asyncrat | hxxp://google[.]com

Analysis

max time kernel
1047s
max time network
1020s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2024 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

asyncrat stormkitty default discovery evasion persistence privilege_escalation rat spyware stealer themida trojan

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot5344934242:AAF3rLeFDCGd-IVKJG_PU99MSQjdKyNgeR0/sendMessage?chat_id=1619136628

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0007000000023d42-2115.dat	family_stormkitty
behavioral1/memory/3568-2256-0x00000000005D0000-0x0000000000600000-memory.dmp	family_stormkitty

Stormkitty family
stormkitty

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x0007000000023d42-2115.dat	family_asyncrat

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 4 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Loader.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Loader.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Loader.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Loader.exe

Checks BIOS information in registry 2 TTPs 8 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Loader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Loader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Loader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Loader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Loader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Loader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Loader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Loader.exe

Executes dropped EXE 11 IoCs

pid	Process
3976	CraxsRatV5.exe
3568	crack.exe
860	CraxsRatV5.exe
2140	Loader.exe
2272	CraxsRatV5.exe
3560	Loader.exe
2984	Loader.exe
2144	CraxsRatV5.exe
1696	CraxsRatV5.exe
2668	Loader.exe
1968	CraxsRatV5.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Themida packer 34 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2140-2638-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2140-2637-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2140-2636-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2140-2640-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2140-2639-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2140-2642-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2140-2641-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2140-2643-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2140-2644-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2140-2654-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/3560-2703-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/3560-2701-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/3560-2704-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/3560-2702-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/3560-2700-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/3560-2715-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/3560-2714-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/3560-2716-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/3560-2717-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/3560-2718-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2720-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2722-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2723-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2721-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2719-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2726-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2725-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2724-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2736-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2757-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2767-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2789-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2799-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida
behavioral1/memory/2984-2831-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 4 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Loader.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Loader.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Loader.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Loader.exe

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini	crack.exe
File created	C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini	crack.exe
File created	C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini	crack.exe
File opened for modification	C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini	crack.exe
File created	C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini	crack.exe
File opened for modification	C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini	crack.exe
File created	C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini	crack.exe
File created	C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini	crack.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
270	icanhazip.com

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
2140	Loader.exe
3560	Loader.exe
2984	Loader.exe
2668	Loader.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chcp.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	crack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chcp.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
3868	cmd.exe
3280	netsh.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	crack.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	crack.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133799817757564265"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{3F49C063-20C9-4EB7-8995-BEEBFE7218DA}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	7zFM.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	taskmgr.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2036	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 59 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
4252	7zFM.exe
4252	7zFM.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
3568	crack.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
4404	taskmgr.exe
4404	taskmgr.exe
4404	taskmgr.exe
4404	taskmgr.exe
4404	taskmgr.exe
4404	taskmgr.exe
4404	taskmgr.exe
4404	taskmgr.exe
4404	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1768	7zFM.exe
2392	7zFM.exe
4252	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
1768	7zFM.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3976	CraxsRatV5.exe
3976	CraxsRatV5.exe
860	CraxsRatV5.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe
60	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 3008	3456	chrome.exe	83
PID 3456 wrote to memory of 3008	3456	chrome.exe	83
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 5064	3456	chrome.exe	84
PID 3456 wrote to memory of 2756	3456	chrome.exe	85
PID 3456 wrote to memory of 2756	3456	chrome.exe	85
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86
PID 3456 wrote to memory of 2900	3456	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff979fbcc40,0x7ff979fbcc4c,0x7ff979fbcc58
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1864,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3044,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4500,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3028 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5008,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4484,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3316,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3380,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5200,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5320,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5472,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5876,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5948,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=728,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=724 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5724,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5500,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5968,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5460,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4472,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6436,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2992 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5612,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6392,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2376,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6608,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=2776,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=3304,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6216,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6600,i,17846518748453139633,7787510718819181715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  PID:4596

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1304

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1776

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CraxRatv6.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1768

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CraxRatv6.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2392

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader.7z"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:4252
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zOC90FA91D\anonymousdevilsec.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2036

C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\CraxsRatV5.exe
"C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\CraxsRatV5.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SendNotifyMessage
PID:3976

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\Errorlogs.txt
1⤵
PID:4852

C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\crack.exe
"C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\crack.exe"
1⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:3568
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
  2⤵
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Wi-Fi Discovery
  PID:3868
- - C:\Windows\SysWOW64\chcp.com
    chcp 65001
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2968
- - C:\Windows\SysWOW64\netsh.exe
    netsh wlan show profile
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Wi-Fi Discovery
    PID:3280
- - C:\Windows\SysWOW64\findstr.exe
    findstr All
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2220
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3156
- - C:\Windows\SysWOW64\chcp.com
    chcp 65001
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4624
- - C:\Windows\SysWOW64\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:2612

C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\CraxsRatV5.exe
"C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\CraxsRatV5.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SendNotifyMessage
PID:860

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:60

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:4404

C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\Loader\Loader.exe
"C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\Loader\Loader.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2140

C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\CraxsRatV5.exe
"C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\CraxsRatV5.exe"
1⤵
- Executes dropped EXE
PID:2272

C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\Loader\Loader.exe
"C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\Loader\Loader.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3560

C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\Loader\Loader.exe
"C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\Loader\Loader.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2984

C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\CraxsRatV5.exe
"C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\CraxsRatV5.exe"
1⤵
- Executes dropped EXE
PID:2144

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\0479a9659c794dc282cc5a6cfba0c5ee /t 2472 /p 2144
1⤵
PID:3928

C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\CraxsRatV5.exe
"C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\CraxsRatV5.exe"
1⤵
- Executes dropped EXE
PID:1696

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\2497f488773d49f6978bfc09777f439b /t 1280 /p 1696
1⤵
PID:4716

C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\Loader\Loader.exe
"C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\Loader\Loader.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2668

C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\CraxsRatV5.exe
"C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\CraxsRatV5.exe"
1⤵
- Executes dropped EXE
PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\18937e0d5437c8b0807e3d4db6a74e51\msgid.dat

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Browsers\Firefox\Bookmarks.txt

Filesize
105B

MD5
2e9d094dda5cdc3ce6519f75943a4ff4

SHA1
5d989b4ac8b699781681fe75ed9ef98191a5096c

SHA256
c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

SHA512
d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Browsers\Google\Downloads.txt

Filesize
249B

MD5
673a2f54adb9ce6f80adbc5125efb2af

SHA1
7d868ba152c1fce8eaddde49c80213ea6109e869

SHA256
57d41e43611c9c0080787d517dd031507b23be7f956f38b687c1be81f1525a2d

SHA512
71d6b1d864c1f17979606f403c33c985ee1bea659a5ea0bf63bb5aba2937e0d3e1e1d19ad60bf250648dd4692fafa9b44e0a4b45402b8dbfa7202ccbbf7454b7

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Browsers\Google\History.txt

Filesize
1KB

MD5
4140851fd6d6088c97990a51e6f91056

SHA1
5bd6269e3686acddbb778878df60df8ca4049f30

SHA256
ef45c643ef298f9b30b14cf7db710f8efc3694738bb8d9548b95a67ad1b38729

SHA512
ad0f11c2a00b26119c9dccf5ccd37288b4d34641e76a63cd59c24ac3da77d99803b947c13d2043b9a85bb5cefc97237defee43a8f15292de269e895d729b4518

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\alarm.png

Filesize
4KB

MD5
2e996b58f05c5342719cdf94431d952c

SHA1
62c89b9798a1510fd3b3b1dd22e2a981b5d9cd01

SHA256
c4e01f050753312c9121d5a3ec9adabc599f224b26889e611e5822dc5b297354

SHA512
88db9d923c58fd32c574e6a6807b25eceea4f5274af938c7fc69557bc63dcb22def06136cb801dac3bed96a9579b8f0de38e1003a1f81905ff92c6243be86173

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\billing.png

Filesize
3KB

MD5
15b1289a3e727147dcffae2294c1153f

SHA1
885fe6adb213af427df7bcdf7216172dcb1cec1c

SHA256
7613516fd063bb70c4ec415a2751f6eddea1065b95f4e5a4f3a67dff07daf4fb

SHA512
079d32b2d0c7af047562bacd59302b03ea84f91daf1aa19183e6fd2267035a224168cd85f36550456a2a3c342d6c74012b6b31925a05ef815f4cdc5093930c95

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\bookmark.png

Filesize
4KB

MD5
42e9dc967d457638d3e3b1ff7277b737

SHA1
272a13145804b77902045f05b09b154e02433d0d

SHA256
166ed3847cd3b10672ae2d086fd75926271223e7c6856713858912cb3e02b144

SHA512
0e640f9ff8d296bb69d9c0b2527961bee5bf2ba285ec5cdcc64fb0990fc96021f9e9a99464b21448696532e28757076354f7e7a0733c71cf11093f7ff085dff4

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\calendar.png

Filesize
4KB

MD5
92e48e764f366b4f932ef791fe403717

SHA1
faea8ba0a915174d292f4421923d92b7cf7eb66d

SHA256
e0806736630ad3cf5d30407101e941f40dcdd01773b970a98b4a6ebe9309d015

SHA512
900558d9dc1db2686ad694fb23e07c206ce49aa0afcd3cf881a4a032cce1d38600c0e9cb9684308e0911923516c22db935895122da547d09aa4cc61b96ff1978

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\document.png

Filesize
3KB

MD5
02c5c06e4aa5952d6219bf63313b9621

SHA1
d22715147390b8b2f62633f4b2fa35d32e75884f

SHA256
89e6d150d8704cc811b8c8f1edf054e94c2dcf4c9fdf58812b4f7748833ef6d8

SHA512
7a825439cd33acf234aec984fdb49349beba4bd5ff8c219dcfef29fefb121b722e00562d3dca12d1e03fb7d6ebd143b61a491f5c6ddc145fc9da483cda61ab03

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\image.png

Filesize
4KB

MD5
7a7bdc92d046d284533c9651df2fb8d5

SHA1
04a63a92d199238c5350a7787b43ffc896cc001d

SHA256
7c3ce5028d7cb99aa7e9737fb5e903f7348083bdf2a813599a8cdb3b03cbbe5d

SHA512
b822f4e618040b5b010a953edc899baecd91b60ace4c469834bbf7f90d72c86d3e2445f966300017650086b6d4734bad9cc2e7b25a86aae4a4240927b2132099

