Malware Analysis Report

2025-05-05 22:37

Sample ID 241229-zyex4sxld1
Target Craxs RATTED.7
SHA256 c7c16847de3660b072a71654312ad44f2015e31f4a53cdca60748104b94a4820
Tags
agilenet discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c7c16847de3660b072a71654312ad44f2015e31f4a53cdca60748104b94a4820

Threat Level: Shows suspicious behavior

The file Craxs RATTED.7 was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet discovery

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Loads dropped DLL

Drops file in Program Files directory

Browser Information Discovery

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Enumerates system info in registry

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-29 21:09

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-29 21:07

Reported

2024-12-29 21:22

Platform

win10v2004-20241007-en

Max time kernel

733s

Max time network

722s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Craxs RATTED.7z"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A
N/A N/A C:\Users\Admin\Desktop\res\Lib\7z.exe N/A
N/A N/A C:\Users\Admin\Desktop\res\Lib\7z.exe N/A
N/A N/A C:\Users\Admin\Desktop\res\Lib\7z.exe N/A
N/A N/A C:\Users\Admin\Desktop\res\Lib\7z.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A
N/A N/A C:\CraxsRat_Bilder\platformBinary64\bin\java.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ktab.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\servertool.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\pack200.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\deploy.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\klist.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\glib-lite.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jpeg.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\dcpr.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jfxwebkit.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\mlib_image.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jli.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jli.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jsoundds.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\ssvagent.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\prism_common.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\decora_sse.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jfr.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jawt.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\lcms.dll C:\Program Files\7-Zip\7zG.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll C:\Program Files\7-Zip\7zG.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\res\Lib\7z.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\res\Lib\7z.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\res\Lib\7z.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\CraxsRat_Bilder\platformBinary64\bin\zipalign.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\res\Lib\aapt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\res\Lib\7z.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133799803472334627" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.apk\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\res\\Icons\\apk.ico" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Downloads" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "7" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.apk C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000 C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.apk\DefaultIcon C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
N/A N/A C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\CraxsRat V7.4.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1968 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1968 wrote to memory of 4616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Craxs RATTED.7z"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap11185:46:7zEvent11167 -ad -saa -- "C:\Program Files\Java"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb417dcc40,0x7ffb417dcc4c,0x7ffb417dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1864 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1968,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1960 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1716,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2256 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4416,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3728 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3712,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3204,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3388 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3488,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3352,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3468,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5232,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:2

C:\Users\Admin\Desktop\CraxsRat V7.4.exe

"C:\Users\Admin\Desktop\CraxsRat V7.4.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=864,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3564 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5240,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3528,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3156,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:8

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -version

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar "C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\apktool.jar" d -f "C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp.apk" -o "C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\apktool.jar b -f C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp -o C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\out\Ready.apk

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Users\Admin\AppData\Local\Temp\brut_util_Jar_57033956288201272864830521939367527194.tmp

C:\Users\Admin\AppData\Local\Temp\brut_util_Jar_57033956288201272864830521939367527194.tmp p --forced-package-id 127 --min-sdk-version 21 --target-sdk-version 29 --version-code 30 --version-name 4.14 --no-version-vectors -F C:\Users\Admin\AppData\Local\Temp\APKTOOL4626081840768836339.tmp -e C:\Users\Admin\AppData\Local\Temp\APKTOOL293990194054367413.tmp -0 arsc -I C:\Users\Admin\AppData\Local\apktool\framework\1.apk -S C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp\res -M C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp\AndroidManifest.xml

C:\Users\Admin\Desktop\res\Lib\aapt.exe

"C:\Users\Admin\Desktop\\res\\Lib\\aapt.exe" dump badging "C:\Users\Admin\Downloads\de.stollenmayer.philipp.Pop_1_1_Android_4.14-30_minAPI21(arm64-v8a,armeabi,armeabi-v7a,x86,x86_64)(nodpi)_apkmirror.com.apk"

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /c java -jar "C:\Users\Admin\Desktop\res\Lib\ApkEditor.jar" info -i "C:\Users\Admin\Downloads\de.stollenmayer.philipp.Pop_1_1_Android_4.14-30_minAPI21(arm64-v8a,armeabi,armeabi-v7a,x86,x86_64)(nodpi)_apkmirror.com.apk" && EXIT

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar "C:\Users\Admin\Desktop\res\Lib\ApkEditor.jar" info -i "C:\Users\Admin\Downloads\de.stollenmayer.philipp.Pop_1_1_Android_4.14-30_minAPI21(arm64-v8a,armeabi,armeabi-v7a,x86,x86_64)(nodpi)_apkmirror.com.apk"

C:\Users\Admin\Desktop\res\Lib\7z.exe

"C:\Users\Admin\Desktop\\res\\Lib\\7z.exe" e "C:\Users\Admin\Downloads\de.stollenmayer.philipp.Pop_1_1_Android_4.14-30_minAPI21(arm64-v8a,armeabi,armeabi-v7a,x86,x86_64)(nodpi)_apkmirror.com.apk" "res/mipmap-hdpi-v4/ic_launcher.png" -o"C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\res\mipmap-anydpi-v26" -aoa

C:\Users\Admin\Desktop\res\Lib\7z.exe

"C:\Users\Admin\Desktop\\res\\Lib\\7z.exe" e "C:\Users\Admin\Downloads\de.stollenmayer.philipp.Pop_1_1_Android_4.14-30_minAPI21(arm64-v8a,armeabi,armeabi-v7a,x86,x86_64)(nodpi)_apkmirror.com.apk" "res/drawable-hdpi-v4/ic_launcher.png" -o"C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\res\mipmap-anydpi-v26" -aoa

C:\Users\Admin\Desktop\res\Lib\7z.exe

"C:\Users\Admin\Desktop\\res\\Lib\\7z.exe" e "C:\Users\Admin\Downloads\de.stollenmayer.philipp.Pop_1_1_Android_4.14-30_minAPI21(arm64-v8a,armeabi,armeabi-v7a,x86,x86_64)(nodpi)_apkmirror.com.apk" "res/mipmap-hdpi/ic_launcher.png" -o"C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\res\mipmap-anydpi-v26" -aoa

C:\Users\Admin\Desktop\res\Lib\7z.exe

"C:\Users\Admin\Desktop\\res\\Lib\\7z.exe" e "C:\Users\Admin\Downloads\de.stollenmayer.philipp.Pop_1_1_Android_4.14-30_minAPI21(arm64-v8a,armeabi,armeabi-v7a,x86,x86_64)(nodpi)_apkmirror.com.apk" "META-INF" -o"C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\META-INF" -aoa

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultdbf1342ehb2ech40bbh96deh19c0adcaf407

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ffb3a1946f8,0x7ffb3a194708,0x7ffb3a194718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,7433971594614987056,11076192965263582138,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,7433971594614987056,11076192965263582138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,7433971594614987056,11076192965263582138,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3056,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8

C:\Users\Admin\Desktop\CraxsRat V7.4.exe

"C:\Users\Admin\Desktop\CraxsRat V7.4.exe"

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe"

C:\CraxsRat_Bilder\platformBinary64\bin\java.exe

java -version

C:\CraxsRat_Bilder\platformBinary64\bin\java.exe

java -jar -Duser.language=en "C:\CraxsRat_Bilder\platformBinary64\bin\\apktool.jar" d temp.apk

C:\CraxsRat_Bilder\platformBinary64\bin\java.exe

java -jar -Duser.language=en "C:\CraxsRat_Bilder\platformBinary64\bin\\apktool.jar" b temp

C:\Users\Admin\AppData\Local\Temp\brut_util_Jar_23851152479144354238121861052235253887.tmp

C:\Users\Admin\AppData\Local\Temp\brut_util_Jar_23851152479144354238121861052235253887.tmp p --forced-package-id 127 --min-sdk-version 21 --target-sdk-version 29 --version-code 1000 --version-name 1.0.0.0 --no-version-vectors -F C:\Users\Admin\AppData\Local\Temp\APKTOOL3334049341802888965.tmp -e C:\Users\Admin\AppData\Local\Temp\APKTOOL2532396386991400154.tmp -0 arsc -I C:\Users\Admin\AppData\Local\apktool\framework\1.apk -S C:\CraxsRat_Bilder\platformBinary64\bin\temp\res -M C:\CraxsRat_Bilder\platformBinary64\bin\temp\AndroidManifest.xml

C:\CraxsRat_Bilder\platformBinary64\bin\java.exe

java -jar -Duser.language=en "C:\CraxsRat_Bilder\platformBinary64\bin\\apktool.jar" b temp

C:\Users\Admin\AppData\Local\Temp\brut_util_Jar_74798539284379593335275597642094492117.tmp

C:\Users\Admin\AppData\Local\Temp\brut_util_Jar_74798539284379593335275597642094492117.tmp p --forced-package-id 127 --min-sdk-version 21 --target-sdk-version 29 --version-code 1000 --version-name 1.0.0.0 --no-version-vectors -F C:\Users\Admin\AppData\Local\Temp\APKTOOL6894169250653254174.tmp -e C:\Users\Admin\AppData\Local\Temp\APKTOOL2288068969489685924.tmp -0 arsc -I C:\Users\Admin\AppData\Local\apktool\framework\1.apk -S C:\CraxsRat_Bilder\platformBinary64\bin\temp\res -M C:\CraxsRat_Bilder\platformBinary64\bin\temp\AndroidManifest.xml

C:\CraxsRat_Bilder\platformBinary64\bin\java.exe

java -jar temp\dist\Crypt.jar p -i "C:\CraxsRat_Bilder\platformBinary64\bin\temp\dist\temp.apk"

C:\CraxsRat_Bilder\platformBinary64\bin\zipalign.exe

zipalign.exe -v 4 C:\CraxsRat_Bilder\platformBinary64\bin\temp\dist\temp_protected.apk C:\CraxsRat_Bilder\platformBinary64\bin\temp\dist\tempzip.apk

C:\CraxsRat_Bilder\platformBinary64\bin\java.exe

java -jar C:\CraxsRat_Bilder\platformBinary64\bin\SignApk.jar sign --key C:\CraxsRat_Bilder\platformBinary64\bin\key.pk8 --cert C:\CraxsRat_Bilder\platformBinary64\bin\certificate.pem --v2-signing-enabled true --v3-signing-enabled true --out C:\CraxsRat_Bilder\platformBinary64\bin\output\ready.apk C:\CraxsRat_Bilder\platformBinary64\bin\temp\dist\temp_protected.apk

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4892,i,17840290636691031785,5760960331180207955,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com udp
US 8.8.8.8:53 67.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 gofile.io udp
FR 45.112.123.126:443 gofile.io tcp
FR 45.112.123.126:443 gofile.io tcp
US 8.8.8.8:53 126.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 45.112.123.126:443 api.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
FR 172.217.20.206:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
FR 142.250.179.65:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 store4.gofile.io udp
FR 31.14.70.245:443 store4.gofile.io tcp
US 8.8.8.8:53 245.70.14.31.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
DE 172.217.16.195:443 beacons.gcp.gvt2.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 195.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
FR 45.112.123.126:443 api.gofile.io tcp
DE 172.217.16.195:443 beacons.gcp.gvt2.com udp
FR 45.112.123.126:443 api.gofile.io tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 142.250.179.74:443 content-autofill.googleapis.com tcp
FR 142.250.179.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 store2.gofile.io udp
FR 45.112.123.239:443 store2.gofile.io tcp
FR 45.112.123.239:443 store2.gofile.io tcp
US 8.8.8.8:53 239.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 23.52.177.198:443 cxcs.microsoft.net tcp
US 95.100.195.158:443 www.bing.com tcp
US 8.8.8.8:53 198.177.52.23.in-addr.arpa udp
US 8.8.8.8:53 158.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
FR 45.112.123.126:443 api.gofile.io tcp
FR 45.112.123.126:443 api.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
FR 45.112.123.239:443 store2.gofile.io tcp

