbc643edebdb68152b17a36e

SHA1
5bdc5154c98208a0a8d50ec6daa13a3d193a4f01

SHA256
50d994ea54d83f190553df348942400faf561818dd4eb5984542e9c6f4bb032e

SHA512
dd3cb8e2bf93cef58cfb4735dad8a13f730c8ff53146ad61956f06dd8c6b99acff532e47e96ba9fa1cd99a3c805be163bd71c2d852cc167279c29555550a3627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1adff978620bff12d185a3539c9f16a1

SHA1
7e606ebc31b24f698a82fc1e5e0d5f8be39c0866

SHA256
4b040c81ceb736fda807c42314edc8602549707967247fbf73e0ec321e0c7cf3

SHA512
bcae01255fa15d3fcd6131c4bf8b3b8fae0ea6334b2b84791a250f9e427f98fd3b17bfaf37ace42813f9dd214d47765771455cff95d10800a449e4d960620292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a9518c4a6a23469f990e4409fbfbaca4

SHA1
8ab6290c18bd931f94f185c5028a6876239300b9

SHA256
06e1ea14b52d865643272b5c61a2fb9554ffd54f3620855438df2e0be0cfbe20

SHA512
fc4ce42053b5e49cc5bcd0695c11ca6e073ab46df4128a4a8d5d3db3a042875002a544f4d4686218b07228f4a891914634f6012d75dc0baea9a5555d0489cc3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
218249e53ddfa2b83840323f38785684

SHA1
9e4920d6e68ebfc15650fecb9413013543c1a045

SHA256
cac3b2fe77e94e84f60372c550fc59ecaaf9cc5f5cbb261b51c27a23ac5730e2

SHA512
785f4b2c382d1a714ed3541eee11866723ba306f7ada62950f78ca1115785d1e6ade6c3361a04a69a5e98dffdc78352c04008537b6be6d063a9264b717dae2ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
347566c44c3921aef9a7e1698542b4af

SHA1
492d3bb70424243dc4189fd5dc2f4b5c2578ebf9

SHA256
d96e373b5d21ea4e333a46f66285983fb6848f8269e1bf5748e1af8f47a8ba7d

SHA512
d7684ca956aed876729a91f8d85d9f41d845ff4bcc3fbd921ea5efc34bfde0d75d2f15a834a89fafdd690a8e82d691dab88ac0c5514d6d161b3b1d0f9f242b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2f1f6d6d5a96e19f5e408ce6b6ff2885

SHA1
8194ace14362b8d660902cf25ca2f1869fe465c4

SHA256
ba01c825253622177a8d8d9e61507c22f818bccd919ab45b9705c7e8c3e7fd38

SHA512
7a42969dcb30591803eda26e9e2cb71b5593e1d8ac5dccba09e4ef8a766e35d7d2ec68d1ea38c07f474d011a413c7a595323f1d34f3a8463a8d7ef6046eb9432

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
3628758cd1d49363b9eb311d3942cd6d

SHA1
006dd6aeb4ea47ccf80fa7fabd891277a7c50f69

SHA256
e48d0f9a739808832eafbbc96d87ed9f8a36a2831965881783c3dd28551060ae

SHA512
de0ccef99c2d8afe259cdfbd52eaeb22ccf2960e36f140e62e736dcd8120fd3f1d35fbc67c9bc62a2697d5a5c5c55eaf3fbc368f016d9fe0bed051d46542a77e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
506d46b9640b7fe61bf436b7151b7392

SHA1
791e7b21555e224398cfb3447841ce16bb828157

SHA256
83aad54e41f7c922ee464f701ab4671e861d68f4d1f8f3ae4290662e1ca77617

SHA512
d7359c84a2c907bc4a07e7e2ab9fa00ecb9f878602bed04f1f0d0ee74f444ecead14efc4e7fc3a2dbf611c1a780e4d4a0cee0d638518f9effeb36da4887d857a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
28539b62efb47a6c5e626c6b8a342583

SHA1
4ed64181e5c0912dbe5c850aa9bb0ecb9259aaf7

SHA256
1765836b096b4c0feaee641998d4b9b90ebba35aa2fc71fa6ca1158cee10800f

SHA512
b89b3cd190870e81e64a3f41968b197d5067accd57b3f022b598b402df360de8a346728315c7334e52f1273f7cdfb0d0710bf596d396a52b3cb1c33afbb452e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
808e62dc7b2015cccd1517f6b0b77487

SHA1
60d062d75449f62772c16cfbb681a58a1ba00988

SHA256
0965291c074ddac3e7c72758a3e4b83dc878a7243e8caf6792cf49a8ca7c96e0

SHA512
07111034d1e8581b28a868dd9c2f91906007fb1e5a9d210341c964affecaeba63cf16c710e7d57def41b9b4fc47414c558ab7a651b5f92cd05d5135376705740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f3378e7d231c6aff081da7270f4f8ee2