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\launcher.png

Filesize
4KB

MD5
75739c613edb26b8221a15bf22c789ff

SHA1
3ea045fc52ef894ff43957cdc378d120bdb3d419

SHA256
2890b6a62f11a4ab90a59c72aa6183f50cd60b67d15ff84813a00cc6fbf06fcf

SHA512
52d25d987752d777b8009514f4446feb0560424ea6b66eab5a9e225481afe0ce4c79e4d25f7dc137571e3887b04733cb8421e7e56ea14d38dc2f0655d5cd6abb

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\lockscreen.png

Filesize
3KB

MD5
7d22f3aa7fa81977eee042aa35710cc8

SHA1
3f7acabeae2b193362fa299b4504dd356a0b83b4

SHA256
30888eb398a4c739e8ab24ae61ca4e63fbb9430cde1540c572cf6c7d37511dab

SHA512
604ebb15a7f93b158390fde9f508ef3210a9c120f6c317ab9596fbdde4f40927f742fa7bb4e9233ab7f840e97e0e71056b4d940ef2ee3238bd8b47f53f144b92

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\memo.png

Filesize
3KB

MD5
72ff1b3faff7bd300066ca455f94fc5c

SHA1
f28e77331e64a4973d1fdec53b4708c2bad5887c

SHA256
ef04e31a1cb4de488461ad782571b0ca7e6083bb6999ed3f32be98775d3352bc

SHA512
1ad30c4fea40bee4da28ecaa6a28cfc867f48a9fcde6c9fa5b66712e81a7c0d430405c683487bbdef6c978ebd39ac89ff1eab9c6205afdba1aaf33af6433e929

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\myfiles_thumb_folder_home.png

Filesize
4KB

MD5
3c615d0d435b5831671dfe32d4c62a49

SHA1
3155abbb99b84b981b6bd98fd62074efc644de0b

SHA256
928f5d39e6ddcb54ec1130e1849fea471736ee2192c0d969b9c88306b9454bf0

SHA512
e3addfd229c1f6b74e0d5b40474e9a78a5a64df7a3f8519d240f97580e8e986e695a1ad6766c78fda3cf604a108c9b72c56637591ea4b301cb64159e45a52e89

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\recorder_audio.png

Filesize
4KB

MD5
4afa7ee6420b5abca1ff2717c2a5db7f

SHA1
537d0dee6cab6ed1e4701d4b2404fb46e7cccf85

SHA256
5c6c3b6230b7f62f62ffce1bfb48b624997d872384dc85ac334c31a9bfd2df26

SHA512
1793608fe6495809eff1fe9a55c7ac19ca0a2db9959eae2dc94f9bfcba3a35fdd0f49e4313086aeff856d73772296409a60eeb786bb6bcf8dbf6092a41ed7a5a

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\secure_folder.png

Filesize
4KB

MD5
9a76575f16be3fefc1fe60d11506333d

SHA1
81b53e278db117971c23c2d678c582915adc6a72

SHA256
791f17af7aea3b38dd67079e51737c39a1f9a6c6dd7eb75394158369d85d6a24

SHA512
4ec06545cfb234e2d24d4c7f09874b97a693d73025603b57221e957a19468a94029886d51ea500912755e8aafaa2e960369bb6a110398621ab620efc967f3f5b

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\settings.png

Filesize
4KB

MD5
33a64342d90c574fb3f91659653041a4

SHA1
e0d149500c27e60c5981918b01d0b60d3ddc5333

SHA256
8d636da1d2531798a3e5af7d60526147429c905bfae8493480b96091c6ff1e43

SHA512
2ef2f618eb404e27470f4e28ca73377154922b019176d2bcc8436a00b16cc55931f1fd60c68e7128437780237d82c7950c8855ccdf5c3df98a2c08a697387b98

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\smart_switch.png

Filesize
4KB

MD5
75d124879a85e80fcf125b322fa7f23a

SHA1
bb995451f4fd1907d4442388c7bf3fcc4e009195

SHA256
02506b4aa60687a67f492a17ebd5357154f715ec88e4adb62ff8d9d1f9eadeb0

SHA512
e9c3e7af36a3c7c80071843fb8fc94af9623b7baee69443a01e1134f9b027829c7df55f06f94f2b6d2b0bfd1c06313e0504d0d42ad284dc2a76a21b0bb3f3dc1

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\icons\story_album.png

Filesize
4KB

MD5
246abda77bf62de5a0a4d36a4d39cc2b

SHA1
6c9c586525d126fe301da0ff93f53a52db5420f5

SHA256
10330f4cfa8ce8b33d28879153768f48a725e7598b1cd7cd80c544c726cfd46a

SHA512
fdca498dbfd6a4b17a3b265171d7a6e08c3c66fd5dbc58ac58d1f8efd47c3e16d5571f1b82bc3874e28c4f2f66c62337eb7603e6d3bd79da1c301adc258568a4

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\Icons\FillEllipse\Account.png

Filesize
698B

MD5
39e0ecdb310ee1ddb101bca1823d67ee

SHA1
125750d6fb8acd2e2fc9095000beeb7a7ac042a6

SHA256
927ac84ce42ea8dffb38d29807ebc2c0596ab845c38d75f0e0f448eaf915e843

SHA512
c27a884fc5571fa22c77253a3a04821d766b54fd2847f325d66b509b779398fb1c00b3a903ddd60aa3952a7ac049cf764f340ce11c0a3a53de6b8385411bdb68

Download Submit
C:\Users\Admin\AppData\Local\79fa1c80030de49905152229c9957af4\Admin@YQRLKYON_en-US\System\Process.txt

Filesize
4KB

MD5
783243fc1cd6c0db45f2b0cf922065be

SHA1
1f05b96b60c79263e99bf76ecc3798597711680f

SHA256
fe5caa12abc331f7b9fda23e10c687a453cbe8401554a885155a71bf55b62172

SHA512
de66b998cb80ef194c95acb07546a965a9e8f764c1d3421626e9a48df798fcef9051a6d5aadf4c26544d81693e819c8683783cd5764e76856e0bfd99fddd7eeb

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\78da87d0-3712-4daa-b7f9-4c0afa99d6a5.tmp

Filesize
11KB

MD5
a012b22ca2ae1f8cf80a4a624316e634

SHA1
6e35133463f17c27e7e84018df8a54bd651847e8

SHA256
5038ba568355d7a529794de034dea9643778d7a189f35985ee1f418b52f4c9d3

SHA512
e9c717d1a96a58bc0e9217a6513f238973ddf35b73eed077ffd6938288b40b7fa507c39a9106035d78e4b89e4a7c4bcf38c84289bad3b3385662c1ceaed1c370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7ae16bbbac8f961e76751cfa1e1bb237

SHA1
601c93bc2172c8217e058e0fda246cea6deaac46

SHA256
1ac6679fcd2e6d83261474f41003d2f42ca5a2d0e8b5a52dcef83f6ace0353b1

SHA512
d5ec957548abb113ed867201b34124ff9648b8afbcd8a696e8dbbd0fda304170b8bab62bb50f3770745cfdf483bf9ded3620731181f35d64b53ff3f4e4bb042b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
2.9MB

MD5
45c4b57983436427fd5640a903ed2237

SHA1
270e9fb0d20abe013a650b0b2d04550719e7b038

SHA256
481a5e64663342034070522e438980502192118ceefdc1859b9f8c97b89f8939

SHA512
222c5190df62b309471ed908e122c6843df2ab0a77bbe98f10847840f155d268c059c4176db9cc5f4ea42e440e2a52cd7587e41fd9347efb0e21b1d1c839ca4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
437346ca089ff2d0ff2f66b86d7bb2f0

SHA1
d644f90d1b938efe04a3451261a88dbcac125869

SHA256
ca783bb6a60c688e253dfe42390a34c4c90badf28926c66a5f37a2871938a7e7

SHA512
b8b6f01f9e817eca6921c8d1e04bc0db34b8a3b07baba45ac4c50660cb1f450a321f20dafa144473a16b90e471477444189ded6bb1bd31429c14624850164001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f0aa81e68ccc2b4b243cb97d1a2fd55d

SHA1
3ce056d3ae5d05d7a23db4637395b31d25c4a489

SHA256
976f486f99e1c18e3cb4d9da089f40efa06207e881a081373952d69bb38a73c9

SHA512
c2116276895050d653d00b09c5d93c992286035f4669eb3cb6c2832879ec0ea11aa82addd91ed8a98d1b124372635c60fb1f93d164b20c0aa3cfc7be87794df4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
074d5a7994db557b89b8171f7e905938

SHA1
6b3639ec89c8eb9f673767ecac575bc36419871a

SHA256
6b4f5c95e509e2ef96b9a6025159c5193a3f92b59ac34104647fb002eae3500f

SHA512
a142a82a1b39712f75e1f43922b3e11d5d9a093984fe44db28152679629327b8326d4389eef66b228bba6965e1dccf19237c47e76de0cca7b013deffb4430f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
982ba2107f4f7cacd50233e6a51b4c4e

SHA1
7cb2839a6b549653e591337bc7a5227e35c8a08f

SHA256
7259f20f0e45a565dbfeae3656efd08815d1cee2251146e2372969504b19b906

SHA512
b8441524bd3f981a5087e2c93d893a348c624546c318b4ce5413b3a9d439b8ae647154eb34edea1a6e418a9633cc311d149cea7188c1dcca1ad74c6fcfa491e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
7393b02224833bfd6c96df5daab7fbd6

SHA1
540068f754b1f8210b7d64e6bd3803d51c296c10

SHA256
74581c38e211f04f8e77a96bde2735ff32d9ec508d7e4d6750fdb6899e3a49a1

SHA512
65b21990e0d664ac53ae44b6277c8c50092b673455dd590546ea1a212330a5c0054de61f2ac8b49436b2b1fec5417faff677301a698dc1233c3dda178e7830e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
54682afe3468d13a96c2f295bc470a19

SHA1
961af79ff774397f543d28a3aa6f258a96e248cc

SHA256
3860b8b22d026ae9a92e9bef7ce7d2ca97cfb9b35f9ce2909e1a8c0ab3dd468b

SHA512
f190e3baa8573fd563760875fe6c281357a3780ce2e1ec048c887b25fc32f0b4670745e45f44d363605109d1fa7f31592d9cad2ba7710519bb3add37ca81ea30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
970f9ef0c33cc3b7e8d81532aa49d515