Files

\??\pipe\crashpad_1968_KLDYTBCVVTJJAGVY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir1968_1440363585\0a8527fb-254e-497f-84e7-76a16acdb9b4.tmp

MD5 14937b985303ecce4196154a24fc369a
SHA1 ecfe89e11a8d08ce0c8745ff5735d5edad683730
SHA256 71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff
SHA512 1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

C:\Users\Admin\AppData\Local\Temp\scoped_dir1968_1440363585\CRX_INSTALL\_locales\en\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 21ba20d1d8df0282dede0c2084da0e7e
SHA1 7f17d576ad9324bb1301827dbed1293b63b0e4e7
SHA256 b52013ac278ac665f0cdfa6cc7b75b2283ec56713ff021932e2caa98ffbd2f04
SHA512 54a779c752d025c60bb60057275f2439c2878ea2f5b9180b3aefb6f8adea65c85025102b5ef662e2ae80377ca8a2c6f29b98cbda7e5459494805320c4d0f6d5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4d158cdd-b03e-43b0-8505-d828dc630fd2.tmp

MD5 6790642808e6ea315dd8b3aa969575e0
SHA1 9ae78619ee1782a4c19ee3f3ed8cc3a9e0b8c785
SHA256 cec4f01fdbcfeabadb7641b8a52b1c5dbf4dbb0a5c78bea3891497c9839a558e
SHA512 364368e489c08afd98f4d0a6ee544240485861040ca0b7be34f5d046c75d2006e4eef38273f894f99eda633d1c65c6635fca01faf3f7b6811df1932831fb9a39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7c9527d166ac8b5d89b323203c976d2
SHA1 055ca63564ce944828243c1482f629434effc173
SHA256 8eb815998200d19660fcb99fab82cffdee8d0b66fae6178b7b82d3ea4d7e2428
SHA512 1b52b5670fe468555374d157f4a9686deee3815ab56c88553f5a628e9fd08177a0ffc885b109b4fe1db4d64a9e9a48aee20358107f580453ea76b5d5e9646d72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 594f9e28a11d3f1321b95985c09b4b3c
SHA1 3f1108767be54b7d3b29fc33fcb83a1f30979e24
SHA256 efc43445c24640be63ece18f64d2fb9e2c20e7592376a62282be56c57204195e
SHA512 a1fd3d0f7c0f53774a72f27ca9601e753bdbda1973a6172722ea90a52a819a01b7d8f95bd5c04d763c4f47c0bbb32d3670d3690c1d6a1e0117fb7bc365febeb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 24c34610946e45d9ecfa717d4d914ed5
SHA1 ff64dd98b74035c9a051ab9c3ec67dd9b1b82ec6
SHA256 fb6f0de2e8afecf02e1ec3d94774e75cd00e58e9dc43db9be52b65bfec2bc896
SHA512 2ba8f4dc35b3ad8c1da665a361539af962ea5554586a6a2bc5da6740de4175c1375a02bee25373643542e6177a17e52f1c7a2a9ee826a647c33a003319692986

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7f739c74ae253b07a1c2886aec089ac0
SHA1 3649524c2211d3331f647fda24e035fe4df97eb9
SHA256 082b4d175e13757cfeb6a491d92470f35f39ca392b948eed945e0f6323f990f2
SHA512 c562410ff72edd7a96900c1c655d7341ebccb53bea94aa15a420afa4405def1a9e98c1e3ed6f11ba9e1239854ec7028770923f207e5d589b2f8eeb35345de594

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 53bdd649b169a0ddc45964ac72263415
SHA1 3502a848fa3868cab2f88d6c65d30b002e3c9a53
SHA256 4f55c3f495b2a44809102416a6c9179a6fbc26ef862f972cbe3d7a6b804c7d9b
SHA512 6bf39781b84d10a98cd04740292e5e5402016ea30cb9f096b636945357656511fc22d0f103e6355cd01ff6959d608aac95f0b3a5d7cf9c4a7edeed441760951b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 0f6c17d421fb824ace8e3c8ad04f2cda
SHA1 6faaeb5f9134332f3bc16977b71e0ca2169cca39
SHA256 c0f9aee2306f32ec9f35389c023602a7fb04ea6be392b781ffa8db1aada92b40
SHA512 ef01cff0aa059d0800ee19184161e8065d81beaf2c80fbb6939f8854323a5c37e537ed7af83551cbd7f132332682bcd48d5c2684a6e56b318ad4527c90d1ca40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e35e3ebad480eba37adac471605c73f4
SHA1 d16fe92b8be961f2a138d7ce22c67d7910f9f153
SHA256 45953ed56bf42ad7aa0e3d008f326fd0a56b5cd7bae0ec56d7acb8c2dfacfd88
SHA512 a101fbf44c498dc79c1aa9533ba292d2b27875606da080c6fcd24bbc9ba8d509cf7fff2ad2d495adae10b85f2c2374f1895cff109c32a7c480b4856d0dc8056e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 99eff778804bd6a6049e3031acb3ae72
SHA1 4a8e7e7a1b69a582dcb79d7a0f9b4a04b2edb421
SHA256 004ea059ada3f2203f724419eae1db603a05d83d1d9c6e2bc4aa74ba18156b2a
SHA512 0b62d3f29887a9cc7006fe53b2770f42ed4f9fb725dd33138504d296c3ca67d9ee18cfb6ef969dcdb114b0829385a9c61ec7db91bc26deca2a6ebdefd62b73ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 257f5cdb56f05e14a66e1ae9b54d85f4
SHA1 0dbad6eb32439eb015e631860e545111f7a5923d
SHA256 7673b49ef8a31a0ab034d31769db2280733ed977c076995c0c2ac0120491eed1
SHA512 e811fd84f089e8007fb85e3dfd763d8b7d2d1a8f1ba878bc7afdac472a9519f9888cecf9b20e97044fc75d4a7ded1e5277097c4abe4c5aaca67c205c9a8b3ae9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3515a90aff99b5e97b2462c47cdda494
SHA1 d9cd44f464cdd6f998d386cd436236d9b99f3885
SHA256 2778d9649315c6a14809ae96f366b2a7edc5a770a53693f1251e3b4ec937b90a
SHA512 b32e617af367db05c31b5f272896526ce9edf464848c0873685e89a753a4349b24f4f7eaf3e5c7cf65e630cbda15e22012e491f95f364b72fc328a47396becea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8ce6cd29b91c685e66f6b94103202766
SHA1 8be0586ad9cda4e067da44f2a70929e5eb098103
SHA256 140fa662022000f0a55f4228fee2e207201bbf7d3db5ab3ffa7c9aa7034ebcff
SHA512 612f0c858d4ff9465b0719891c3f91435a4c090c66df5cdcf32bb9385c8304f350329c3258699a2726ead6691c8d9aff4d25d87f22486b93150abb8240b3b72a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e636845a3012a54d65cbb811b0a9f505
SHA1 bc268d192cc6b7214e66751fbae96d9e6424b4e0
SHA256 4ef0ba110be39e4e2d420418e3d8e4d3ef22b436fd8dbc732f66fe86112ea371
SHA512 e5f9d97ecc980407a78de020c2bc1b9392d59052e4e705776222a8c033510c4a004a091fc3e0ee15132fac538564d411a4fb1d2b8b56302a15aae74ad588cbad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7ebaa0f8a94105cb8e235ad17e1270bc
SHA1 2c2a351a14b8b6f648bbc42771183be6c8ffb680
SHA256 563eb8157cc5d2060e3fbeada5df78893a244c96329c3d5ba713446522fd88e1
SHA512 ded4a4936450c645e7fdf579d7e05cc343fca0b4f3d0ce60bd4879cff8f442147585ba5494442100d5c0c894bb59025fa9636de1d7d7ee2dd2af47de3063816d

C:\Users\Admin\Desktop\CraxsRat V7.4.exe.config

MD5 d1158d00747c63b29a91da068c16ac15
SHA1 540e2dec15f0735effa1288b9a57c56115dccc57
SHA256 633b6dc8625d1b14d46ddffc922f362fd668043e3aaab40193e61424e42a951a
SHA512 2966d1d3cc8d29ce964d71f7300e4c129b2ab2ef94fe4bdeab7fd3069cb4598a091682e08a1f060a0f958bfce7d12eb4ff3b67e1bd26e982169da6600359a74f

memory/1284-1602-0x000001E8B1850000-0x000001E8B565E000-memory.dmp

C:\Users\Admin\Desktop\LiveCharts.WinForms.dll

MD5 76c775d09b24798f6923452e920979b5
SHA1 3fe2c79512a0d1153fb07f6640b27106c90d333e
SHA256 a5b61c1726304e6b72e09a0f35ddbf52f89a75a4e28e6ed098c8d1df6081b4ad
SHA512 eacc093f8ac9401f617df7e07fd68a8a0f1f03aa150283de67ad8c338fcb1520b0f07335547cf533a646ff95f239c92b029f952a706e736bcd9508817c9be0f9

memory/1284-1604-0x000001E8B7250000-0x000001E8B725C000-memory.dmp

memory/1284-1605-0x000001E8B7290000-0x000001E8B72AC000-memory.dmp

memory/1284-1609-0x000001E8CFD30000-0x000001E8CFD6C000-memory.dmp

C:\Users\Admin\Desktop\LiveCharts.Wpf.dll

MD5 e924f79f0b5f3e79c98477d75831813d
SHA1 64f71e20e1953b13c771d8a8e63549ad6d64216e
SHA256 1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b
SHA512 063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1

memory/1284-1607-0x000001E8CFD00000-0x000001E8CFD2C000-memory.dmp

C:\Users\Admin\Desktop\LiveCharts.dll

MD5 9642899636959b7fc89bf34a8b998a90
SHA1 479a0254d1c9e5565c7d861bb77f54b7eae50c96
SHA256 9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca
SHA512 435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2

C:\Users\Admin\Desktop\DrakeUI.Framework.dll

MD5 0562b4c97f643306df491a938ae636da
SHA1 0807c37b711374ed4814a9518c9e264517de89a0
SHA256 70e72477f7fe0018e043ce8fe2228a289459058ee41caecd6f05855898bc5b80
SHA512 c969cd274b6bf65a34f1d129b6531616a3485a1f153088609ad2369d380fdec37c3e88a423495912715a26e353dd5498f7f9e73c895e9f3f18fc7d1e65d2ecaf

memory/1284-1611-0x000001E8D0DD0000-0x000001E8D0F76000-memory.dmp

C:\Users\Admin\Desktop\GeoIPCitys.dll

MD5 c070f2421851420e832e4f5989a775a2
SHA1 d6af3c48ffbe0fa1e0e54860836d3bbf374b8b46
SHA256 d54fd6c5903eea49a75d620d4ba232f8effb1863f5f9c974e4ac0a8fb1904131
SHA512 75c3edeb4c16d8e82eedc5595b9c3fde4cbd4a3e9deae1967ad513474920a48e4e9275fdc76f44032b1be570a4ece1a6393c4680af8989f67bcdec039d06798e

memory/1284-1613-0x000001E8DC810000-0x000001E8DC846000-memory.dmp

C:\Users\Admin\Desktop\res\Config\Pass.inf

MD5 f13c9fd7401845bcfaca535744744440
SHA1 a0f1325a69f2c303449177932c43030a4b5991ff
SHA256 87c67159e71ef382bd47a763527c906c18a77f79fa66d9e18569d1ed0cbdd167
SHA512 8bd1dfc2df7e51ae7113f9b0212335614961716dc0b10f58433d8618b9dcc80e2aabad9e563b8106a3151314af593aea9fd0a401cde30d7b47bf4b71d3b9abb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e2337421772dac0c1441a60e80fb518
SHA1 876f2607b3c14ad83fc4df9c4c6a45285cdcc949
SHA256 1e2e10b7a70839c3b7892eeaaf1c43f1f02a5317518fc5c7d4291bef00c9c5d8
SHA512 64e6fe766382bb84d085631504079e7026b9d635a4b3dde52ae657ae99851ee28e65ab6e17e4d746e51ce777b5f1800a20f99c514900a4dac86953bb226297fb