SHA1
15f54855591e944fdfcedb332a0ea131e0c547ad

SHA256
369524ee7ef0b0193f43aede1e1decdc72bc4ef8aa3169fc9e8617fad590e7d3

SHA512
78e665bc23821677c1fd244cadaa7aedd2165bddee1b0023f9da0f2ce27ae4524d33658511b128786742f93b61493634bdceb15a73bcc454ddbd9656b2641c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f54fbdd63a2753ce0e9523e2309a6bca

SHA1
f798d17ac8e2a6f4fe5480c572dd1f0a245d6282

SHA256
3a3884df87d491538d357f8eb2adc13e42210ffddf2165c870f5ee078759942a

SHA512
ce030427968f4649e05fb9cc0c7097cc8a4d7badba25ffa96ebfdc69ded91852447294f5a621472cb72d5bc610aab3a630598a100af5e0c78784e9908a0ba55b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c84f88a7ed2d756e3b5128f661846fd9

SHA1
1bca8ee8ff755a963a0f174746d3b96eede165d3

SHA256
8486defdf8e4a88fff58010a0fe4c3e14064b453aed7949bdb3c0f7604b93212

SHA512
43dd72636d87735951030449593d2c4b8a13db43298f0a0b0debb79fdcf187085ab8535a1fd73ff30022b937d318e128053ff74314e8a0349e3c117e71e27f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b35df2d5d652d289f2a08b917e7e1136

SHA1
06f7c06b9c3099430e0b2507b0975ce6b7389513

SHA256
b75fa5e8fa8722cd0c7d242e8479f84791a9b19ff1a8420edeac2346995932cc

SHA512
8897ba4d35e4c68a3e416926b0809496af134755459729a5a74669ed9b7e7ee2e6b0dac356772d7d4649c7799eda1b3395e164dfb13d4c5d7a87725dc0891853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
231e2b6b60f09e9d2c7745f80e962ade

SHA1
55485232586595652a3bdd61088da2e07b49612e

SHA256
5e2c98cff00c98b0ff215adadb5fed705aa965003fddb0e633f16ef3a68d8e63

SHA512
9541086a2d24fd0435bfa5264b77a5fb82a7d9f00fa4026f1044145c7eb1141f843c56688af4e25b88ef4bfe59a245308086d3714e216c33d4bd98e6b9ff6cda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
9ec6fd3c5448660bc6ee8f23027b7e0b

SHA1
48714a16e2b99f17f5626e6d9a91b36f6cc41f25

SHA256
47e20bb70b3ffee5aa246b48f89ce7ee667f3519015953dd3d3cd5dc3ea2f68e

SHA512
07c207d72632d116846df9f74f26dc991a9d64c22e57c25d24e72318e432b8eb6ae87fe9c053d7d595ea832b7800a60a54e455c1bf989f24c5b1d385184568f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
befdf883afd2e34ec07e8c502e71b035

SHA1
fb78a707d60fc5f5dc351dda676c33697561806f

SHA256
511046406c1631127a541d2351b597be32f47a4ad0096b222a98629d5f9df78e

SHA512
f5d936b963e1a948802cc44cb2ba04dba518fb411736787201e6bafdb6ff74c5875ef6c8d7a8ea1ea66bb8db854a5f24a15f01476a0f731e38503338ddfcb0fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
50b7919b2c9b645b3da878438f6f2de9

SHA1
e9bdc147b3f626faa309c260caa52ad8668418e6

SHA256
cff7826db7d7aeb1fbccf0f8eab6d2345f0f6baa17cbe1d2b313d5e3c0b881d6

SHA512
c5294375e16445f8d3b961a61fc515c94d3b8c604499c569871ba970cc5092002a2cdde49630e0a7aa7328cdc33666424cce25aff395540694d0bba326e9b2f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58775e.TMP

Filesize
93KB

MD5
80d70b3228c7585e5d4e5ceb4cb5a059

SHA1
1b396c6fc3e4390356c0adee3142efc5365b1fcb

SHA256
d3d0c313fb18e62de05202f4e3cd53870f95b5b88d8733dc6dbf93540375af36

SHA512
57f22123d083b025e7cb310c94c843dbaef833b38b959baadff2bfba4fe9ed98a56f1685d281a190f0a98b281617a4a506f16e813daa8d1dabbbf5aa789c70e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\saads.bat

Filesize
37KB

MD5
744e1221f6467d0b7e73a10f52e6cd6c

SHA1
33e85ae9412fa870e5d6de31502e7d48c64ce224

SHA256
31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b

SHA512
704389db8c842344a21c4563f1154b57bf208466083b1fded330c4f53b7931fdb216e1e8dada0733729f8ac7aebf1047e77d7c96d2b6950b7bc69872b93a90de