SHA1
eaf3eb421cc65f2100e7f51a34d5e3e9ed7278f5

SHA256
83b2556b515c2c904e0670972a6addb29ca1b53437ae97745a84f359838774e2

SHA512
fb5a70f0eae5449cc90088bdf652a572105d59a93381b6d0754994a41b416c1f1b535fa48b8040d3255e7bff94e1bf8c2a12eabe0b4acc971ec173013bc20c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c3fc4720db09629c555e18d43846b6a6

SHA1
94c352840b36f7cafea69d3986992440cb878024

SHA256
61c46bc9562d33897422ff625f3c36be03d8acebb4bb5a8067097cec93c26853

SHA512
ab55be0b0316329973cb58370ad38ce6579a0a1cb057d740903eb60e3871ad9242bf2da1e8da13c5cbdb578293ba5e095b4f3d51cd8e43b5e4fc57d9a65d3eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0037cdd3d01ca76d9d4d8c099a5dbcaf

SHA1
85795b78e4cb2f01be71793ea67bd032a394b69c

SHA256
9be91628d018f652f2e2d46ce761260e1a5ec81076d235c40f48c8fb3ec94d51

SHA512
67e3ba20192dd599a2965c01a0cb9b3b82eb3591c98c8f33b18435d27627677e58a33e081eabf9a9d7cb4f16ae15d30c2ede913098ea467d5c9fe3c2cabd8a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cbb5525328ccecedf82eabe4a80194d2

SHA1
172db0408a996d6697b1b146514a2d407584a35d

SHA256
92366a4fb8f8520d6a995ffec2632bec38afd3b5de394742573e132d7e7b0d7c

SHA512
1c9d00068e7e05f2ea40494255561cf64d55d7bfa455532140d205726f661af1a7843bfc469be557ff857ea41474a5c92c0f9bc0b9ab3dddaf5e115d334cda36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
589a6c669a241fcdf321c14a0ba07c12

SHA1
a3f7f1144fb2d5552fdc3d4db9646683999bc021

SHA256
26aac011233a6b9776a24ce4507ff2f391fcc82e36e0ba55c78f8f6ab1be8d25

SHA512
df1ffb33a873597a8a2b937be40143605b50187d3dea668f7e4ee8dcefbf690a12722dba2ed48a4df7485d874a098f6b2377cc2f407b55b7cc18411a128fe002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5b2f04eff4853f4796966a7216941d58

SHA1
295a7443bce604cf9cbb5dd243f255c5de491801

SHA256
4c482153eaddd87597dce48c478f1cc6f662a1c919eb5b8c64ffaded1d3731a8

SHA512
67914d21ecc3ff0089da4f220c79ce404b81e52d0984f57b11e104b781ae3a81be62eba07e5aceac1733ecfb5118a055d8f43757a786adb817fb565bda2fcf0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3671fcb799cf44cdf016061041df6ba8

SHA1
40695c5d6c61de496d5257b6968b37d6c27e85ac

SHA256
ac4d8a39d249a614532a303331ce1ceda9f76bb028cd3b429ba7f21442d9e341

SHA512
97373b9a56c0b6f0c94f7ecb514dff1e7e8a48f20b1ec0d5c2eccc98147395e38cc35e09270221c6a538370a9594eb05f5b505cea5f872fac6282d78669f6528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3823b44f6075746b76261b7547e73f74

SHA1
7cf84ba0ddfd89b53e711352c0cb202c3495c9f1

SHA256
b13f5be6bea0fc0d73ec5cb30d7f165cd01912398f8dcdbb490cb57a34ca8c8b

SHA512
f5f0c354b7938e7b099c4cbbc3ae8a682f8747b70d1677eb9023cc6aa9676a96417d9285bba0e41ded36b4df12c3adbe20e72cd96d79b59a38634bdfbc7e3302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eafee81b75034cfd9e49d65fe040fb97

SHA1
1ec719a683c10a7b6b5d2a38849e0703d084272f

SHA256
d63376cf9f99241d4da5e7e704194ec917920351e0e9827bdfdf45399bce2a73

SHA512
e9a2be09854041edbadec60bc2d6e79b890ae96dea943f772024b9f8c3d1a61f5bf9dcd01ae558b132b0c1cd3c2e4ab065bcafe09792e4509a9c180816a38439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f992dffa967ab509efe34296847778e0

SHA1
3c69abd6759cc148dce7e3a114fe3b6a0692ed1c

SHA256
0a7671de8c5746e84b28b72ebf250b40de316643702935914a337d98cd4f36dd

SHA512
b615d29f6af837be9d17490eafbb90a21ee25ba551ff475578073b8112e7795b908868bc187d683159962b4204ab0cb309a9a43bfa4b113c5e240a8d137e3b9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9237ec6b2038281003aa125155b89760

SHA1
de3c14f5cd3dcfb464adb909a43c0c259f47eaba

SHA256
f06d3f3379d23a581e829f1040ad0c91b164eaf4199c4db8e299954502c7a8ac

SHA512
8a8ed73f67e7e629bf5c939dfe107e4af36fcfa399787ce23501cb02d52d9229df5c4acd67c6c32c1c6b59b0baaf21c0722d5321427646e480527a0fa9b7dc96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
397163f20af42e8b2fec2ad5fe529686

SHA1
76fa4ee65f0c26dd29e2bc602d65144ffda13d91

SHA256
1eb7d2fcd0858906fd40ebe1ff7076b79680fa6a44e59e2b88eedd67d0688393

SHA512
c6dbc43c1e0324979dc645e08754a8a86de86e94676c26a4b67d8e2a98e3c85b42a88919d60ac21eede3037eb5f2bb5c3037968826529d832d89d640928ed5a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7ad0a210b0a0eeb3520b72c3a4aecda6

SHA1
c4f6edc058b5ef9b046cf28d2895f905033bee9e

SHA256
498bd6b9d422211c5ef068db75c92054e6f61be5842aa8d6ef2f235879b781aa

SHA512
9b7740a81a26ec35457d02607e27616116ddf46d2eace99ef2efd33008b8a42b9cf475c7a038343227ed217678914cb909c7964ba10257eeb38bfbae3bb699cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7be4d6e9f44391a7d35b2e45cab5775a

SHA1
2f86dae09140449af00cd8a09594e093e7574662

SHA256
90e5dd8878a52ea6f021a712e82b37ae7b59e04e69f966d334067ed38a5649c0

SHA512
41be4c3f8782a3f55fdde3247c18290d7ca42172a52ca18becd5d932867aef74f189158d611b448584c34f612e05299a8436dccb0233cedd160613f5a0d98221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32281eba7cda1564f6d07e628152df3e

SHA1
4e188d97a7629d64d4769a37a32f1996124a67cd

SHA256
55fdfec1ab9cb13d603c4cecd8d2c3e78d85db3140f0cacd51ac42dee71d2332

SHA512
5741d801999e924abc750802f020493e3dda03ea5365e03892fe4adea2987ed828d2528ce630f738e83ceef4aa84a32edb0ba9a96a8a4a85a115999aabc46b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
862ca8195cee84acf2d6536b601e1b53

SHA1
a0a1484668a2f2cd263977ba2bbd7d814bd45c79

SHA256
252e32d7d1ff30b06caec4c9da2ed4747c24af7bca59e660534e1be144f03160

SHA512
d28095158113f831293ca1bf29084733bc544674aeafb3b52a80dc4e8807c4ba123ae8567d513daf146bf977e35848987dcf5bed3f42532c3155a0fd2f5b50d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4bf969a229777a2be203c43527814678

SHA1
f811a8533f6fb7070b6f00bb3e34dfc7a677f390

SHA256
6f8e3717312a73add2f61da5dac28c78eb938c7015e13f08873c24ce6214df48

SHA512
55321867ac60c84dad76c3f70d3bb85747322416ec57975001a357ed701c5bc9d6a094ab7721b353dff9a10e87e0c5c9fec9ebeb32495d8a374b94a0b0037631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
60bef6fa6d512f48331872b8ddbeadc8

SHA1
b8e22a69298dd1a2a2f96874eab06a3956b0db60

SHA256
7bc5ba0c7e2c1c606f70d37c46a35cf4b56becda51a70e9562be97080cb3a146

SHA512
60e75b0225f484a394f3ec6b4696a09a543e84fc40a5c8f3a9fc57a8d9e6d2ffaf1383ef9c9c773cbf77647dd99d1342393f77ccdef395b32367844bc42a9694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cad223039fb310a2b9bbc7bc08247569

SHA1
e1edc2e178f2cd467b62d453889e82777d26bef9

SHA256
d6a2deabed4c771cc5dbf21820f63fe99edca354f95563feade334d3102a7fce

SHA512
acccdc5991a3a730c2ecf5bc7440176e45a242a94d6aef9bfe13d120ed138e911929c60887ddfa3e8e33e8c08f0c12997d3ed900b33373ad618f568da05daecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1bbc1d1514af3b13f7723953852ebd27

SHA1
156a92131aa43ab861253164ea469a4f178e1bc5

SHA256
97dd86b52fa4d9ed859b4608f140f646b8f6ec6a04d864751c643fcc2b4abf4b

SHA512
16d9a177f4b830670ccdcfbcbeab00b7e2c0d5ade4deb6018315e2fb122b1b781619e86eb75f54600a2ef9a0cd7b0963a1f930857b4638c36ce39452a98df9ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b1523b564671c2619e281c455c522781

SHA1
31c1d29adb4baee6879409e7fcd422b738b23d1f

SHA256
c9ae0fc433877ca00ebbb117d5720c6af3e450e0b6d27fd0e76e3f496d17a19e

SHA512
08c14f121ffcecfdf366b1cfb451e82ce18665584223288ddce8fb73193d309d1566965a9deb4a9385587de1292615a202c9d5d26fd7145aedacc9e7c8eb8189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
77d23ef93ee24bb29b479c3b725f7cca

SHA1
da6cf6975674a2d1bdb781ddab678431ab7dd48f

SHA256
0e94ba18d97f4423d893fc95d5f7e17f6a7fd1d03a7ea24c114b1cbbe1fd6a66

SHA512
794bd154f8c72c865ee479133f9ab55203441c9e7231b219752cfea8939123eab3d1dd6a3727ea34d8ff53fbfc8aadd30195c84f80c30348deb0e63084420c79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4c079319dc6b80706c7e1f1a1ad1d039