C:\Users\Admin\Desktop\res\GeoIP\GeoIP.dat

MD5 2fbec46d430f57befcde85b86c68b36e
SHA1 3ff9829e3242deb69a7fde0832b7d9345b925afc
SHA256 681ede512fe7ac21e976c754bfc1e1a75a9e02c3d931ce6849cfaa9d4080338a
SHA512 42036af6f57e446fec194ce71fa634dee9f4c77342f64a867fca8730d76349190960a7e7a5967ea59c250ca1b220d4845b4911dd63ee870f5620d9eb513b91d6

C:\Users\Admin\Desktop\res\GeoIP\GeoIPCity.dat

MD5 fab3cc04a19ffdf90d775e27967a7c25
SHA1 723c1635338bec7c1c876769618789268b8faad2
SHA256 bf41a0a700e3b35415609d090b15c5355e5cf4ca703ab119626b2d450997c608
SHA512 fe013386ff799cda195222341ee601d7b8b3c5c8abacf3c80e3fa03af52ac848f8a79a7dd87d8831d5a366243343f1025f704f49d858da4b02235968f834a9e6

C:\Users\Admin\Desktop\res\GeoIP\Flags\-1.ico

MD5 410e4dba1b3e1acd689425d024f3fd56
SHA1 d38fcae133db0cff918dc455acd8ffa437989659
SHA256 e10518132ded7ee51739953121f6efe77412aa85bd744ea7b256a5a6da751e44
SHA512 cac41002ef9ffe4592a0949ebb3a21b3837645838e623d3a188f7e70b6c82b2253c586a6a9395007849da0ef94d6dc47bcfce9cde554e8b6becdaf21082cf014

C:\Users\Admin\Desktop\res\GeoIP\Flags\AD.ico

MD5 2cce7e02f2decbdcf648cc249eeabbfc
SHA1 4a9cc2ab3162a949d5f559ac2828813da7aaa6d2
SHA256 ffd5e4016c4bc247f49ded9d4ac463e7bd9d7f92c9889528f5f3a865dc8234e2
SHA512 be3d96046ec50bfd8e4399d1268856d0cc1f541635896ad128d660660294cfd98f79998dfa46849a2e6e5aa3e637626a94a062ab694444b7210f69b3a55d1686

C:\Users\Admin\Desktop\res\GeoIP\Flags\AE.ico

MD5 5c22046c8b4f37adbd0f41a811238d5e
SHA1 e3c49202f86ff0718f169ce4cb82570457891bd3
SHA256 0759c987d55b3e2bc78ea1761d451b0b40928865c5b5652ef7b304426bc1dab9
SHA512 655c129c7456ce083a9eec235e04b871a16c4226f7cb1aa2ac4b119770b24ac61036950b0a77257af96352318a991037a1b9b5e2925ca84272995dd8135abca8

C:\Users\Admin\Desktop\res\GeoIP\Flags\AF.ico

MD5 e18c650283441dfbdc3aa46a414f326c
SHA1 eda65607858d6b93db9ca4a9f20cac382cb685db
SHA256 ecf99e08bf15aca4325c4790ee20ccc674b6f4fc6dbbef0885f36bf8e6e8aa68
SHA512 f10cd2a31390bbb06546052214a817153f35ed9b5c5403995267e1e9b4987630c08ddf7db414146211b8cfb4769949cd660060bd2a5c8a51bf5bc381372a6673

C:\Users\Admin\Desktop\res\GeoIP\Flags\AG.ico

MD5 93f8d14b56bf5f257f87ea438c7a3601
SHA1 31b71ace333e016408af2f18290463389206d1c0
SHA256 8e36c85a8ba6b92ea906d4dcda412b492449e668fac3b05f5fc512118fa71e5f
SHA512 a70adeb933e65ba11b28d11fad9a2eae29a623013f9bd8383afa5c794f214a6820f797f03f1714759bd38356b160b9c1e159dfcecbfa7e95f4ce2b24bfb24cf5

C:\Users\Admin\Desktop\res\GeoIP\Flags\AI.ico

MD5 2d5ee470e51e769e649109d2721937d3
SHA1 89bb18a904dc2857e52cff3a384df50858d5e17c
SHA256 08afe88e8a0475e320c6da70ff530ada3a6fb426051a6337a769c14dc37ae316
SHA512 d6801a6b238a9779b0b8829f79412c227ed8480ec060e3d1992c9b1024c94a8f1f6ed32097c8a93a6f2600ad68b2ac537fba5f0982a41fef01a832994cc0cc20

C:\Users\Admin\Desktop\res\GeoIP\Flags\CA.ico

MD5 a28d60062ceb07e296f5c4ddd6e76fed
SHA1 e9306422c690eb6e773b9ce306c6e5eb545f6e1c
SHA256 642b7b575255c44fa96167b1268e69f2fa72e76d62aa8f15768eeebdd45d11d2
SHA512 73dfb8a1ca49d5b8e9a739fc36dc68f5ee7a66be7b851f38941c6a7b55af64187b3390d1e8962b850e6d3f3755b9c03c5103ae62cb0e29855b2cc7cc49b3105f

C:\Users\Admin\Desktop\res\GeoIP\Flags\BZ.ico

MD5 79c5d3202341bbd141ccd6543fe01983
SHA1 ea4b1accd5025dce621752bd23a5143b1128873e
SHA256 627bbd8aefb32eb4bd11c2519ad35427d5627bdbd54b68119827990ef66b4180
SHA512 790390d2e6bd15f35f7f414504a01f206b6114837388b8897cf74bb0191598b4dbe01f1a99a39e0f3a535bedc714d77b63dfbe1e368f744e04acfe93f938ae25

C:\Users\Admin\Desktop\res\GeoIP\Flags\BY.ico

MD5 4c2fd28b7d3e934b6979550174bf4f97
SHA1 5177886a85094d8446ff457e2956481a68b066db
SHA256 de9fb648d544aee8166232826f3ddf7973d957eedb70ce5100df5a969d7a6cc7
SHA512 fdafcec7528305f0aa03d83ec5888c19bbea333b116a142ade6fb53d2812f4cfe5735ffb2ba2158389751c04b3e172fd196648e9fc8e95892125fdac1183a976

C:\Users\Admin\Desktop\res\GeoIP\Flags\BW.ico

MD5 52744003db72b685d11c884f2f9e56b6
SHA1 310b6932dc8864a8a6b2811badfac88288609a79
SHA256 9c1c1186d19dd5c439351fcb756df877c4ea351dbf4aac1de226b98b3053ff01
SHA512 6bfa94f9e8905498fd503b55d67d87ad2778799b04c9129c5f15de45d3fbf75d3460b5b855f048d169e345766e4457b25e29b03abeff043ef68b4669822c6d8f

C:\Users\Admin\Desktop\res\GeoIP\Flags\BT.ico

MD5 6354a3e9500fd25c6b16d06ee185b4df
SHA1 cfc3cdf3c1dffc5b8e00751cd25ec2e25d4ebbbe
SHA256 ea70f8f17623daf8128eeee0fd9b91d942d928e5b20da5e1bbc7a5d7a4be5e1f
SHA512 941b4b4b61f6475dd10df924f6580fc0b351d6bcf3dc75e8a9ed6ad60d57931379483457bf5d3c998e8fcae23ad110160fd73cb1e876119a702c0aceefe3b486

C:\Users\Admin\Desktop\res\GeoIP\Flags\BS.ico

MD5 8e52a4c31bcf00be00030a8e22e0642c
SHA1 a6743ce24e9ccc60064ea3629d54593cda7309b3
SHA256 2f2cf7125492eb037d8c5bfa15c1584ad8b55047f46e5052b142674ce10e95c4
SHA512 c5fe2072d1c029f359f79e07835e528f5527ccffef1d85483760eea8556b842449dd5babdad3b6f3ced1fe5a6104bdb4d9a688630bd9e26c8e533bdacf6096dc

C:\Users\Admin\Desktop\res\GeoIP\Flags\BR.ico

MD5 b44d5f3b7562b900379302a2f8abe2e7
SHA1 93f2167eeb28510497a4cf6e731aadc1deb783cb
SHA256 29be53093407af0aa165535b196cd3233e19903e7d07c7487c3590feaf3806dd
SHA512 6654a62d640d0b20be490d05a871abe2cae150e3ebd9119c656a8e62deb8a820a417c06fad5fcfbbf5d942c73c9042a281affbd9c28240d85d17ffd1af709ef8

C:\Users\Admin\Desktop\res\GeoIP\Flags\BO.ico

MD5 ac44c7d4d6d1725f969c9aea026bbff1
SHA1 7796cd8f72ca40280d819cf4512a534eacf35b68
SHA256 a74d0a96d71485df49614b77a3a232af0c0984443cf2a3efd30d2a9b367271f6
SHA512 1a68ed03fd0bb79460fdb2c6a0c3677db9055f17a14da79eb3388fa3d4a61d17984ea3d0b7d69c9bc5b6a39be955fba62962993122d8df860355125b2e759242

C:\Users\Admin\Desktop\res\GeoIP\Flags\BN.ico

MD5 4af382e98b18f91caac79ae5240ccc40
SHA1 3158bae6579aa85151b67ab08687b64467c19e4b
SHA256 9cb1449764b3abaae85b2edb0e39afb9776e4c662591f3b241b741a502bb777b
SHA512 0a6daa2b22ee49819d0cda58cfe74343638c62041ef342b08918edd4e1e9e4e90ce2e72a09773b2d9a8859310d237cb8f765fa9658cdfa4adaf1b9e40bb5880a

C:\Users\Admin\Desktop\res\GeoIP\Flags\BM.ico

MD5 d3be823145f7a4b0424beecfff5c9e75
SHA1 0d279742a4c5468d58f2d141b5e3922699b165b7
SHA256 7f33f4d7cdbe5ac4745917badc34bb93d38a8e5abff6bcdc0c76d3171baf275a
SHA512 6f84de202333e036d1aa772a82448e3e0adb2b453d3f93eab5ed745b4399b74e07abd3a533862a68b57dcd1982941698545e239a6510e0f59a51a442adbd7009

C:\Users\Admin\Desktop\res\GeoIP\Flags\BL.ico

MD5 a5b94c9bcb4d88d9db4d0a568f80b079
SHA1 80167cfe16e20d0eda73b7b4627ce676911814be
SHA256 8165efe84da8f10193cadb266016cfb6ca87724614d00c70495a7b9afc172caf
SHA512 5a186a33e52870dbe2e58c889e913315add63486dd184b216cc3a8b2317169e3ffea8eaaf95084eef6ea04a0f3a791d6012bce6b0118143aa514820050577c54

C:\Users\Admin\Desktop\res\GeoIP\Flags\BJ.ico

MD5 994401f509db6b74c3ba205814ff1f02
SHA1 3334f65250c7ba7cbee20065bf4d52becdbd392d
SHA256 569c37c33bf5fe84cf1766c26c531be1398e80585551cd065dfb8dd62a57b608
SHA512 cbdf647eebcbbab5df5b8b68ffbb900534f2d41ec2f4d74e53e53eabbd2219caf83dce0cdbb53cd9c126ce1f88aa667439bce5a5a6ae5e6eb07acc8c8740d1d2