Download Submit
C:\Users\Admin\AppData\Roaming\saads.bat

Filesize
37KB

MD5
744e1221f6467d0b7e73a10f52e6cd6c

SHA1
33e85ae9412fa870e5d6de31502e7d48c64ce224

SHA256
31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b

SHA512
704389db8c842344a21c4563f1154b57bf208466083b1fded330c4f53b7931fdb216e1e8dada0733729f8ac7aebf1047e77d7c96d2b6950b7bc69872b93a90de

Download Submit
C:\Users\Admin\AppData\Roaming\saads.bat

Filesize
37KB

MD5
744e1221f6467d0b7e73a10f52e6cd6c

SHA1
33e85ae9412fa870e5d6de31502e7d48c64ce224

SHA256
31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b

SHA512
704389db8c842344a21c4563f1154b57bf208466083b1fded330c4f53b7931fdb216e1e8dada0733729f8ac7aebf1047e77d7c96d2b6950b7bc69872b93a90de

Download Submit
C:\Users\Admin\Desktop\DCrat-Crack\DCrat-main Crack.exe

Filesize
37KB

MD5
744e1221f6467d0b7e73a10f52e6cd6c

SHA1
33e85ae9412fa870e5d6de31502e7d48c64ce224

SHA256
31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b

SHA512
704389db8c842344a21c4563f1154b57bf208466083b1fded330c4f53b7931fdb216e1e8dada0733729f8ac7aebf1047e77d7c96d2b6950b7bc69872b93a90de

Download Submit
C:\Users\Admin\Desktop\DCrat-Crack\DCrat-main Crack.exe

Filesize
37KB

MD5
744e1221f6467d0b7e73a10f52e6cd6c

SHA1
33e85ae9412fa870e5d6de31502e7d48c64ce224

SHA256
31c37ff61aa322192236c9672f09e3d97b6e6e09c5019077df7d0567d4c0b48b

SHA512
704389db8c842344a21c4563f1154b57bf208466083b1fded330c4f53b7931fdb216e1e8dada0733729f8ac7aebf1047e77d7c96d2b6950b7bc69872b93a90de

Download Submit
C:\Users\Admin\Desktop\DCrat.rar

Filesize
1.4MB

MD5
dadb31f9cd6b19e2aa650eabcf03fdce

SHA1
f8b860ac70adb921a96408ed564b7426b9eabd96

SHA256
33c8efdf697a2bf43e2aace180bd3512e51e422aa562c6a3ecb0b04d893ea656

SHA512
e2f2599a5ba122b5c54ddaf65756a92b360217e9cdbcc3cbea0f3319a78e6a3be4be8292dcec5716882a6b46947fd517f15d7f4a25574a8e927ba1ba6c825246

Download Submit
C:\Users\Admin\Downloads\DCrat.rar

Filesize
1.4MB

MD5
dadb31f9cd6b19e2aa650eabcf03fdce

SHA1
f8b860ac70adb921a96408ed564b7426b9eabd96

SHA256
33c8efdf697a2bf43e2aace180bd3512e51e422aa562c6a3ecb0b04d893ea656

SHA512
e2f2599a5ba122b5c54ddaf65756a92b360217e9cdbcc3cbea0f3319a78e6a3be4be8292dcec5716882a6b46947fd517f15d7f4a25574a8e927ba1ba6c825246

Download Submit
memory/8-666-0x0000000073DE0000-0x0000000074390000-memory.dmp

Filesize
5.7MB

Download
memory/8-650-0x0000000002E80000-0x0000000002E90000-memory.dmp

Filesize
64KB

Download
memory/8-648-0x0000000073DE0000-0x0000000074390000-memory.dmp

Filesize
5.7MB

Download
memory/8-649-0x0000000073DE0000-0x0000000074390000-memory.dmp

Filesize
5.7MB

Download
memory/4272-668-0x00000000010A0000-0x00000000010B0000-memory.dmp

Filesize
64KB

Download
memory/4272-669-0x0000000073DE0000-0x0000000074390000-memory.dmp

Filesize
5.7MB

Download
memory/4272-688-0x0000000073DE0000-0x0000000074390000-memory.dmp

Filesize
5.7MB

Download
memory/4272-689-0x00000000010A0000-0x00000000010B0000-memory.dmp

Filesize
64KB

Download
memory/4272-667-0x0000000073DE0000-0x0000000074390000-memory.dmp

Filesize
5.7MB

Download
memory/4272-706-0x00000000010A0000-0x00000000010B0000-memory.dmp

Filesize
64KB

Download
memory/4272-707-0x00000000010A0000-0x00000000010B0000-memory.dmp

Filesize
64KB

Download