SHA1
b584d945e9b75392258db751e4f9192135437a52

SHA256
4a5423d8956a062f4bcd46c40ce405a4fdcb0605e3b78b10903f1a9708fb5663

SHA512
9919d2727fe8da8b1657ec055d0bab03d6408651dff95ac306f4359380dc7c2e1381c0e957f86aedebdbbce4293945a4273fceb8b280eecdf94da12ff1c810f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02c71096275f5bb7719acff0fcdebc95

SHA1
903b441c36f2a3f3b3f034b87a297dbd0bacf406

SHA256
91739496a5f752a8893bd3b003081857d635b59535d91123dafa827c42795b0d

SHA512
299111c4a7e7d0505cf84a1b20ed5d2c52f829891b358ca92e6d3aa84cd4f4a7bdf1f585b60fe82e11e064632de2ffa504b6cc0d6d0ff6f27304c1e70985ecd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4b90c4505f6ba71dcbabcaa2667dd611

SHA1
a034db0cd7d7704b29ce0d6876b7293e1fc889b0

SHA256
18999b22aba1b5d47af020ed3265bcf4cb62a6a3bc3960b697bb07c66ebad513

SHA512
cb99dcff466d39d8ec4a6b75fee2d4293821c61bb145f8edff8f3a31e22c9cd61da412a63f3ee4939e3e7eddf3716e8e78e804c6a1281f4fd71c81b95e7c18e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ebdfec621bfc1bc920a20fa0ef624916

SHA1
b284f71d98caaa1a87d0775e27181339dc8ce00e

SHA256
777c30b3338741c9ff35e3549db745bd0da23ecc55feba2f21faffc709713c3d

SHA512
7260f45553009b2f6048537085308f4bcc4dceff4ba213deae59adc0fc38c74c20d57ab6670bd5949c45aa7bb3304958e4e203c0eef3134f18207429ee30c4ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
133d6e5fe51f07b82cc5d7aae7696836

SHA1
e6f526744597da47241460583a00be8c5d6216e2

SHA256
cb38aa03389030ead150ce7a8e28d48d74b60a10adab5f0a072b2b954500b329

SHA512
9ec4ce4beba8a72e4faf0c3c8dc5bb186779d645e685b27abcdf5778dd8226ac4b7ea59c521fccb7f2a0d2667dcf9c993d1ca09ce390ead8e0117dabb344d8ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6fd51cd5569500cac00f43c18010c3f6

SHA1
e8fe424068798790c06aa1bbe417bcd1c30bd12a

SHA256
1414155636e60ac2c2931b419025902201ff27b0991ca53f118dba1ffd1d6e2f

SHA512
fcfacb82b05e8f5ce387dd9b9388d1d7cc459655fa2e18a60bd25903fa2b71d49fe0528999c9b5cc302aa5a54b95c084a5873f3c82a9f57f7c898b4ef68c24cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
45cfd3e5a501041d3f1e70b491ccbef9

SHA1
df2a8f2a392dd5aa25b1d520826f0d4f1d7b75c0

SHA256
42da11b7acc2e72dc507a45c921a8d53a668f4eb8ca3ccdaad95278c003b34f3

SHA512
7cf0b87124b82a332b46b8133bd51d0bc19eb4cf34f272c4dbe003093e6477c75cf8cfdb71ed70c40ef1a127218670fbbcbf584e9fb3e8a6f463345fb5133693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b1853fc1ef2ee090a4abf8ec82a1ca63

SHA1
ae26e9a03d1e69129eb2cbfefefe694c7c5090eb

SHA256
c99d77d6af206fb6024ecd037d2ec4ca368f4889b33afe5ee1f31bdb3bc5eca0

SHA512
00eeebd864bd77fa1289523bbfab4b3762969ff1d826efcd976061c5dd7640df19d23053993e7bc7a78d9eb5da806644583d28b91d35764eaca4be7c52bb2179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f32a79eb15ca3085a99c54aac85c8dd2

SHA1
ca86c720f13b2071d2c29e51db861d617c246bdf

SHA256
9d5483b45f25c9170685e3e5435fe9b38232e173fd56c7951db7751d99148c49

SHA512
93b09645458790ae57f216091c275066764b3a5e0f40f8c788bb20517ce0c883cce04c303b2b3c3d476e56ee941becd8c3f842788266c7cb9ce748947147e094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
99c9146c7f0f125d3477541784eb35c7

SHA1
7568826d1f432e5945b45db9b34fd7372e9a5929

SHA256
d298725e8e81b93f6cf779b1aa19a96fdd3944c434ffa24cb7a2c9867683572d

SHA512
a9853128de0c0a2ddb0640fafbd466ef01aa8c781d6edb8ec211ad1da23bc6eb6ee598d9069c622fa62ccdbaa6701b18e390732623ef971a09d0749f2311b408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea894214602c1d9bffdd768d06970873

SHA1
ac996018247ed9537b7cda5a6600b700c342a1e3

SHA256
34510e62e586dc3d1c3b0900383ffdf6422563ecec7c66361c18c237a62cecdc

SHA512
0a558ca32f1bbe45af0e92da57496635d29a8bf152ddfdd4825bcf682f315da96255ff5153250c0b6b3b7bed2a7286018aa402a041f277ed3a49425295c1d8a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5448b17c46387b7bb83777031aa4f3d1

SHA1
7450f01ae00bd760c020b1ee2e62a9b4d80c6fb9

SHA256
5f3a7662fc71572a0383ea7f164ab6aff646e669cd6780cd8d2f73f318fb5a5a

SHA512
6ea969a0a7baeda1e101b56adc90c59c3802a2c9f4fd64438b1d69fd8f131102a5abb9d62169f4b5f0b864f7a0298145dc693f1964bee47154737aa650f1de4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
541c5224532cb158e936229f451c282d

SHA1
2f12758405cab5b92b653308b0bf58fc1eea494e

SHA256
f1456a723a259c6d854827daf4fa11b549120d1e51095c5ecc003baeb00aa5a2

SHA512
70ca021d333fb323ffe1ccc3130d8b82d6f68a4c62cd367e9c9376e0bc1f9aa75b1671affec7e736147c7ed11faf3ca3da896953d1387dce8f42b6949e2030e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e6f05167531147b29b5c9ac316e0e78d

SHA1
8c43981d0a303dd110161db77892a016631f0682

SHA256
7377d9991641369be6b9967dafb14568b3a2f3b104a81b6c34fd60bf60df150c

SHA512
a7ec5ead8650eba8fc583056a02c01501061646ff2ccd86738a874bd4899ddc9243a443d43bc4060fb71911754443a83685270cbcc949c0cd71e6656973fe8a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c9022727dc438efc11a9c429edaf575e

SHA1
9f0769eceed4ce2aa0bc0bb50603342e0c3e9610

SHA256
b7724ff02974e9a2fe9e0eb0a7baac1e673b128a718732e86880fdd512368058

SHA512
4ee8b156d56c3b875137cef0f13175c8cd8d4b40ba628a16334794ba34f32b18184b06813a5cfd3cabc230155adb3110e58b7a2648c3039234e74d74800d37aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0614e5a93f0f7c017a9e54e98a8995b2

SHA1
e45a2d0eed9e9443c00b2da8d824ccae397c2463

SHA256
ceb3776fbb62e48d7fb3bfdd6ca89bfb4b90803db85fa37ff74ff3fa39ca2f8a

SHA512
bf8a87a77df61bb758f536dccafab8d60990a2989d8012228a5e0b824ba8d8f4b2b7454f0474eaa2797f32e8830627998402da65b69963e3c20d99c02a9fe837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b5bcb78a14a179678127e792e362c89d

SHA1
5bf1c1cfca7d3053e8bbc54536ca786696a04112

SHA256
f6c472f2363ffaa716f174254874b8b6299ef7a491c798daf9c6ea9c7b796c79

SHA512
bc29295663bd11b846d2c99a8836d9cb09ebbdc5d33568282960447262ba816fe374ae67d914ae2440f797145c88ffc7ebdee490dea630cca1509a2c1ccbce45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f8edafdce4979830f5738cfc85930efc

SHA1
0e3e15645687afedac716ae48dbdfb5f0c8de138

SHA256
90f2723dc89df91a21edf57e43fc8d790bb3e44e89b83f79475ca01634837f6b

SHA512
8b5b6629d5090d285dd84ccb631d0e2b948698fdc036fe46a07c4c1b8ad8030cf6fa9dd1bb314d27a3563f4450bf98d22e633d360251d8f33c37c855a793f4ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fb56c771f80065cb0ad25ec7325163d7

SHA1
34128457c6be67e5bcb4b443a03dc73120951d79

SHA256
bbc0fe089a4db513dbb5e71981750c3916a0dfbcff5d4ca58fb0e36b26b5bde2

SHA512
bb47b0795e6f2d0a9360abab5d8a29e75c05231b89c3e5dbdb3e128ef3f26ae3f503105103ef32036838da1d51022e7f509c533aa9edf18e638a53cee0a18f38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7fb28ec9d82a07b2246a03be4330d4cd

SHA1
f36b37b25d7ccaddbfc82277ac4ba27215309bec

SHA256
6d4af93adc1a26f740404fbf66d50006ec40a3c43fb449566bd836c14865ade2

SHA512
4f109a55d8b7cba5b6d6910e61c2663d0322bb285f7145b6be2e2006b3f6e9a8e684f18bbc27a87689a170a770920dd1ffe7e51d7530b36247740de8de8857df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e063166e70c580e06067ae3b3e6f5ee7

SHA1
b153e3974016324028ba09ded83bf2338c5451e1

SHA256
0d09edc5752f7a6f7a2c81cf37e2948409d50fec22b4be948c52b195b9d1f685

SHA512
43a841c6391a4b257415ea33ca1ea9a82c29259a9f8d3339c975a35453be02da74adf773cced7e0fbee933afcb317633cad2b1b52ff32b8049710c5b8cec8901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
674a1c2af28e6d4b4136f66948be4627