C:\Users\Admin\Desktop\res\GeoIP\Flags\BI.ico

MD5 f44e4ff32292c899f1dfc0d40946c945
SHA1 3e1c7d81166d64dcd6052a7fbe72dd6a56753682
SHA256 84145ca9e4595bdd4838af891ca65f3b88f4ce830f867b6d4f821780152b9c16
SHA512 aad82aee512ee6768ab98e83aeda9b6954d792e81273594d4c2f46183fc0f7df8c0fc4a8035a43c8989b61690dbebea8e286461b01eeafa3398ecbe61750fccb

C:\Users\Admin\Desktop\res\GeoIP\Flags\BH.ico

MD5 75c68788c23a5adf9efe2c1b70526710
SHA1 3750a765118359dd026580d071da6bd3ecd677f3
SHA256 2525fc71eb284013f3add2f13578363e8030ed41fec3a7fd599a96b2a8ba0d70
SHA512 c2a8ee014d1c9ed3ff09d6781c5062fd9aa2dd233c911358eefc2f27d24cee05883086420b2ecab27138a5f6d0143e045ea2b80a221b30b28eb02ecfe3b6c0d3

C:\Users\Admin\Desktop\res\GeoIP\Flags\BG.ico

MD5 8237c4778058a9bab26f406b8f06dca2
SHA1 4bc2b85679ea7e634af68b4e31135d3205ae01c6
SHA256 426c8b630bdc5916c5a687450e90a265d18a1042111c7f26a5a7d85d143044ad
SHA512 b64ec153ba921e2f91146ec1461a75b59fb8e71ddb27dc306144a9cc1aa271e6a61096210f4a3a8e56b45ced2f16343cf61a8bc594b52ccb1d9a0d5b312456ed

C:\Users\Admin\Desktop\res\GeoIP\Flags\BF.ico

MD5 afe862286a0c17305ca72a54bacc21ca
SHA1 e220c5912d11960c8e9ee38f44dca1361b729dd3
SHA256 5f865103ca695247ab7ea7e02a1942ef01cd65120973e17fa3fcc3e59f9f7eb9
SHA512 33905016ee79a2213a5dd03d553e0245058422d45861f4587f4b3aa2e9562686c209fd1e76575d7614a52388f3308907bbdf867223e15a7fe62d3650b130ce68

C:\Users\Admin\Desktop\res\GeoIP\Flags\BE.ico

MD5 f7ed63c5a74feb0ee727cab8d64e2ba2
SHA1 d06d03cc1f832a30c3b5ae51f164291498ff4df4
SHA256 bd0eefab4e51b0beae22d4557f8c43e2908c39b23158900d9c3d38d4a3c27b2d
SHA512 01bb6f850b6b213e365b55861f6a92442c15931db6989f6be03a009a97151abf066eb1298fbd6d130a7ff47970097ecda5855acd2f15fb750f1e5f6916b06e48

C:\Users\Admin\Desktop\res\GeoIP\Flags\BD.ico

MD5 7bb2410b8a58504b0645e9e869cb903e
SHA1 a1d49a900e2367817575d581c34a3f4b5282db25
SHA256 f8d767b5e74cde08d614d64bc51f4d9db90dc056dba1c38ad8b21aa6c598a286
SHA512 a629b6e3a5fc4cc0499e18139260a7c67c629d76c8264ffd3d99c62154354b50bcc5d73b0475891cf38b90809de996648c211a9c2df0aa4e885e536fe4d3f825

C:\Users\Admin\Desktop\res\GeoIP\Flags\BB.ico

MD5 a272b143736710d954a021e7b5b1fe41
SHA1 abf3a358da02a0d9786a022a1367d9bf805ae060
SHA256 f679b5b2dfe2c980b55b713a025936c10260db10254391c5b66dcec51dd97705
SHA512 9290ed552de75f080719d3e6f4954234b48cb1bf87952bf62d1799d64c0d0a2419fe6776d5a84f691f877a6e7ccb176824e7dd00f5ceec7da32458faf1ef6485

C:\Users\Admin\Desktop\res\GeoIP\Flags\BA.ico

MD5 a603875f8aecceb0d62c9c346f250e62
SHA1 44b58245d17d8d205e6bc2015965b3ac9374245e
SHA256 b586dd987bd326d24ad3edddd1f649d2fc49eaf96028e62e6e14208591a31a9b
SHA512 62c218f9e7e30c056c02b0e9e35b39fa9b66faced7fa8c3a14e9636450d271da04aa5f04a627452be03d0df062b38db0bbeb4fcdedb0d7d820d0bb186cb38953

C:\Users\Admin\Desktop\res\GeoIP\Flags\AZ.ico

MD5 3abcf274a070469b7fd5cc1f60408c9d
SHA1 a2fbdbc0028f398a90b351fe5e3a2e4b31153b07
SHA256 d3cc5eeabeae7f54a8c5600b5c2354b355492634031e32e8ba981806b0494b61
SHA512 14be128eaa0b49b7ad07ad2230732e923a30c204faae1c3afac766088836845fc385a99ef50938f6261456e0e45afcd17c0661345ab72cca8b66bd710eb3035f

C:\Users\Admin\Desktop\res\GeoIP\Flags\AX.ico

MD5 19169001a889e72fef769900ca7a8b27
SHA1 e17d9c371cc34d19f05c46d81e06f7ae2159dc7f
SHA256 5ac8c61a8ad2d7ecc3e76927fd6d52b4f279c4d3a92dd32715395581c4615423
SHA512 4c8247ab0f37cafa90ae34aa865af45b6b388fdfa8ab96935d2ae2064c620240dbb8f93c9958844a34fbd249422a9b5751639179697bab44aabda8afc18b0454

C:\Users\Admin\Desktop\res\GeoIP\Flags\AW.ico

MD5 49d969f363a153b7e1cb4dc2cb742238
SHA1 2a8fbfd37be58690dc2e0ca2b3ce04c2d15d6eec
SHA256 f0d730a0d8ce85f049a6d8a52733c506a8cf48584b18838f3d677b09d9c09b52
SHA512 97f17ab20ee96ae4e71e31c7864c509ef0b714215606413c801b3608770415ab63d6d5be0980af7231e4c2e270407fd273c36e0e47d524e59126b933fafa4eac

C:\Users\Admin\Desktop\res\GeoIP\Flags\AU.ico

MD5 ae8189b2c04d783a2f68f0204f1baeab
SHA1 e5709598ed08427a1dd83e1d994330bba1b1b091
SHA256 047f9bd82ca7e2685c1dca4c065209977b5e8c32f78ee821bcc7aba12decb044
SHA512 ef1dd8330cf3cfa9840a5902e13c669e6de911ca9f383067506e2c106f05021aa79df60e2a867259bbd1dd056b9367d5814e9bcbafb242d718fa7fe0fe664248

C:\Users\Admin\Desktop\res\GeoIP\Flags\AT.ico

MD5 8effa2f5bbcecf6415b04f9408c0a65d
SHA1 3f3249fe921c1d4767b76b0c3a720cba0262b565
SHA256 236c59500b9bd83212375ca7514c0d62dc088203ed269e9cd55ca6349adbc8f0
SHA512 3f8a1f0683207ed616819a0e42b18e5b02eab0300fcf6eac1c399f0e5475f45d62e0bdebfe0055d411d529649938623acfd4b3b02fe80fc9da6a0492dcd31822

C:\Users\Admin\Desktop\res\GeoIP\Flags\AS.ico

MD5 caba1e66c954bc8d784efe2a3c02d808
SHA1 ef1d5ba4735c99b55648503513d9ae7393a3a6d6
SHA256 4946c58e14318696ea03cf9bcb5d8a7334273c2f9e30173a3c7ae0bb7ee70bc4
SHA512 430806d048e383411e36a8e3777a27b7efc1819cca50c7d7eeba662d32351a366d3cc0b892f819b6a96db8281c5e249d3faef13e8a4ec3bef75e67b9567bd466

C:\Users\Admin\Desktop\res\GeoIP\Flags\AR.ico

MD5 bb4f489b2ae1f6601513296357fb478b
SHA1 b8337772e2e17d48412f44373ea8a821b85e9c54
SHA256 af2f591584f6c59da15fd42e5175dc136844442e1c755fac047b0efae3956c50
SHA512 547e0753a1ac4058ec609ddd2d6ce54b50cc47177ee319f5bcc82eca9e231d01d74b7c2d02de90557c08224bed962c74f8c4079a1292153cbff32db234ddf6a6

C:\Users\Admin\Desktop\res\GeoIP\Flags\AQ.ico

MD5 be6fa7ab4980735841141d4d3f642a4a
SHA1 c6d03cda7f73a959a3d20d0e3897595fbe2915e9
SHA256 3439ebcdd8e7a614f157f58d7f77d190aac7fe514129a01024a8b68b7008fbb2
SHA512 fbc116df306de7a04f43cb2becfecbbaf103d6b252336e0bd37f006506140ceb14f114cdf62e203bc12f78c25906066385eb6caa67f694d8526b341bcf3462f2

C:\Users\Admin\Desktop\res\GeoIP\Flags\AO.ico

MD5 a5c78266329a1eb0f3e52bc0343783b5
SHA1 e0b254e2176f0eab8d2b76213a64c24ba1788675
SHA256 550a1b6e2b97febd865cd130b0c0d484cf2fd02b8066ddf6d7290b9cffb35059
SHA512 61a7bf67f9019e5f4c653246e1844703619d6421c3625c963862ee9b0b3975b26ce2f785c9b3cc79e77181c098f0e3d60c9f0e21203928117c6cd45f104af36f

C:\Users\Admin\Desktop\res\GeoIP\Flags\AN.ico

MD5 ed05e0515da2b4c11d839493abf8d44b
SHA1 8862a2bd75632d916fdd049b31f2155ac7894524
SHA256 8f641c948721c9e7e92f28224b8b1beeb27382e5bac8a4014a57537dd7543a8d
SHA512 31613012f4ea1da8d1318f69e6e9a4be068e9e490f01ef0e1f880b33f50d715d92d7498ca99223ce81d6656ccc4293a7fbd272939e99dbc21d62176a6c6d9553

C:\Users\Admin\Desktop\res\GeoIP\Flags\AM.ico

MD5 16782d3d013fbdd1277424363dd8a0ad
SHA1 c26e1fd52de7ceb24af6f01fb4486d39e1932bfe
SHA256 faf3d661a09912ff0c1f6cc92dd8775c3d2be31e9a72fe0962c144d679021d86
SHA512 44bda0a5d59f1ead6939a6af13b81ab23b28be44a61e7e736d5e21cbfee813a3a44c5832b16036717f0e18a418dc449b5c3aa1e0f05c4830cb3b64698ce0901a

C:\Users\Admin\Desktop\res\GeoIP\Flags\AL.ico

MD5 5dbcdfb9a2f9120ba42006c997e22b42
SHA1 01fe537ccabec19b252e07ed6ab557a46a70e6df
SHA256 8f726d2132b2b7764936aaffb52ef7b0271abf857949588c36b32fb3c769bcc4
SHA512 519b0757a1bba205915aea9f8bb715072420fae126a4917f146c9ea7567fc231d74f93ded8dead86dcffb0fc293de1a4c85a161dd894b490e57806df67cf01da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6053f743fa4d592cf2b1e69128cd05a7
SHA1 61d273d7138bfc5ff3a0c2974baed14f5cf44568
SHA256 4a360a2dc35f34f5d8180aa21fbdae96b030ef967ca9ade7c62e62486e8a7d90
SHA512 6efbe02a7a65a43150eb38632dd80bc2a52b1d5267040533f7431bd61ac1e51f0fae6f276e0c1e8349fc9ef2602e8c7632952ef3509a07ac600a1557e7028072

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2deaf98850625c9028991d4ca1e32cf7
SHA1 127dd8a5f1914def9bd5a57ae95697ca3b50d510
SHA256 cea6da723663b98691eeac2d416215486b91ec86a20228cea820dad9c5bc8dca
SHA512 d69a386bc0fcce40b2116508c86a1e01695772631c06d3b2ee90c883dfd79fffff075e79c7204ab26b92fefae3b7991f9ef54c929ea990c634d7d164c81f7eef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 83de6d7d7b69408be5a3bf878ac72520
SHA1 a207ef3de989d9c940d2528f3d0610ad65785f90
SHA256 ae6487050e7c46122715aa4a3e157d3c69fcdd3125c18fcfcb4bb092a677632a
SHA512 a08846ac7456ebd89c1d61e368c85b52cf973c9cf669466993cc2bcc8983bf49628dc82c56b7c6302ee268a9bfc647e195c9bf750f3ca2251341ff0f6a0bbff2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 97ab361e157ca021f806f775e64868ae
SHA1 093fe05e5cdb58f4969e2c1c81917f30c9ec59dc
SHA256 3f116452ba47033618664f6bea67a24601d473bfdaf080fe292ff216cb5393a2
SHA512 8618dfa0d9f2d61bcdd65210af2f9f3793b5abc75f1122481770adc9a1508aedfef5b194181e49795b1051f8d8fbd9121eb595ac75f56ca1088fae4adc78750d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9573248a3eee2639c9a41581f894405d
SHA1 4d3f7a24b733377e5ccc601875d6a9395bb4dbe4
SHA256 7c307ea4e331483a54bff91ce9cebb856a9ad25cb4c76f6644a7038d99828701
SHA512 5e4e74f34201c295a581b145c8e2eb7a5c4ac7350988115ae521b1d8b16bb0fadc272cee28fde2cdfd1b190278994d42ec41160044440a172b9547aeabee27a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7dcb1480f737b3b292a29089f95bf08c
SHA1 ad8ed0013bd0eba87ed88e35be40e13625fa8d55
SHA256 6858f38882fc2162f843a4c6629b21057d6b2c217cca2cabe04620efa4a3ed76
SHA512 2d9d6cf0f4bad2b361797935421a68dd15a27451bfa4c4a4658d576546ccb45449e971e0aadd3fb78b55fe70faac83af339c8779ece253c36c4588a67b9b8062

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ec950f78ad97681bba7cddb99c1a52f4
SHA1 5b1adec2180e5bc91edcbbb41641b896d072e2b1
SHA256 343ae49d958c8b5deb47afc1ca1f7a4fab7c4221ae06c87436f73aa07b4fb13a
SHA512 83766dd7ba0b024752b5093e751345171015a6244f89a06944980385e076c88416dbae7549ef80ef5716182233d2fa275f745328da884585083cae8947063971

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f1dfb16018b678db96b1130219f7d0af
SHA1 26f6eca0dbec944872764437346b9d2778cfbc2c
SHA256 f4fd98a8a54113d3ff6d73c29587beed6598a5c1417967f06aeb1a2c3b0f56b3
SHA512 bed2e2bfa01bf45c41f289aa6dea324d6c42db9bf8df80663a879ed005c07615812ea9dd4b62173d9ce54a439833dd4c2e4299eea8e5e9d8f1eb0852e44973ef

C:\Users\Admin\AppData\Local\EVLF_-_t.me_evlfdev\CraxsRat_V7.4.exe_Url_p43x3kxcg1uhy21hsp3zmxlnszo5l103\7.1.0.0\user.config

MD5 79ceb3d3398192b9d52e10446c71cfab
SHA1 00390a257c386a3012e3bac1e29a56b3d97050fe
SHA256 420526b71e9407713eefc1dd4e425b769ba5e589584783acd294ab03d720fb80
SHA512 80e70b409f6a7faaa16d39a0dac99a357154ae4615120523d05f9d6273ec6aefde9371a47c60d5bba1b59be43f4f6b3533c9b2a84c933c60b4b4bd02bbd2d32a

C:\Users\Admin\AppData\Local\EVLF_-_t.me_evlfdev\CraxsRat_V7.4.exe_Url_p43x3kxcg1uhy21hsp3zmxlnszo5l103\7.1.0.0\user.config

MD5 0e2a3bc0d50f2c4e1b35f02f499cadf6
SHA1 4bb1e046c81c955242d7f03d643d8fdf34f95012
SHA256 7d46365f5df45465a6ed17682f80e804d46b4d15bb9f095af4f3d562baf88b01
SHA512 9f4b7dc22329bf79cbff419f876b5ea58f4099878349c611bbf650b256eaa1f19bbeabbb5d17f93294af983c376a670c457014e07f7b6434a24764a0e95b2b1b

C:\Users\Admin\AppData\Local\EVLF_-_t.me_evlfdev\CraxsRat_V7.4.exe_Url_p43x3kxcg1uhy21hsp3zmxlnszo5l103\7.1.0.0\user.config

MD5 fda0256e807c1f8a6018064748ba4bec
SHA1 0084a83e1fa9fba5ae06fdb06b7f8bfba7c6096c
SHA256 6ecd9ff3e84fbf17c3004d60c8057e3759b5efb934a61a7583ef578672719b0e
SHA512 14b1f2074a55aaca462792a68dc18f7e9d7ec9aaaecf240942e8205c09e3678269df7f442195a7c59c12d05ba9ee6dce01ccafa534dcdd471f3f51198378ef13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a4e211d83adcc1e2ecec92de99ba72d1
SHA1 9c1446523396aff65d9b045f3c2f3cfa47586567
SHA256 180af4093b3f3b8b96ac514b7fe866dc282fcfc18711f41eb8bf7d1bd29fa7ae
SHA512 f6d5fd25a1dbfca7b7f797ad17e7ed4a9b4a67779e3425573dc58f7af8980e7b85244d270e67967b8f11deae4e261a82eb4959f2b4edd2e99f435dd3d60c2aeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 630bc4d40ef42919d75d683d23e7edbd
SHA1 e73b007d3aa675ad1df78c210679e366c6d602e2
SHA256 83a1b25107cf995441aeeed35056ba468caaea325ad7facd6bf08a73ef60213d
SHA512 354e5060406a66e15d857308128f572344c13406f1968544484dde59cbae1e934e075a62534c582c9e2fdf71fa9648e26a7a87d4cb249454585b435aaf0e85cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d59a7732fbdeae318c87e66346cd7669
SHA1 416407d39ddf53483ad391cbca1072d12fa51a11
SHA256 7a1a58b851293b6d5239ff46dc8f5e303115318d8d8a2d65dd984b37bc74b7dd
SHA512 d138dab5f979fb3e68447fc7d93b5dc2c5c75715fe528d81b0ec49d540d8b48f48abd5ac53098765911b975c5a84ec3da4fe65f4f717850fdcc3d61eff69a0d9

memory/1284-1823-0x000001E8D8690000-0x000001E8D869A000-memory.dmp

memory/1800-1835-0x00000174539A0000-0x00000174539A1000-memory.dmp

memory/3620-1851-0x000002C63E0B0000-0x000002C63E0B1000-memory.dmp

memory/3620-1889-0x000002C63E0B0000-0x000002C63E0B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\imageio135146028544651280.tmp

MD5 90abb5ffc510020e28f372e65174f156
SHA1 ac953f53bfe02e3ee01b8ec3e12f11a9fd1514a3
SHA256 fde815fa5c3267d58ce96698035dd6867c6daa573ec498dfc755c60f9445a677
SHA512 573b8fd6d871f5ab20ffb0ee89ce1cf9c3b39554b3fd56d256ba515ab0bc8e84762fe30d55c2b38a8df2affd0c04285718d7cd3793cbaa7013ec2fabe041bd1a

C:\Users\Admin\AppData\Local\Temp\imageio1771153999424049102.tmp

MD5 5708b98917a30fbe3884fbd5a09413f4
SHA1 54bcdd3a92b650486455ae546722d88a84a893b9
SHA256 284958599c67afeef5baf8fd3ed8ace13f4c38091d9faabae24db3fc718e8159
SHA512 6e1845c7f532a831a8cdc871d6e9de1104d956bda7e79f607b058fca501340a66f524b9c937a8f0ad348a43ba8910215caf6e30c5392ec441dca2fbadc89b8df

C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp\res\values-nb\arrays.xml

MD5 b08c88bc21c13c5f8c45dff311952146
SHA1 bbedfbe0fcbe0aff7598a1aa3a7513c11081bd17
SHA256 a10237208bb459da1f2dc89d8a4b379becb18c1f88af7b3385e98914cf1705a4
SHA512 c9a5711cebc7c304254e9de62e55a2f7ecb8ebabc1d30b00221df892f8bccbd39b45eae2534325f390cb46be550d616d935343160ddd75f83914f2d06d31eb48

C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp\res\values-en-rAU\arrays.xml

MD5 4cfad462b1615549c9e1f6807801ee42
SHA1 c3cec737349b2695302dcb7d2682fce28a98ed79
SHA256 5cd235c8812d43392ddf72a61509fe08d4d5e3670ed6b9f209f0add22fc59e3e
SHA512 6fe89268ca5e89af5f56a74268bc557a45abeeeeb956f2dcb2e10cfa6a89a89908b191fbb340b35e6bdcdd8f3309dce8e985265dede42c05a73eb22ddcb2f365

memory/3620-4831-0x000002C63E0B0000-0x000002C63E0B1000-memory.dmp

memory/3620-4825-0x000002C63E0B0000-0x000002C63E0B1000-memory.dmp

memory/3620-4841-0x000002C63E0B0000-0x000002C63E0B1000-memory.dmp

memory/3620-4845-0x000002C63E0B0000-0x000002C63E0B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp\smali\CoronaProvider\licensing\test.1

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1bb0dda117f50b41f9cc02fabf4764e5
SHA1 59ef2be8fd4af71032f4a365a2f9d23b13f78c72
SHA256 0fa9ce5bacd6100a971267ea6928dec439e689f4e04056215fad34ed4d274834
SHA512 614475d141f23593cf05b0d0c3007ef535cd9d1ed3041f7eca04d2707ce3b0f41b95d586c1f1b87a6c4afcb403ab11ea0dee9a0eb2e3eb81272e7fa84acb1d46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3024617d1a155212a0b1d3e1d84c8ba6
SHA1 1919ae4a30e8b4740f03065487ac6f293aa04633
SHA256 9ee3ff0e371c2b14d226b55ddf8d1c62d505b72ac606b1603a56c5b02f67a68b
SHA512 32a9811680e1b7a5ec53a870704671f1a1cf448ff9e5cc6dccdc81de00b50f86e9e1b631dba2ab617175acf90d1c9a4a2d55f9828a23ba13c31a6a7693a91b88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 86a0f2279f4f125e1828747cb6853b1b
SHA1 675cd825d73243c990c0f38727674a9caf4c5de3
SHA256 7bbfdaaf2e586b98c3a41fa9a796a05852869ef204ba27fcc31d4f7a3f089164
SHA512 2d10e85a313ffe3a342a0002ac308551a787f5fbb04f59a1397366d536666759a981d7cda6f40bab798c12c5201692e36c0c01929a5a94ac356db876f3e6f063

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 23ed9e431f36840ee36352ec22e52bea
SHA1 74636b6768bf2c6f2c8573552a51cf440c09e079
SHA256 9ff193f35601788f045fd8add98d760846b044b1afc6ec725fbf2aebcebe2efa
SHA512 10be63c7c59f2ef132029f724db8c8a53ef1881b1592d1567505112abd52457edef468093591a06efd8026d9a7365258c871a86256746eece3250f0d4177c880