SHA1
a1c8d5ed6c173ca1a46145a04c1ca5923f9d1185

SHA256
e06d5d2520263ed0c92b3b2b58c8fdc0564d58b61120baf256fc13a0f6223ccc

SHA512
bb0eb48594b88e56d8d2e3f42097e4ec5d41f879615254b48e9c20e46a768adaaa81543b2c8679d6191bf24f6bc5c81762c318ecd251a961783967727df92d83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9c359e4fc3892110b8b2d65046c5b885

SHA1
a69210fff0a48e13de8f300583feb9238d20d889

SHA256
a50fa80cedcba6afccf8732e5769a95200fa6e49841706ae361dd9fb1f6d7c04

SHA512
9cfab708953ae1cc357dd2365799394fa5ae388b90a54f79aa054a663ea2dda3c0a9e762337ebb2e130f998f421e1b5a8f6a90225e7ee1f88d2ea9ee797ee04f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7cc5cb9f86151fc53c62c4da3a3627a4

SHA1
0237ef94477b760d2023738e894c63720df8947b

SHA256
45b75bdd86677153e6dff6f72bb8be6dbc5e3c6710bd3ad6e095265d0d704b43

SHA512
4cfa880d81c7dc9427fa578426b9167a22113be94eab5d6bfa165538a968153044b0a1da5712494b3fa5ac1d68ac0f7514069bbdf86234d879307173ffc15081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd70ea33c96158c41c25beff0fd48495

SHA1
56a38049572132057488998fce801d8c270c4930

SHA256
9e2d122126e8ddb4c739e9a6310011349b0bc15451a6561b55d0d1ed2c79d90a

SHA512
b0c9bad1067811849b848ae6a87e430e3d47472a6c881a2a54623800ec39e0ed49d76daea1553d1fbbde84aa9512ab641a2daed311cbe7827e0c116320c51191

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
83503c2a407238026c7f3760cc6a7515

SHA1
e52c9cc0fa07a87602554e821857999cb51e996d

SHA256
e1eaa6d44ead4b0319b8ddd012399c2e226f4975c1505272fd431c48344e4a04

SHA512
110163bd343521b1a09982aca277d57f0b4866a348b9bcde5f008899c350fca6bc81898db5e45ba9cbab46cd5c34354d88f872d252158858d49f55181300b60e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
15ad8255de7ba6b021638644a06f492a

SHA1
f85533caeabd15d1e0b22c09d8edb388bc9b1f79

SHA256
f3a49b83c7c22239efc1acc067d9b4c9ced70f126ddfa472b1c7c66ef3acca41

SHA512
7cdccaf4b27e2e81994b4a5e7c3ddd6438252ca7027baee326583e8c17e316c9e2b906210682e2129ba8523e00a94bf35a84ecee5af2656a7fa0064e83a38922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ab6533dff8b3c9c3267b0f6b942d9e48

SHA1
b7bc1e5e84711224383c0f897c41434fa46ab0ff

SHA256
97cccc86255be12f52164ccd0bf04ba6fa32be51bdddea36eaf28409cbe6dfda

SHA512
374544cdd3fd97b4168406232a197be3ebd13a2333ba9cc0903a77828783d0ba46f50e5b2b22ea0997ac4b8b8f9dce2a8081b58522c3cf483b647f3c65e55a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b81e165aa2ba1acc83c3314bdb89a53a

SHA1
2ca6df67325ae5e1a1bf5a9f055c41399552db34

SHA256
d136c477e6c01340b9d2b55fe0025683baa2b968ea0b54c3cc5ce9fffa5e75bf

SHA512
f2f8d0fd5f29789f414102f5520e17528442897f6a38c7aa85d67c63e23104a5b50ad5e5298b7e5ce53190a6b877b2ab6391eb4ce7e96dbbeea3536ca613d449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4d32837d90ea4341f41826448741bfaa

SHA1
f446d5fb15fa79ba317e9bd3661a92753ff14bc6

SHA256
adeaf7511393f42c7b8971d7f2289c9e1dc6ce7d36b105c3fa43966980231f4d

SHA512
278c836b634a87650cdc6dd74a965d34e95b92b11c6edd416853250acf8e7957413edda37f5bbd4740d3420d6ce47f9358c91137678acd99c44f910bbaec8080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
88cce9d7465df358e84f7835eb99d35c

SHA1
37962685e9e3482e242239fdb0af8da4d498ea87

SHA256
33c6e6c39af3798323356cccab3d8dd132161b1d60e4c4d6f6756368ecc0058e

SHA512
d2e20a46a38c186b147870446d588f01bd00492c44e738e3609942dd299dc47b78259454dfacd3bc54cf7975c8481cdb9df1683923ccd9f7fa2880169bdb8b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fda6cadab7c90c6e669b6e1b2515f96b

SHA1
9b2417137bddcfaf8fb11abc55d5733faa9a8e59

SHA256
da79db7b88d7d059dda6fc98def69005476a97d1769da3a6bc6ebad0c1c62d3e

SHA512
4ef82f4647b477a5fe02f1948bcc06cb7e58c704444c38c94c218241e13db205914eb988516fd83f84caa456493fb3d72b5a02795841267294cdfa636413e4c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e6f0e30f17e6dc77aa9920fcac6652c0

SHA1
1dbd5c82b1205de424e2115474d54cdd0200a00a

SHA256
d75f665f880551e1459dc4966f24aeb815c6a09114b8ab62c9f9a7b77726fa79

SHA512
38bd3497c0acbb61d6b1889b4ca4bd1d0d4287cc6a574f1e71d5a20eba1ef6f441ae3b6fa499f07ace186a0b1b857814f58c8a0c7c8112204a8d47efa0607979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0e80bf28ff4304d204d4c0cb6c39506c

SHA1
6b87f0cd3d0514de9f934eed19334bb4db428b5f

SHA256
8cae266315f9279ad4ba8d0acc80e94d7589c772f9d72818956a4c73fccdc261

SHA512
21d6b4475e23300d9955b982677d013daacfeaa46775c2dec911857f23b74829ed2e2d58c0b47a40ecf22537f43e7efcf7fe9b377cb21dd8b542bd795ca5c93d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
803e17a3a19633a96cdc7bf14bbaad96

SHA1
192e14f0de6912ff7d552c62a4b8037dca842a1f

SHA256
8352196ae50865ff0809dedd2e87c791d19107a80d74b0b1c7355d17ec0226d3

SHA512
fe1bda717137f6ed73592b60722ad62ac4b3cd305bc8f9062b7c4cfd76a342e573a92fff092ed3ae87eed7d8f9e1edc843d537def8a04790ce833eaae7d16022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fb26a77587f607552c149ebb0747bd99

SHA1
d53d5508410c38d04dea9cfa2273f4b647397b56

SHA256
a1f9a164700d68b93fc380829152af8c0a065125e133368935153d739dbeb8a6

SHA512
cd07160c94e6b776902def42bb517d30346e72747b0d2b4f45092b350cc2af15ee6a96f7cf05baccd92d1f87b08b370f2256d21dd7dd23c6ae50b8c01fef8d5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3dabbc7b0d9f06d3497dc86490bc482d

SHA1
e77b58f7103512722fb8c3b8fb3a55650cd3aee5

SHA256
99a01cefdebd455bcd8dc957c922b70f160f8f4fae4207762ee1f459ff032a12

SHA512
68654c3256412bb7d23f07a178bc907f22a18367a4e9222a102be13820c29bd207dfabf2d05cdb744d0e3f6724c00587d7c53f037e8b3ba4cf3ddb66fb065e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
997bd217d301d20bb071cce95cd6bbdb

SHA1
0952cdf699b9fdba14e11cae20b6d86023917a6f

SHA256
8f7a31c9563f15f754aac71b2c026e19f4238e4dc3225a12d9e645b78e12bf93

SHA512
bbb0ed477b8702584814c3d2d1818a7d22bc65f32fb6aad3b48c2df1ae2dd7e17f721147af883b0f277704a648345cd2ba651521b10b2b432fde11debbe9dc13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0ce9425d24ade61d2d44423f8f709eef

SHA1
84c93b00dc818476595685330a265480eb0b2e90

SHA256
a8e22b9b353d0b6f37e393ecedc84051ea6d61bdfdb4fcf0e463539f19137b42

SHA512
d2ea0b1f0ce719bebd32bac073d4617008a4354afaa4eb36d7a85b81e1dc47b2a48353099fd930ef9db272dd47c776fbdd008b2e08f0b28424ac4d4e31a2c379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7b90f715b59a2af76f878d6693fb603d

SHA1
4a9b452576f4dbf7334b52a14a66b8aa6abdc5c4

SHA256
c962b83e3a3a13080b7899123b71108edb1251a5ee99788fe59a934a83513ee1

SHA512
3fd6701b9ba5e2257c72d606ce17dce42519614d468c4ba32f9e3dee8dfc1e2cab72999279deae4c33fbeb6c70b6bcd38b7162ccafe0fe94adfd5fd1b0073e89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
87d4772cc8563f2142060e01e747bd00

SHA1
ae6442bddd163dda2e4fdc2d4afb1616a8994d6e

SHA256
f5d674abbf41332d22e0ae6f1155fdd2015872885199d5022ecf626c31bd5623

SHA512
50b13688189a59860b95abb5bd10b6d7914bdbf5301855eed9589c52d8f07de5cad1f0d9611f42ad38b74c6ececab5a3b288fbe8a874c32f82c223c28fb8be59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b5ef130ef926b68ad616c9d4dceb6b0a

SHA1
180680d2b90df333bc46863207be066676f023cd

SHA256
53e577cd0536ef85fe9817120aac234ab25a3c851a0cbab489e7a995485825d0

SHA512
379e8ced5300d4d275ed893265b78bad77731095531cac1deaa7222a9b0b65ac3f2eea57493a6a51ef1cbda575905bdf0a9a48d613365d4da87a86318b05e67b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1432c08d310f6e4f7b03043ba9691712

SHA1
9302bd6716da35ef670c8470c4f7cccf2731bf52

SHA256
82716d7bfc3f836d9cb5fff1cf1b68c1935ca3dd15853db92be0850ca5d3611f

SHA512
f7fca25e53cb9b16fefb5e3e583bdc43d82d09381da24c3185ab72abe93d30324490696a907a9c02b3f5cd0778e4df6d18b2ef8519746f9a10b7a29dd14f4b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
094fdaf7506a29d5940fba2603491698