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d9c18336c951bb41f0c4146899ee5e34
SHA1 4f0454908be1eac6c292883035ca57bbe7a2a3ec
SHA256 593982c6a0f43779b8115fc566051c2f0c8fc3b975081e483ce7a7541ae87fd0
SHA512 92a05075d4e60cddc9f7bfe396c3ab86959ee7def9f40697b84423eba667730d8fcfff727872b71819d0949d89203032c1843d529f8941316dcc4a02c586c45a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 967d22d4de7d92fc29469a343b0998a6
SHA1 a4aa51242e87c8d44b54d570e27e71f7ad307d33
SHA256 e313d65bbc4139c09a6239c61d8183c523e5227cc9ef26ba7dd86a0ffa7c926e
SHA512 fa17fdb51fa27138d8024f6a87d851a113c5c677a7178bc2fde1c3379e86445e69ca30e8af6600ff70ac5ed0c68cd3b4d68b1f2bcb41f025b9c9c3c11c1fd9c2

C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp\assets\audio\b4.ogg

MD5 be025145114eda5194d073e177a6a84e
SHA1 0b8c8876a138de27d8c7348cd28f5af53233665c
SHA256 7236c5d7a43ba078a0a8983a2a06b95770ff2c393a68c67ee4a605d1f7a69d3c
SHA512 4b73d78dc6266a93e1dfd91d01023ad142d025cdd51fc9454101eb990b3f72b9b68cd23ddb4a5e1500f369d33aa02b1c9ed57528cb3e4b2961b62989aac24d26

C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp\assets\audio\click3.ogg

MD5 15c3aa04558ad3b00d56819ca5a070c6
SHA1 e20787182a80e4509aede31912065541618af683
SHA256 7dee60d39a7b72a1ce942b0c0e863aae09d8008900170d3f0c83d6fbb0d5b5d1
SHA512 28cac88b10d83417b03117c183ddc964877b106ff503f2e22ba88390259ef80823785908a56cfc40e3da0d883986e72557ee13ef75a30aaaa70536ad0f367007

C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp\assets\audio\h.ogg

MD5 7e58e0a938b81958dfa2fa59e3f91deb
SHA1 32acd65b1c818211c5bb8478f1026ce37a3dfafe
SHA256 66ac310a08e13a9c6898d712674a162390d58501db00d5c7d32b19d70401a222
SHA512 9bb9aa60d1f44bd4057fff5c30047afed1fdc62c1738929a9597354a5c13bffb23b0af8a5223974ea110b371966c33fa5abd12664e8526d838e510fb8be05efc

C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp\assets\audio\m2.ogg

MD5 5303eae5eead6fd57166be4574225ce2
SHA1 ea402cf0a9049ba8a2122de14c1c25ba821f1833
SHA256 7d6b0bc7ce45052e105d53948062a3031f37e53260a6509ae5f5b462358ce23d
SHA512 3f28b760cd8934b5344580a776272037f4529c65d8faf2801bbcc5a5e3d207c2a969278d9732d80a06a17b04dfeb0de1096296ed47edbe4b5fc06ab1c780e225

C:\Users\Admin\AppData\Local\Temp\CraxsRat_jector_DRyAYvpaBY\temp\original\META-INF\androidx.datastore_datastore.version

MD5 c9e47dbb0e1927076ed7b2e1ec157be7
SHA1 c538b66c7110ca3a028ccfe422d0f1fa200a9935
SHA256 59854984853104df5c353e2f681a15fc7924742f9a2e468c29af248dce45ce03
SHA512 c6e5081ce77f5971474ff994acc1b8887818f3007a4e3db32c91640203906f0bd2df3012441c9e1b6c1ae4e54dfea465ec23034092779cf6852aece45bf1df21

memory/1284-57871-0x000001E8D86B0000-0x000001E8D86C2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1651536797eb51a69f42d1dc53b8918a
SHA1 bf36177751b0cc18b6e96dc44c294949f232e25b
SHA256 f1aed089a026d7b0e1ebaeb7272a9a315f1bccbe575af907763a2f782a39aee1
SHA512 bfe626259f3597b173621953b099c89c206f3d459821c31667cbe230f122cb4a0ef24d7bc36e3b0f3510071d10e6c821940fe0a60a37897852ee71f2227aa181

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fb85ad3fab8097687ff3edc7a7b12fd
SHA1 e18849dfb72b36d12dc979d543c836da86682a77
SHA256 2467c7e82115e752d1616813c1285a2ae4b41f2d3d6f912f4aefac0a89fd85d7
SHA512 4b96eaf61523c7901ef574f2f6d578b4117b6b84a520c1cae6db05fdfec6b83c27f2853914d00ab39730de910bf2bc9e6fae0a93b8ee0ea75c6e7e2b4ef405af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9b0876cf832d18db9ba6535cd4e94ca9
SHA1 783d007f4a451861a5df721a063b066e5dd6c4d2
SHA256 d76815e484829385e229d58bf6be08c7dcae8d4b2e091cc4d140cd0284e61bd8
SHA512 59f777ce060585a0933920a230fbdb1598f9ed16d9790b581d964ee196a6a6ddd3985f69f6613f840e2108e798ae0a3653b41597e4d35935d55720294ea287ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8ace553184346c84bd4055a84afcf3c5
SHA1 ed6572e4b40ecf8485be82b76746eec8980afb0b
SHA256 a9154bf6bdb331c6a41ac1191e9d712397ff52f717e8f1531b74c912ebd97773
SHA512 e7ea076c04ac9a351774d71df52d8e8af66bdef293b7a67967a1959acd8d4dde647737a51b2f53c50df49498eb6403c26f2e8404aed5c5f72577f00a45a1122a

C:\Users\Admin\AppData\Local\EVLF_-_t.me_evlfdev\CraxsRat_V7.4.exe_Url_p43x3kxcg1uhy21hsp3zmxlnszo5l103\7.1.0.0\zgtq4jgn.newcfg

MD5 9b15647b25fec396b5747853374279ed
SHA1 ef21dcc503951225876b743fa6ff8dd0a5a85a91
SHA256 5eaa49d0b120a9496860463a2ada201d08fc719d4093884895f51f18a18c7d2b
SHA512 7eb1871e3bbf24505b06e3f626819480c93049b6d0cd2a8ca7fd6f5552c321fd7895aa872d1fe51dd5100a36280acfe2a00c5eb628684992fd5b90dc90574ff9

C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\META-INF\androidx.core_core.version

MD5 2633bcfd72a07696efee526bf5b21aa9
SHA1 f9eaa1b9ded3195ed314f3da14875a80360e328f
SHA256 30f4611383aa30a15753789f40effde81332f2f8714e6d3b2940bf0fc4592377
SHA512 50be4a49f862cd3e8d863cf516a5a9fa1a9705be8655f57ee8a7de1c89ad7fd3193b392caa1ec4b71725f5da47ebecac93cd5a3117b572bb0e627b52f65f9a66

C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\META-INF\androidx.appcompat_appcompat.version

MD5 4049400e232490d58f1e26d9ab973a03
SHA1 cf744bd007850b04601dc865815ec0f5e60c6970
SHA256 1e5b51cde515396a9fa762909cf8ca6584ccc564b325d2eebeea76175fe95c4d
SHA512 8da6b544889de1985ee82a224a8a8a40dcc4a2eea849ae98a9806655a88ffd5a9931d910cc0b0463742dafb10554c3e312565f0a4829fa6fb723033e227309aa

C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\META-INF\androidx.activity_activity.version

MD5 0088b569435cf5183dcd5e57d7e6f1bb
SHA1 4e14bd237419e980f611f57a8b1f58c95dc30ea0
SHA256 249182a01164b81a5f7af87e5c5cdbd3344a80a7a66dfca624cecfb1501b2420
SHA512 64fe7b8b4447a4ed13900c9b8253627fe7916109d39e605aa18fa78c585b19bf5d4f242d4e05a6c4f957d932fb73c6b9743d57dd8178cf5f6725728785b90b5f

C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\META-INF\androidx.fragment_fragment.version

MD5 30a04cf33ee91a3ecf4b75c71268f316
SHA1 05e17b646a817240c206186f94f8f4c70974d5dc
SHA256 1575e1af4a95f12f70b4ee6a6adce8160953d93ea17dc2611b90883ccc3ad3b8
SHA512 45068042776137c07c26a0a005777fed7966ee689c1eef6a4bf3500857aadcb026eca047e6c0665482273dead269de7c810ccbf5753aa71703ae79272f278c51

C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\META-INF\androidx.privacysandbox.ads_ads-adservices.version

MD5 d308909cec41ffd3e90b37b10836228c
SHA1 ed66c9cdbfd1abb0db9e4cde932068c13739757d
SHA256 6a47710af8eced6a36ebb3e6382b132c0a90e2eff666e93fc9a5ceb8e00c1601
SHA512 cc3c2cfc589c910741dcc590373d23ee8667333cad3a68073b0e0885f7157ed544868109adfd49a1b0d6c163ff97ff8a6e57d7ffab141af66cb067cbe8bd7d5c

C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\META-INF\androidx.profileinstaller_profileinstaller.version

MD5 0589f66713bc44029a1a720b9a0d850d
SHA1 2fdf7d04f0372055c9d77ca43d9a3c08798905f3
SHA256 64d23f858ef51b0f996e4966d4e27c0371b437e2d2787890b1f7ad22d4ec5663
SHA512 31b29544fc93eac2109cd1e4a617b5d5cb361c0ba608a954e873a64648e93dd65c7b4aed7f4b687f85c47e9909852fec93b224d929babde1e0145a58dea33634

C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\META-INF\androidx.recyclerview_recyclerview.version

MD5 d4ec81e89b0e7cb07587d71e22c6788f
SHA1 9576dfbd47fecf72420d42171d6bb7a2e728a1d8
SHA256 6cf4e084b47f33c9b02ef79279d157833868f8f70514169a768be353ee328fea
SHA512 e3ca200319bb0cb2e8758ceee10cfba0acc73c305cbc75be507dbc51c2875d8661b0ce0ac0c6d3b5abb9d8ea66631b659b02bb92d29ddea966f0066e20992803

C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\META-INF\androidx.sqlite_sqlite.version

MD5 1a00e191aa1988423a795d26c06cb785
SHA1 f97b0f811f25906ab78f1aa58910db5757c64c58
SHA256 c89b87c262e9d5ffd20e73aac74a1772adcc9f5a21682cc33adcf5086e5fef5c
SHA512 86cffcafaa10e6dddb11081200ff54677f638fa313f35375a14b2dcd2da1b06503bd39cf84825d9dd94cd69cc2fe60e0fd89e0abafd12ab0e5e86989fd30a0c5

C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\META-INF\kotlinx_coroutines_core.version

MD5 91a5707680c61dc2aa1164b867e4d795
SHA1 348b6913760dfd78a9394bc38c5a8fa7528208e2
SHA256 18ba3cd396b304c3bf6ebd743e5adbd9b9b5b2a42f553e7f74e0bcfb5495a21f
SHA512 16db427d8284508a5de5b86f9681f24f22f1c33412c14b9dfca90c5c0af31621a8afe8a870b74d2efd1c53598a4d26eba6a3d3ad29aa573ec7baf7c3559efb0e

C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\META-INF\androidx.work_work-runtime.version

MD5 c7b46c48e218a9fa48dd337a91bb3490
SHA1 a8c86d12b1459b66b47ef640f3f0c87822c25901
SHA256 362148d7721ad4a1bb64981ff8d604ef7f4d22267ea8845042f54f90940f24fd
SHA512 294108697ec66acf16af2f9518c5999605a8585058ad25dc9303029fd890e6835b2fcda23fff2ad60058f8f6a8a19c945d998e4e228453d4946e395b9aa2055d

C:\Users\Admin\AppData\Local\Temp\AET\Cachede.stollenmayer.philipp.Pop_1_1_Android\META-INF\androidx.versionedparcelable_versionedparcelable.version