SHA1
39a6304f160fe8ec2467a0f8dae5e9f82c214a57

SHA256
e267bd7dc5db98d229ad885b24e513b2874767631ef36a38a9f6694c9f75dcb0

SHA512
2e1d65aeca680dfeaca6b172e8d451c39258e7552604a16e06064dba035b9c7cd9c0334e0ae9fb79b013d803d40201d3c725dbd9280f302bc7272167ea0cb2a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d80323abfa9d81507a2b7f9b114fa3cd

SHA1
84a7769a3f0168aac6d0f163e344e32a26b245f1

SHA256
39adb5b4bcd8c088ef3e3c5b164ab56b82d56e11341ff73ad41347d186b7092a

SHA512
a2a3972c9ddf5fd02422d2b8ff3c624ce8665a514be60ab31125e8d95c5350c98bc2f078887e885e2af9fd9e366b4e8c7b6911c50149de1af5cce202c785259f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b87c284ca9d921fa2b5bac77f606f30

SHA1
558b6fa445e51fd87b0c2a093c4e60c8278878cd

SHA256
8df8d33692f4175fba8b22028f200df6c747b2df9d4a1f3a2232dfc30579bf65

SHA512
c02b17d66437315357064f35a2de05437965c80f1f87063102e361d67683a900eb27f4aededf4ff5eafaa730e825ab3a74e0f3d4d5138a9df8613a280ffd93f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5cf6f6be3c3e31cab5746a2297110f71

SHA1
4a0e27476da3a3eb72ac673c29263706d68a90ad

SHA256
84c8f8dc78aecfb7a1aaa45694a4c5d8238a39b471a20d0a0346a510f6b7d916

SHA512
ad089501f268059cbeb8976f28d0aa264cb100ff14411ef8281b317397963244a50c808934b9aab878dee3f9e546286eb2b08fedab366d85d2f5996360554294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
23aa383918e233c1b81606c96ab1ec33

SHA1
dd7db8b1b490a323319d7ec525afeb446fab8fe0

SHA256
f28e860e64bf482199324375f51110c28179e9ee4368b25d2df72a9df4d561d1

SHA512
04b514b1a0f8cefd54ce4046d48afa7d134890aaf33b5b93ca0d0dda31c6da477cd985603f35d8f200f79310e3b2fd579e3b89a11c5aa926be2662c724e0227e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b122da26b48d8ebde8c223332400c420

SHA1
8bc8d2acb14d643e830a1c1522f23e154798ce99

SHA256
a51ae46e1e13be2851d809653e5d22c3d0777dea3a438a3c0a97321b9b100c3a

SHA512
3bff5eac7b7395f0c015c5cf362ba5039099367768334d617f9dd988e7dec73e4fcd21aa5adf433b013583131c75b6c769f2ca867c1a2f112cfbf6406aa63fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4fe06b8c1af8488c73d362c3f7557538

SHA1
9ac23dccbfe3f51726f6d3aec3471703f9e39b25

SHA256
b49ac9a01a785e8e5f229da93c74ec979e210c7cc4ede8022a1b388bb7f9ea7e

SHA512
5dd42d78dcec5d96f51fa52b0c13233f2cc77a025ff8abfc4a4a1eb984c275192229371396c9067fab9664d6d5b6412171ddf43651536bde73d194cfe6161c03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bdca3f98a0bbc105802f20cf9197b6dd

SHA1
97a0771725050b26d036c5ace794c7b1150f64de

SHA256
443bd8126e5bec7b7751a93620650f69563e5c38fa9c540e023f8d1ba880adb1

SHA512
0c9f1b3c31378e55e17c228ecb0fccb2e979111b77926372c4fd9db98a3281b67813aeb8653371e23432c39875f9a8a0494844e189c85ed88fde4ac2af8280b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
55e35e1d2d5a75ae692ae9c771244563

SHA1
fabeccbd6f16dfd7f656f274515c39d60feede72

SHA256
54355710e9d544195af8e4f01c5ca08e4ada6643aac1691d8ea8fb83ea9f73f0

SHA512
52029d14a51f02e029c19aa487a8cbaa5fcff1fc5410961fd582ec91b2593d90d83fde225f7876659e9368cf7d269740b3c134d6f780e93d877cfd621a6e7b20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6beb998223fd1eb8411fc6da7a508b23

SHA1
289aa9aef79e43a90978760e05afe671d5f950d9

SHA256
8870ec40ea08cc54e3e85a20fb91eb8b2529c5d07d3fa11f02578b31d4ecd91f

SHA512
aea2acf5a14d7aba7e2187eae19f133fb0569cbd01b838108019a181ed27d4e51d095f3ddb5f0aa2b0f1e967640b55f3a3a5ea072fa8a354ff466cbc499454c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1792b5e19245690d4c0b3739b495842e

SHA1
a942841376ee34e631e1e14c32251a0a464b6fa1

SHA256
a3f37a537020e715a32f9160bcc94c897717a610a9be5f74412cdb1fcf7f772d

SHA512
4e3ee4ded70ba39a0e65dfee0f6ab91bb178cd11a8eb9cc9a43a9e66880dc1143a4ef6a1f6550d5739caf122aa98b9382071e61eb1b16bb7ed151c644fdbb647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d1e06e5459d0ada4a7d9ea644d7d96ff

SHA1
86a491ba56a347bf2c4ff0bc0f42218b4ea9a39b

SHA256
4ed50d038f83b46e9e63ce75dca0e2a2ea556f095d7f88b674c5a4a3c17d972e

SHA512
90dc3ad2f1061a143ffd1b3c94bcb435a869ce275993a185c5f4ea3050fe9c31473d27af68d6c4f6f613aac490fdd954b48e0fc32baf1993535f90d5dc0b5e88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e9d29f5a9c3971338bf1b0f711be19e0

SHA1
bf62808488b1d684a92d6d67e32a264f1aba1bc4

SHA256
5498d86fba20dc970ce7a0f25aa3ec9abd83f2c1871833ac737c2b2a066c6094

SHA512
80b53416075c3294c13caccd33c81c424fc744ef9c4df2cc71ee8781503a46cd49293d2f5459dedbd90f378855d99bc68d7bc9602851190c554693b2c13c23b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
40662a577fe9b0e3d53107d492a6a351

SHA1
8ca33d4e04339623d21bcd4e4aa6a44cf99fbaac

SHA256
f93a7c8bd9975342d8bef8ec1d98c9f37a30442c60e84769e303996eb393b2f0

SHA512
d2c36e2f2ab369fceaf9102945c367cb05bf71dea78703f22d150e41f2cb056eaa7e0046d3b49d24b8c5d387a96db0adba57bbb3e264681806044b8fbb34c15c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e2207b360b51701e8713b38ca58a1272

SHA1
acb81f5a39e9632970bda63845174da8619c488e

SHA256
d20187886bd79c1b28fd1cebbd2454eb3130bb984336c9d9c7500e09e7593676

SHA512
c697401107ca90a834f8df00fb498617cb9ccb0c89067a4ada8caaa7fc3265a7ae1e2048af4df7f0506210f15ddd33f1ea5d7a1cb98386a9c4ae1f92244cdb62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e5cae30e3d58cb10cdb04fc409333993

SHA1
9543bc8aa496908d84fd3e6fc73896edff554ac0

SHA256
f88d6fd649f216d7dac87c27fafacb219df9f6de83aa3b8a512f0d46bebf886e

SHA512
1e2ac50df89c589a4e283424b84205b4f8bf1a328a873d616551481469d0ad0066a40c68cd42741d0b9637f88840de93d97c2799f357d4b26b323a61f3e51db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e511679089338612710995461eb56c47

SHA1
316ae5e64f886a1fec0167e9062b5da0d9be9b39

SHA256
f4502228a12aa1a7f9a2ec0a230915c7307e6f314400dc2befd2658e3b80a7d2

SHA512
9b3e59fa4478daee3d3b576c67f803688cb29908fa4f43c4128adad672b69938816abbd894cfee3e12bcba112d710886953b97ca7ce5f35855440b0c979b5d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
c6a735ffa17f8418e39e0f9e08e2c972

SHA1
ee5d6d8f3ab242171ed5f197d6c84700f3a7e0a7

SHA256
53e4042071f0bec5262eab400034e5b3e146e4ef1de8f25026d564b23ca77f78

SHA512
29c536fbcc8fbb0919ff9939f1d923d540baa39e4dc81454ea54fb72bd7d42c2507d062cafe7484a1f98ece7d285c1c0c8e57714b0e3026aabe14c24d270d5a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
625522bd0e247e58cf30e2565f04631e

SHA1
162b634c8b47bc065e83a4f27ce463eca4a218ac

SHA256
3212af6d52796b04f29fd39590659da7994c3ed9cf5d2e7e8163e63cf47a11a3

SHA512
123af78a208876615328f15d3acc4054a34bbb1acc3784dd4aaaf05cce09f41574aa8bcfa2c3d2ee24a4ab773111ec441689ac266cea8885ff5dbcc633cfb430

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC9063CCD\Craxs Rat v5.1 + Loader\res\Icons\Apps\health.png

Filesize
7KB

MD5
32bd051749a0fc05e1bb83707fb379ef

SHA1
479ef7feba3b01dc6aa39817104ab9f78ba6451c

SHA256
515a7cae5767ed438b9112de05d90bd36568cfa68d5284ce648cff45400fe0e0

SHA512
3a80f3f0890337ef0294dd4a1b473a136b732438dfb125a3fb80103451b471919621952a21be4b0cbc3fbc7b479545711c9a5dc498121de9b7fde0f77128685a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC9063CCD\Craxs Rat v5.1 + Loader\res\Icons\Apps\s_translator.png

Filesize
7KB

MD5
bc33c93efd4900d799deb3cd6a195b42

SHA1
18a3527e1e4382e83fe50b470d8cc393d695542b

SHA256
5506ccae41f78fa556d449c2cf3aa95e6caeaecdce847eda5289037aa33c1824

SHA512
164439b404d354cfefdf55aea30ddc28c6a0ff4cdbcf3986b003eed0fffd35f9740ad7add000363e05b774ca80897848e3ef68248897a58cb0f5282e1b701f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC90FA91D\anonymousdevilsec.txt

Filesize
163B

MD5
d846e3d45c363f4a730d2fbcff251eef

SHA1
c61ef6e347e5e55f576afb96b02e2bf4ef5fa983

SHA256
ef8420138bcb5aea3f65729ac1640518c05550fd181508bc3b6cbb3349a31cff

SHA512
5f54569591cd2859d4b0aa3844a15ed202f726ba9a9b9dd075201e5cb2498061de859a088412683e6f55e530ef96772173b8cc938391c6ff345bdd2bdfe07993

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\DrakeUI.Framework.dll

Filesize
1.6MB

MD5
0562b4c97f643306df491a938ae636da

SHA1
0807c37b711374ed4814a9518c9e264517de89a0

SHA256
70e72477f7fe0018e043ce8fe2228a289459058ee41caecd6f05855898bc5b80

SHA512
c969cd274b6bf65a34f1d129b6531616a3485a1f153088609ad2369d380fdec37c3e88a423495912715a26e353dd5498f7f9e73c895e9f3f18fc7d1e65d2ecaf

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\Errorlogs.txt

Filesize
2KB

MD5
631dc8e559a4d160cfe41e9070945de7

SHA1
2c1a361347525cc7cb0854b0aca5eb185fa6bb34

SHA256
fffb6d420f330cdc0f00dfe348cc61f8d52bc2f5f2cf2b005c2997a450ac8957

SHA512
aeb1bd13805c08e684338fa25d484ae075627bd74baa4fc0abcfba31fb9c1af1aeac2da493f220c56bdeebb6a46317cbde3b75ca70d3b255dc972a148b77963f

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\GeoIPCitys.dll

Filesize
191KB

MD5
c070f2421851420e832e4f5989a775a2

SHA1
d6af3c48ffbe0fa1e0e54860836d3bbf374b8b46

SHA256
d54fd6c5903eea49a75d620d4ba232f8effb1863f5f9c974e4ac0a8fb1904131

SHA512
75c3edeb4c16d8e82eedc5595b9c3fde4cbd4a3e9deae1967ad513474920a48e4e9275fdc76f44032b1be570a4ece1a6393c4680af8989f67bcdec039d06798e

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\LiveCharts.WinForms.dll

Filesize
19KB

MD5
76c775d09b24798f6923452e920979b5

SHA1
3fe2c79512a0d1153fb07f6640b27106c90d333e

SHA256
a5b61c1726304e6b72e09a0f35ddbf52f89a75a4e28e6ed098c8d1df6081b4ad

SHA512
eacc093f8ac9401f617df7e07fd68a8a0f1f03aa150283de67ad8c338fcb1520b0f07335547cf533a646ff95f239c92b029f952a706e736bcd9508817c9be0f9

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\LiveCharts.Wpf.dll

Filesize
212KB

MD5
e924f79f0b5f3e79c98477d75831813d

SHA1
64f71e20e1953b13c771d8a8e63549ad6d64216e

SHA256
1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b

SHA512
063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\LiveCharts.dll

Filesize
148KB

MD5
9642899636959b7fc89bf34a8b998a90

SHA1
479a0254d1c9e5565c7d861bb77f54b7eae50c96

SHA256
9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca

SHA512
435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\Windows.UI.Immersive.dll

Filesize
11.1MB

MD5
1d2042cc4361cac2c13b0b33a4149080

SHA1
e5105299770c325bb7b5198542869002a9c332ce

SHA256
a9dd7159a39dd053806d36920f76da18ca5e8b488ae04167a7feadf3c1ea4fc3

SHA512
d0335fcfea1d6b7428ad6b070602b5765b4d07d2f0bb8819821544c6280ed1e4d76cc99bcd00414aedad954fd1b5bfae58d1bb80427600d619d9e0c910438a4b

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\crack.exe

Filesize
170KB

MD5
e29ab30e42348ecf2831928b7b95d5d8

SHA1
70ae302ae078326efbe444fd8158d2b104a06a69

SHA256
58b1013f511e61f2ddfb547939895ec161ab8bc03f5413529f85f1a3272d38d4

SHA512
34a3209dc0856ea0e4d0573eca4dd53b238ebb317f10cb84683d99c64c1264693390d42193fcbac190ce9d9e0a33c9f32de8c4a57e4d38ec267ad16ad5d3138d

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\Config\Pass.inf

Filesize
24B

MD5
e1b54e517318b3b3363551e926b9e474

SHA1
cdd2df4411afed1c9e44997dc9ebf85728eafcca

SHA256
dab8688b4d139db5ba57783791efbce34e9e46c37a2c506685cbc6d18e68073e

SHA512
edcdd405bf3d57cd524151e9f41670cb7c3bf693e59254c8a034c30a8457b936d507fa434d38e733819a11cf3afc6858d909fbe73bf091f3c96526cf99138728

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\-1.ico

Filesize
33KB

MD5
410e4dba1b3e1acd689425d024f3fd56

SHA1
d38fcae133db0cff918dc455acd8ffa437989659

SHA256
e10518132ded7ee51739953121f6efe77412aa85bd744ea7b256a5a6da751e44

SHA512
cac41002ef9ffe4592a0949ebb3a21b3837645838e623d3a188f7e70b6c82b2253c586a6a9395007849da0ef94d6dc47bcfce9cde554e8b6becdaf21082cf014

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AD.ico

Filesize
33KB

MD5
2cce7e02f2decbdcf648cc249eeabbfc

SHA1
4a9cc2ab3162a949d5f559ac2828813da7aaa6d2

SHA256
ffd5e4016c4bc247f49ded9d4ac463e7bd9d7f92c9889528f5f3a865dc8234e2

SHA512
be3d96046ec50bfd8e4399d1268856d0cc1f541635896ad128d660660294cfd98f79998dfa46849a2e6e5aa3e637626a94a062ab694444b7210f69b3a55d1686

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AE.ico

Filesize
33KB

MD5
5c22046c8b4f37adbd0f41a811238d5e

SHA1
e3c49202f86ff0718f169ce4cb82570457891bd3

SHA256
0759c987d55b3e2bc78ea1761d451b0b40928865c5b5652ef7b304426bc1dab9

SHA512
655c129c7456ce083a9eec235e04b871a16c4226f7cb1aa2ac4b119770b24ac61036950b0a77257af96352318a991037a1b9b5e2925ca84272995dd8135abca8

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AF.ico

Filesize
33KB

MD5
e18c650283441dfbdc3aa46a414f326c

SHA1
eda65607858d6b93db9ca4a9f20cac382cb685db

SHA256
ecf99e08bf15aca4325c4790ee20ccc674b6f4fc6dbbef0885f36bf8e6e8aa68

SHA512
f10cd2a31390bbb06546052214a817153f35ed9b5c5403995267e1e9b4987630c08ddf7db414146211b8cfb4769949cd660060bd2a5c8a51bf5bc381372a6673

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AG.ico

Filesize
33KB

MD5
93f8d14b56bf5f257f87ea438c7a3601

SHA1
31b71ace333e016408af2f18290463389206d1c0

SHA256
8e36c85a8ba6b92ea906d4dcda412b492449e668fac3b05f5fc512118fa71e5f

SHA512
a70adeb933e65ba11b28d11fad9a2eae29a623013f9bd8383afa5c794f214a6820f797f03f1714759bd38356b160b9c1e159dfcecbfa7e95f4ce2b24bfb24cf5

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AI.ico

Filesize
33KB

MD5
2d5ee470e51e769e649109d2721937d3

SHA1
89bb18a904dc2857e52cff3a384df50858d5e17c

SHA256
08afe88e8a0475e320c6da70ff530ada3a6fb426051a6337a769c14dc37ae316

SHA512
d6801a6b238a9779b0b8829f79412c227ed8480ec060e3d1992c9b1024c94a8f1f6ed32097c8a93a6f2600ad68b2ac537fba5f0982a41fef01a832994cc0cc20

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AL.ico

Filesize
33KB

MD5
5dbcdfb9a2f9120ba42006c997e22b42

SHA1
01fe537ccabec19b252e07ed6ab557a46a70e6df

SHA256
8f726d2132b2b7764936aaffb52ef7b0271abf857949588c36b32fb3c769bcc4

SHA512
519b0757a1bba205915aea9f8bb715072420fae126a4917f146c9ea7567fc231d74f93ded8dead86dcffb0fc293de1a4c85a161dd894b490e57806df67cf01da

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AM.ico

Filesize
33KB

MD5
16782d3d013fbdd1277424363dd8a0ad

SHA1
c26e1fd52de7ceb24af6f01fb4486d39e1932bfe

SHA256
faf3d661a09912ff0c1f6cc92dd8775c3d2be31e9a72fe0962c144d679021d86

SHA512
44bda0a5d59f1ead6939a6af13b81ab23b28be44a61e7e736d5e21cbfee813a3a44c5832b16036717f0e18a418dc449b5c3aa1e0f05c4830cb3b64698ce0901a

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AN.ico

Filesize
33KB

MD5
ed05e0515da2b4c11d839493abf8d44b

SHA1
8862a2bd75632d916fdd049b31f2155ac7894524

SHA256
8f641c948721c9e7e92f28224b8b1beeb27382e5bac8a4014a57537dd7543a8d

SHA512
31613012f4ea1da8d1318f69e6e9a4be068e9e490f01ef0e1f880b33f50d715d92d7498ca99223ce81d6656ccc4293a7fbd272939e99dbc21d62176a6c6d9553

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AO.ico

Filesize
33KB

MD5
a5c78266329a1eb0f3e52bc0343783b5

SHA1
e0b254e2176f0eab8d2b76213a64c24ba1788675

SHA256
550a1b6e2b97febd865cd130b0c0d484cf2fd02b8066ddf6d7290b9cffb35059

SHA512
61a7bf67f9019e5f4c653246e1844703619d6421c3625c963862ee9b0b3975b26ce2f785c9b3cc79e77181c098f0e3d60c9f0e21203928117c6cd45f104af36f

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AQ.ico

Filesize
33KB

MD5
be6fa7ab4980735841141d4d3f642a4a

SHA1
c6d03cda7f73a959a3d20d0e3897595fbe2915e9

SHA256
3439ebcdd8e7a614f157f58d7f77d190aac7fe514129a01024a8b68b7008fbb2

SHA512
fbc116df306de7a04f43cb2becfecbbaf103d6b252336e0bd37f006506140ceb14f114cdf62e203bc12f78c25906066385eb6caa67f694d8526b341bcf3462f2