MD5 375e8a39ec9331ddd89c8acbeb620028
SHA1 3b1c4a149729cc044e1a39df31b3628cdbf5f895
SHA256 cc52f678848b814373757b460383bf61960e4943c203735adde0a350b3e50989
SHA512 32bac321e3df5237d7e66c72179befdc5ce68ca80eaa2766705c31d84d20e0409df49a39a521c2bd7e6783513395834c1a75240f97f2405a5fd914e1e15864dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5609530bce44d1df64b672d39f0e4f8b
SHA1 346e07480e53662446598bb3a77047797aaa98a0
SHA256 1c6e413fba086ec33bbc931160f7844bfeac87ab20778406fe7ee22dc43c293d
SHA512 cfeafd41445d1c7667f793974df001f440e00cb68d97f07ab290908a48add41f9854e4ca89c5ce4eee620338c85cd117487399d41477bdc4acfc6094562f3bd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92aed71c37d9742b39c0de37e8dd4461
SHA1 928ab1003c12f2eafe6e684b2934703991ed29a3
SHA256 ef9daf30bcf42e35ec9353ef03f85a19f0b3d7dd8a3d398b3faf3c2b406ef5fc
SHA512 1ba65b23acaf8dccfd0cf39aee59c4e09e3d9856fab3d13c7b310dc6b7815e61fe9c2f22e353c2a34d3f18e61f00ac4a71f9019ae7a9bb024d22dc392d7e3552

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7890fbe468dd7d0cefcd273b99b024bb
SHA1 d62ae06d3df2e4b05de7408b583e6cd857a3c7d6
SHA256 6c44e4c8b26d563083e868bd6b85e94c607087d2411beabf404294fb2e4f754d
SHA512 dc623a6425f262d4e0c4bbe73dce30a8e5a08ff20a5bba23d2e846ea0f38f49d404991e77eab8aed3994abe948414d33502ebeb3de156b553d8e23a648dd9e0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0da93b401132f70d459c7be7b590ce0a
SHA1 910c8b863ed408a24453c51b9ee92f9575c020ba
SHA256 023052be0aad6d84d0270b0e8bd6c2096eefd06e13650e8349255b36bb2df98e
SHA512 17689fa032ebdff7d0b96142c66e7db802fc19e5e9e34cee128ab21b1af33a60473b7aa156ecae18947b5603b5ef97269d29c4be701749268dc9e29c74384897

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7088ca128eba5d122c2127c8f713bb26
SHA1 59183c6e018b92cc9e2c474439899f5f0f129b77
SHA256 53f7b4254540fc52cacdf9fd815ec75c58c4c64454e710973a6a8170e690ace5
SHA512 03a53345650aa888f21ed21ed04ca43a16b33eaac63529348d2c0b6805d97431a76225f01976f7f5921e92d697d11dff2010f7521312ad14abe94ece0c30a0cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d22073dea53e79d9b824f27ac5e9813e
SHA1 6d8a7281241248431a1571e6ddc55798b01fa961
SHA256 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA512 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a93e3db4-e34c-41ba-bd94-5506aca83f7f.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f4fae9128c3334141fc958361ec6c82
SHA1 19e6ef3e0b99e5ae7fdae9a21ed56fe8bee79fee
SHA256 1214a8809fb49122a9d18429485f4d6bb27c476fdaf9adaef796012e32ec8d0f
SHA512 7cacdcbbeffd58625f5ef3ea28551e7f4759f2cac0a74488dd63b902cdaae46d7fd42700da4284dd7700373d30d414d3cda2eb6d1e74720cfd6fb56ab0c20ba0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5253468ff7557cf6d4a2123ba417e7cc
SHA1 ec03dd2f9eb5b2798be563c8641dd979316e5322
SHA256 750839254ef9cd2930337f94dbb52a20b4396eb68c8c71a7e96ee442959e1de6
SHA512 cd37e00f2d0c2b93d589cdb3c4491a93c29b4a436c74252f6fea4692ea46f4571241db1b57f9598136ef42864c043984484c83021f87d729a23670a8f38450f3

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 56bf22cad7c5d32f296d14a8aa77422e
SHA1 714cfd94a319d887cc9c77f22c2740949d198ba2
SHA256 31097220d5a829f7aa212c98986b7ea9f995a29a527bb677457100605d970849
SHA512 964270fa62abf7a5af0b3de35bc5ed0607d8db3a3c5dfe2174f0dc74698a13a413ef15ee4d17329541f662bbd5a04b0fb43e27e83d6e169e3b73d8b991a7ba0c

C:\Users\Admin\AppData\Local\EVLF_-_t.me_evlfdev\CraxsRat_V7.4.exe_Url_p43x3kxcg1uhy21hsp3zmxlnszo5l103\7.1.0.0\gkctg5oh.newcfg

MD5 1ad868165f7c8bd498d2af6aef722e9e
SHA1 68ce06c30ee3a2b4583ea3f061f0f844e25a2501
SHA256 db83ec5f98e1a379f34b5648fe1a5608f8f8381540d09e234d0876c607dd7c9b
SHA512 a0fe482a26d7fb0a75ac7b37d09396c0b9eea65b5ef93a23af258ce5f1563f6b8eb0f6c7f075e3b9ebc9f2752e38b127d4483a860dbd6b98584cf55d9bb6b49e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 03b85a25ec02c119df5d43c169b2aa77
SHA1 7231004926edd36b820f170751f4b64527d04745
SHA256 ceb2d734a1c5af97cae6057e321c2bfcb132ecb888f24e716518f4c4261b8669
SHA512 f388306311deeeb4e7373e79cac05d53794519afa7a1e305418b7f2db7427083214d6e93d13bfb9765aa169f93f603e14913fbf9c96781e3dab38c752b66341c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8602ac31730db95cf694195e63ff30e1
SHA1 2f048253ee8603ee2c12154cdeec68fea7b0a71a
SHA256 06c6ac80eaaa4865e9a96802f0a296e0084aa6a2e8571032c6a38f6f869629a2
SHA512 2c1dd3951f00d6e5e1b6662257c41fd04c216783d41fae201a2931097f81031753d68f6a808a48725e9ad07a13e71974baa1a0418d3ea0fc2fab3156244d9bfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9fd1339fff11b0c6d7716ad3dc6b94a3
SHA1 2e7a21246096ffeca5cf2dccba6f6c645b4db50f
SHA256 27e385d6749bbccbd60ac8fb9119b7365330faa68b5ba93cb01ca04ed28a2074
SHA512 a082684fae6c712583605a015cf87f61345987ea9bed7f57c85b86400f81ab06a321c49eccc74423ef430c38c0d8da0aee8314afa785603e23b776bdb8a109b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6e764c8015d651d510ce7ddb2aeb37a
SHA1 db323362a5306b7cf9062ad7c2123fcb149a784f
SHA256 666e13af4b2d5d48f31803e3ea525f8a84e201d3e2a626e2109a18e37f5d7d98
SHA512 70e0e0f6058ae88c89832d84cd478fa15266998ef1bea3f839bfb44a2c5575f29e7bc33b5fc2f4c9b5fc78051b4d9fcfcacc5af6cf72fa4ab46daec898a83bf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 44c2b7463691bebc7f73f164cd4f309c
SHA1 3df9bff2d7aa1a40d47a9d111b61ddc894af31c9
SHA256 e33b56d723652500c77e5332d3e4c6e8cec777152497b8b56d2309bc2295ee74
SHA512 75629931b0f70ff7ba594ececf4c985275e77240b5450ce2b9d8b8fccc7a75febc0b945eff534cdf4470641dcf537203670124f4b4205864226a1c30054af7aa

C:\Users\Admin\AppData\Local\EVLF_-_t.me_evlfdev\CraxsRat_V7.4.exe_Url_p43x3kxcg1uhy21hsp3zmxlnszo5l103\7.1.0.0\user.config

MD5 571b91e1c6c5eb3705b6ce2a860b57af
SHA1 3d8e496362ada6af651749fef78c70aa1d0ce497
SHA256 bc0b0fbbf5efd258da96206f849d1092d845110a47a2b13cd1d68aa2d991dcf8
SHA512 495572d8f72ea69ab24928c08c1065e25f318225e13b656b6c4c0553023d2d7eda8217ef73d6b40117735f0532b95bf29338912ec1e3c97e4883d170a0abfbab

C:\CraxsRat_Bilder\platformBinary32\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 1e9d8f133a442da6b0c74d49bc84a341
SHA1 259edc45b4569427e8319895a444f4295d54348f
SHA256 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b
SHA512 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

C:\CraxsRat_Bilder\platformBinary64\bin\apktool.jar

MD5 c186ee0c87dbf197456cc010aeba99da
SHA1 fb9f342bccda27ba17b737b2f8e8fa77ba9f50b9
SHA256 7b4a8e1703e228d206db29644b71141687d8a111b55b039b08b02dfa443ab0f9
SHA512 f6268c7103e6c2a10416fc039ba087b9129a699136ff172fd5e386d46c6a1ab24e4bb0562a4e6862f0f2201877caa404ea7afc6a08501d3da890bd9fdb086c8f

C:\CraxsRat_Bilder\platformBinary64\bin\server\Xusage.txt

MD5 b3174769a9e9e654812315468ae9c5fa
SHA1 238b369dfc7eb8f0dc6a85cdd080ed4b78388ca8
SHA256 37cf4e6cdc4357cebb0ec8108d5cb0ad42611f675b926c819ae03b74ce990a08
SHA512 0815ca93c8cf762468de668ad7f0eb0bdd3802dcaa42d55f2fb57a4ae23d9b9e2fe148898a28fe22c846a4fcdf1ee5190e74bcdabf206f73da2de644ea62a5d3

C:\CraxsRat_Bilder\platformBinary64\bin\signapk.jar

MD5 947070d11359bc1620536489b366f446
SHA1 9dd3a070770a55b92d00bfa519960535845ba374
SHA256 4295ef085c0de5cbd5d8e4c73126e948e20d3126db26a4f60125864c15f8b8cb
SHA512 8089650da841f10b9ecc33e4d9725e05a06e22821f0c023c1e1eb814916e313142094b52b1396c841d17a4d60a952450399bfd91748dfabfe90476f25cc0a6d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4eedef166b692923163427ae7aa2165c
SHA1 154687bedfa817486fa8a2862559a02d58e0b4a9
SHA256 b2564938dfff69245ee9dcfefaed0f267e9c6e7754777aac7f50f6de9759ac98
SHA512 08892003e6f17ab355046e9d5d4b19d60980cc96db2bce851b8f09aa21f625029da181a7dc08c10492f34ee074af373e283b7307dfd93b89a7a8df099f98da82

C:\CraxsRat_Bilder\platformBinary64\bin\zipalign.exe

MD5 81685347e5b418a412472456a2492046
SHA1 625bc3215df7635649454af2dc3db7ced6626624
SHA256 13f6f6be7d322483c967f79a35683baf024a26b5e7837e16e58c2d9626c8678a
SHA512 bf1a91670948c8e76ff0d5ff84f47ad359d9a9c713577033c26c76917d65a0d497d5b0b7dd3614f560664ed24d92669b364a4d4e3bb634e4986831401b05101e

C:\Users\Admin\AppData\Local\Temp\imageio4363781934357861625.tmp

MD5 01a1baea228fbd529094d3cc4086f5d0
SHA1 91c4f0ae00e993be974629367bca29d7a96696fc
SHA256 c8df22a232207c77d742250092217cdc7ccb4a6a56582fabea838c1d80171613
SHA512 f4e3be6f67f0cb412c8fbff06c844eccec25694ada161a3d9d1b60e9577aefe27ef7f59e172519082a2c72861e5ded6cc2768ef77f7e9e05f28371e1c91f4491