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AR.ico

Filesize
33KB

MD5
bb4f489b2ae1f6601513296357fb478b

SHA1
b8337772e2e17d48412f44373ea8a821b85e9c54

SHA256
af2f591584f6c59da15fd42e5175dc136844442e1c755fac047b0efae3956c50

SHA512
547e0753a1ac4058ec609ddd2d6ce54b50cc47177ee319f5bcc82eca9e231d01d74b7c2d02de90557c08224bed962c74f8c4079a1292153cbff32db234ddf6a6

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AS.ico

Filesize
33KB

MD5
caba1e66c954bc8d784efe2a3c02d808

SHA1
ef1d5ba4735c99b55648503513d9ae7393a3a6d6

SHA256
4946c58e14318696ea03cf9bcb5d8a7334273c2f9e30173a3c7ae0bb7ee70bc4

SHA512
430806d048e383411e36a8e3777a27b7efc1819cca50c7d7eeba662d32351a366d3cc0b892f819b6a96db8281c5e249d3faef13e8a4ec3bef75e67b9567bd466

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AT.ico

Filesize
33KB

MD5
8effa2f5bbcecf6415b04f9408c0a65d

SHA1
3f3249fe921c1d4767b76b0c3a720cba0262b565

SHA256
236c59500b9bd83212375ca7514c0d62dc088203ed269e9cd55ca6349adbc8f0

SHA512
3f8a1f0683207ed616819a0e42b18e5b02eab0300fcf6eac1c399f0e5475f45d62e0bdebfe0055d411d529649938623acfd4b3b02fe80fc9da6a0492dcd31822

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AU.ico

Filesize
33KB

MD5
ae8189b2c04d783a2f68f0204f1baeab

SHA1
e5709598ed08427a1dd83e1d994330bba1b1b091

SHA256
047f9bd82ca7e2685c1dca4c065209977b5e8c32f78ee821bcc7aba12decb044

SHA512
ef1dd8330cf3cfa9840a5902e13c669e6de911ca9f383067506e2c106f05021aa79df60e2a867259bbd1dd056b9367d5814e9bcbafb242d718fa7fe0fe664248

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AW.ico

Filesize
33KB

MD5
49d969f363a153b7e1cb4dc2cb742238

SHA1
2a8fbfd37be58690dc2e0ca2b3ce04c2d15d6eec

SHA256
f0d730a0d8ce85f049a6d8a52733c506a8cf48584b18838f3d677b09d9c09b52

SHA512
97f17ab20ee96ae4e71e31c7864c509ef0b714215606413c801b3608770415ab63d6d5be0980af7231e4c2e270407fd273c36e0e47d524e59126b933fafa4eac

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AX.ico

Filesize
33KB

MD5
19169001a889e72fef769900ca7a8b27

SHA1
e17d9c371cc34d19f05c46d81e06f7ae2159dc7f

SHA256
5ac8c61a8ad2d7ecc3e76927fd6d52b4f279c4d3a92dd32715395581c4615423

SHA512
4c8247ab0f37cafa90ae34aa865af45b6b388fdfa8ab96935d2ae2064c620240dbb8f93c9958844a34fbd249422a9b5751639179697bab44aabda8afc18b0454

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\AZ.ico

Filesize
33KB

MD5
3abcf274a070469b7fd5cc1f60408c9d

SHA1
a2fbdbc0028f398a90b351fe5e3a2e4b31153b07

SHA256
d3cc5eeabeae7f54a8c5600b5c2354b355492634031e32e8ba981806b0494b61

SHA512
14be128eaa0b49b7ad07ad2230732e923a30c204faae1c3afac766088836845fc385a99ef50938f6261456e0e45afcd17c0661345ab72cca8b66bd710eb3035f

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\Flags\BA.ico

Filesize
33KB

MD5
a603875f8aecceb0d62c9c346f250e62

SHA1
44b58245d17d8d205e6bc2015965b3ac9374245e

SHA256
b586dd987bd326d24ad3edddd1f649d2fc49eaf96028e62e6e14208591a31a9b

SHA512
62c218f9e7e30c056c02b0e9e35b39fa9b66faced7fa8c3a14e9636450d271da04aa5f04a627452be03d0df062b38db0bbeb4fcdedb0d7d820d0bb186cb38953

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\GeoIP.dat

Filesize
1.1MB

MD5
2fbec46d430f57befcde85b86c68b36e

SHA1
3ff9829e3242deb69a7fde0832b7d9345b925afc

SHA256
681ede512fe7ac21e976c754bfc1e1a75a9e02c3d931ce6849cfaa9d4080338a

SHA512
42036af6f57e446fec194ce71fa634dee9f4c77342f64a867fca8730d76349190960a7e7a5967ea59c250ca1b220d4845b4911dd63ee870f5620d9eb513b91d6

Download Submit
C:\Users\Admin\Desktop\Craxs Rat v5.1 + Loader\res\GeoIP\GeoIPCity.dat

Filesize
25.6MB

MD5
fab3cc04a19ffdf90d775e27967a7c25

SHA1
723c1635338bec7c1c876769618789268b8faad2

SHA256
bf41a0a700e3b35415609d090b15c5355e5cf4ca703ab119626b2d450997c608

SHA512
fe013386ff799cda195222341ee601d7b8b3c5c8abacf3c80e3fa03af52ac848f8a79a7dd87d8831d5a366243343f1025f704f49d858da4b02235968f834a9e6

Download Submit
C:\Users\Admin\Downloads\CraxRatv6.zip

Filesize
2.1MB

MD5
6ef917c21b06702fe83cc6495f25741d

SHA1
b627a8d5bb344294ea2b647ca6e14a19e8733869

SHA256
33ab51b9b6b68d2860d0b1207adc4107d2b1d5acd5c54f1ce1a4a6a848177605

SHA512
f184b076fdd0ac18e9a502a6cf8dcd3f929409346dd21e80d7f05f994333dfcaeb61abbeaa5d1010a88099d4b1b8b820522422188cf06dc311378eb54aa76db7

Download Submit
C:\Users\Admin\Downloads\CraxsRatv4.5.3.zip.crdownload

Filesize
9.7MB

MD5
a97d09b42b22fe270237d4c9b1f962ec

SHA1
e472a72f3777bb964281dd33bbc73299304b7975

SHA256
6938af959c80e12fc6dc28ff3324a322a421524f29c454f23fa68bbf8a7cbc3c

SHA512
d4d04bb77c11d2e4bc01823d234ef503e9e62a942d6a14350ce73357059ae4576eacf3ca96858b04201b422436c6d42413d20a6723864c2ae411e8b8461fffd7

Download Submit
memory/60-2561-0x000001D89FAD0000-0x000001D89FAD1000-memory.dmp

Filesize
4KB

Download
memory/60-2564-0x000001D89FAD0000-0x000001D89FAD1000-memory.dmp

Filesize
4KB

Download
memory/60-2552-0x000001D89FAD0000-0x000001D89FAD1000-memory.dmp

Filesize
4KB

Download
memory/60-2553-0x000001D89FAD0000-0x000001D89FAD1000-memory.dmp

Filesize
4KB

Download
memory/60-2563-0x000001D89FAD0000-0x000001D89FAD1000-memory.dmp

Filesize
4KB

Download
memory/60-2554-0x000001D89FAD0000-0x000001D89FAD1000-memory.dmp

Filesize
4KB

Download
memory/60-2562-0x000001D89FAD0000-0x000001D89FAD1000-memory.dmp

Filesize
4KB

Download
memory/60-2558-0x000001D89FAD0000-0x000001D89FAD1000-memory.dmp

Filesize
4KB

Download
memory/60-2560-0x000001D89FAD0000-0x000001D89FAD1000-memory.dmp

Filesize
4KB

Download
memory/60-2559-0x000001D89FAD0000-0x000001D89FAD1000-memory.dmp

Filesize
4KB

Download
memory/2140-2641-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2140-2642-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2140-2644-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2140-2654-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2140-2638-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2140-2637-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2140-2636-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2140-2640-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2140-2643-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2140-2639-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2831-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2757-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2799-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2789-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2720-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2722-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2723-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2721-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2719-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2726-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2725-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2724-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2767-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/2984-2736-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/3560-2704-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/3560-2703-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/3560-2715-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/3560-2702-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/3560-2714-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/3560-2716-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/3560-2701-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/3560-2718-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/3560-2700-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/3560-2717-0x00007FF7B6FE0000-0x00007FF7B7D12000-memory.dmp

Filesize
13.2MB

Download
memory/3568-2515-0x0000000006160000-0x0000000006704000-memory.dmp

Filesize
5.6MB

Download
memory/3568-2514-0x0000000005810000-0x00000000058A2000-memory.dmp

Filesize
584KB

Download
memory/3568-2257-0x0000000005000000-0x0000000005066000-memory.dmp

Filesize
408KB

Download
memory/3568-2519-0x0000000005BF0000-0x0000000005BFA000-memory.dmp

Filesize
40KB

Download
memory/3568-2256-0x00000000005D0000-0x0000000000600000-memory.dmp

Filesize
192KB

Download
memory/3976-2192-0x000002D2740F0000-0x000002D274296000-memory.dmp

Filesize
1.6MB

Download
memory/3976-2226-0x000002D27E0F0000-0x000002D27E1A2000-memory.dmp

Filesize
712KB

Download
memory/3976-2194-0x000002D277870000-0x000002D2778A6000-memory.dmp

Filesize
216KB

Download
memory/3976-2227-0x000002D27E030000-0x000002D27E052000-memory.dmp

Filesize
136KB

Download
memory/3976-2190-0x000002D271A90000-0x000002D271ACC000-memory.dmp

Filesize
240KB

Download
memory/3976-2188-0x000002D271A30000-0x000002D271A5C000-memory.dmp

Filesize
176KB

Download
memory/3976-2186-0x000002D2707B0000-0x000002D2707CC000-memory.dmp

Filesize
112KB

Download
memory/3976-2185-0x000002D26FF10000-0x000002D26FF1C000-memory.dmp

Filesize
48KB

Download
memory/3976-2164-0x000002D270920000-0x000002D270E7A000-memory.dmp

Filesize
5.4MB

Download
memory/3976-2154-0x000002D271DB0000-0x000002D2733CE000-memory.dmp

Filesize
22.1MB

Download
memory/3976-2152-0x000002D26A350000-0x000002D26E2E4000-memory.dmp

Filesize
63.6MB

Download