C:\Users\Admin\AppData\Local\Temp\imageio905839355980645203.tmp

MD5 44c8f3a568c83a646e91e21d2480b23b
SHA1 0ec25e577b8210e14c91220c91bc6996e33ddc01
SHA256 e87a608a352f6cdb810d4a9378e2567b37de60847a3e8f0fe67c70b29af1039c
SHA512 05138bedab76144f3917c184e306cc31db7550bf0c4e6af9bd29c860ca1490107cb4c98a1f05b3ce7434642db9d726199e56af718345d7d9b408289ceeb397b3

C:\Users\Admin\AppData\Local\Temp\imageio5268988870883988575.tmp

MD5 ee96f21eaf69ff375c3952ea0bd6db3c
SHA1 0df22b6d68b84cf8afa23518fbfe0af5eb8b5391
SHA256 7bf6c05d119f94343cc34d8076024369fadbd1c0976b7c30bc688ad2894a8672
SHA512 64c0c2f0d6092aef62ef3d3fc877b679abfe32bc9d3ee006bbc21124d8a4a63d075326511cbc84516f76e2c4903fc24262d5005e8bd6fa6da3654bb2476843dd

C:\Users\Admin\AppData\Local\Temp\imageio6987433868439515191.tmp

MD5 3078ba27f51f1f5e0f9f7c907a931c45
SHA1 df70d7f0de5d2db2e0c1c45bc120580ab2f97ef2
SHA256 6322b2be78b14162c7001bccb50bd9f7e7414843d2fdf5e3e4e0b8f20338d61b
SHA512 7edae941aaa701099d527161a66fd1b7f441b3aaa089e1c62b2b82b18ca33b5572ab76f5181efcab88836dc03dd00b59990a48f9ce37086425351102d1fa89c7

C:\Users\Admin\AppData\Local\Temp\imageio773437106145280649.tmp

MD5 43bc167e8fcb85e6814875781fc7bed3
SHA1 392085b6e4bc6f8f635533b423a3b7c96e242dd5
SHA256 f7310f4fd71ca8387264afca37453e038699abf458df5315a7a5e497d020a510
SHA512 52a38dee34b3fc511317867fc1e067dd2d30d0ffb2dbeb54b864f2369a648c10788b3ec26a476946976b33772f9d5e2b2fc12e6506079f9d0ef99e2f396ddc6b

C:\Users\Admin\AppData\Local\Temp\imageio5622432227098837872.tmp

MD5 9afaf96a994207937d923e7ab54a2723
SHA1 90c9a46ded9c9f6fb3903f75b71698f041eeea78
SHA256 f1dba2d96fcb0e8c7f5bbd2a106f053c36a8c6bb38ab697076418f9454728c46
SHA512 17f99316732741054676a3174482d6a8c4927f036d84065378a43665eec9aa08d8587534ac2e65ba1f18debe1e3f8e713920dab6db111613c49ba45139312bca

C:\Users\Admin\AppData\Local\Temp\imageio6417037265121602136.tmp

MD5 08dbf8ff59c349febbc337da61a6dc14
SHA1 6de0c989863a875ceb7a76eecfc977eac9f3848d
SHA256 5035bda05e9eec6ad8bffe9ce44c4a93724bb7c002b76aee91cde0db3e8df938
SHA512 b4f0f507f8dd5d7b19f689785444cbd68b86faadd4ed0715b6cce787a00a861f297913e3d9f62a90c0ee24dd7a77bd0069e352bfaef79eab64bad66c7c9e4354

C:\Users\Admin\AppData\Local\Temp\imageio4218382939944687024.tmp

MD5 9fdf65e163db06cdc17b848e7ee64c3a
SHA1 7d87954e447d33ad6f5702b81029294224333249
SHA256 338e500399ab90fe9aa14960690e2424f259be235ea1b700af67797609d7a10b
SHA512 ea99fee50a20527f513d72bc719c6eff698bec0450f5fc1673684150532a5e372554caad80838f2d9ac2457dff87f8972c2af97ed793b1ca6d65e7f99c38a705

C:\Users\Admin\AppData\Local\Temp\imageio5665851334478105207.tmp

MD5 73dd864f84b2f45ea6f0fd1897b9ae47
SHA1 18d0c385fdfb4cc60465eca7ef1b66ec7b7d132e
SHA256 57df7a087e411dd96f16a94df61f10fbed359f3ff35ee67742c1b8f96e38ec17
SHA512 824825c6a2cdaa90ab85f7ebf376ffd6651dc7ff08153d715d053df467d0ce45480df735bf023cc70834d22d453c4bac499f5a30c9d7c2f561408cf285ce14cd

C:\Users\Admin\AppData\Local\Temp\imageio2137209049274923897.tmp

MD5 e13447f49bca480718c2d3ea5aa4b2dc
SHA1 07a8a032da19f20935082c4cae59c751b1c91b5b
SHA256 dc422e5ec3c425bffc5a03a1d3cf7a947106f5b030c4d825b26f4a6b2eb5dbd6
SHA512 f95e44e6dd91a9396ebc0d52227510ea1834e5f600d6cc85a19b6d6e57baf53fed4ce4671acf80841193d1e0192a76009d9c9b4506cc047957195326e7153590

C:\Users\Admin\AppData\Local\Temp\imageio1934619131715952912.tmp

MD5 c6b623f67eb09850ef220092486609a4
SHA1 d4350db85825d52b4c8a6b1be7575cca99b9c515
SHA256 6858e2fbcbd4309381266b4f02978112747c19ef6f72a8d8ca870263e7cb43af
SHA512 04cc5b924c6de208733ca25aa4051fb5a85c2e951410c507d11c8e854ae410aefc1ba5fa06a7b498070914685cd1dc109bd84370179889a6a6e9f6fa9a50bfad

C:\Users\Admin\AppData\Local\Temp\imageio1035768143183134859.tmp

MD5 fa078dfdc4e4febfa758f0e24d5bb594
SHA1 bad3ce4f50dfcffdf6fc9ffeb532292a99b5a15a
SHA256 9be7fe23fb7f0f635851d4f1c948e6f386fafdd14253813f3b8b85f13c1ef00e
SHA512 65318217871c8e365bae2ee1ffe819cc0aa1976fdb7b2764a92390eebab6ead7223fcbf0f096850efe3af38877a1298c8532fd2df22aedbf9ffc28a1960a62ec

C:\CraxsRat_Bilder\platformBinary64\bin\temp\res\values-sk\strings.xml

MD5 fb8f8b6b6af3fc4cc9e38049d29f68a1
SHA1 68fc85de9cfca09fd7e4ef4743107470d048eb5e
SHA256 93dc3f1043cd8ebbafc142591d8c0c1de4de841ff9d0728c681c9ce65651af01
SHA512 58554e18de5b75f0aa4624d35a1e44632379973709b2cc179e2d0523bcae038b4f8d3641459167d4b65937380e8b5aadc0636ee83b1514eec322e1ced087a13d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4cae2fb18a88fae9f9cf012115f1f7fb
SHA1 4993a76ce1ba5a53e40d8a6be5e7671b35beed47
SHA256 74205efbdb257486d37793a9157111c833606853d73aa252b25267127d9e5677
SHA512 b465e1e1c35259f1e58d8804b11cbf233e30435332c8c5491f15131234fc743e9f1e3060192cbcdb1bde686881e6a647d923093f40c42d40d56144bc09c2a6c9

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\progresst71.png

MD5 9a2bfd2a014257a0d6db2d2f792d0489
SHA1 e5557dc5ba5f6d0c4c8023185d9acc1b3f063ae0
SHA256 67618fdaa085253410592dbe82f1789b41070f69fe3148639e50112f6f0cd2ad
SHA512 de16a07add39820a814cf9a05a618fbb036bf726ab68eae7c95d41a286b3ce318423d8f46166a630c86fc1df7a2850b05e57fd25710f73619173d575fdfc99c3

C:\CraxsRat_Bilder\platformBinary64\bin\temp\dist\temp.apk.apktool_temp

MD5 ddd34c559a0a7747b40fd1418c56ee0a
SHA1 2a913b7a83dd4c9e3a3b3aaf0df54744d163ca5a
SHA256 530e7b3f3a1b08f65c3eed1eefaddd0ad45f325165b6ba707bd6b5b88a118d06
SHA512 664577bddac7d325e0563625ee5137afb21e8f0cab51d7327ae7d355c95e58fcac71ff307a3bf852f33697361f0e0b305be014effce1602ab19dbba07b8ef8d5

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-xxxhdpi\freespace.png

MD5 96d7616f7ade6580ab12756a63dbcfee
SHA1 579cb9655fd22ccbb2898868708ca83663086316
SHA256 22e13c47280bcd1f9dea5e047723a9c25f0c34bbacdc3cd0c86c1388609dd79e
SHA512 a61137651676dc99e78dd7bc72425a0036c5e8608f3215061f8f0903411b03012efd86a70e59ba3829ddc63ab25fd2cbb667234fe2f349965c2bf735c72a49cc

C:\CraxsRat_Bilder\platformBinary64\bin\temp\AndroidManifest.xml.orig

MD5 0a8f323f53dfeb739f9f5a815fb46284
SHA1 d65cd7ca55c6aad324b68943bbfa31da7d0c2cfc
SHA256 d0e203685fec34e3ddb8cf26b3f72a1a4262df03eaf34b89dcfe49009d3a354b
SHA512 d283d7508a5ca916f85381976563a5919bcfee80e921e55743f7ec3d8d78bf1b9f748ec97fb97bfea97417432f4c3eae07697f95a5572a09311d23f7d2b74486

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-hdpi\notify_panel_notification_icon_bg.png

MD5 c0d309204db75f8f194cf7b5f781b3ac
SHA1 8a72b2861c9980eeb9eb8e4a47f387d3a97a7407
SHA256 a3d6ba61761e3957ef14110a4fb26fa2d0255605acf496e7133093e01392a069
SHA512 c374533670d795f4a10ba93021d765d5e233924c0c3fc2e2618659a332e844f2461e9c6bc8580361e48ff2821dda3f8d3d8def53a23b5307c96d67cbf359b13b

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-mdpi\notify_panel_notification_icon_bg.png

MD5 379a0adc8c29ff8e6aedb6dc54c292f0
SHA1 733d9c4e949bc54477e29902328dccedafa64979
SHA256 2e28693300c8cd5dbdd49cbc71970454e9ebd2aa3aa62ed97a97dc1f6894843c
SHA512 22adfe1725f05d862a3aac0a49f9eff75cf7b627e9d4564c05091227b05e2a6e25780238653e83b31644b9732bedc0d2fa3b61f1a7cd885d3c487b876e68ce96

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-xhdpi\notify_panel_notification_icon_bg.png

MD5 a0c2ca0fe4db91be21cc897f237c9373
SHA1 72e27e730966e503ba7eb0050236d2f70eb3849e
SHA256 6598a6e07bd8876909eb886ebb75529bb91fa8677e0e5718ac38eb2962833da3
SHA512 af6ca8471d76262a6232a420d186340ac7d61356a99796657b383eefdee241279e0b3563c8207f522f71f53aa91880e3628ffbafd82cd145c8e617153732f8f3

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\ar_access.png

MD5 00bff1515731929a7c2254fc71c4d16b
SHA1 d0f24ebebad7a734945a9c71cc87940e9a5691e7
SHA256 a434d3daa641643d2dd5989463bcea7940053ece69381a8cb6e1e48773ba0475
SHA512 bc463bf073f87f8298afa2911df743cae55d94817f56354482be1a91be67c002bd6ee6d547da8fc2600cae379391c08576994d8c45545db3670f7fdca699a235

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\btnback.png

MD5 86bd066aec48f7179fe2b4e3cc305e64
SHA1 cae46eea99d8ce7080be6849495afc824363a022
SHA256 90449202d9fc1229626a244e45d7fcac854147ff87a6ffe8f2287d89299f0ea3
SHA512 7ebb00a67c50ed4e748f36d7e536ffd4aef8f78ec76cdc27524b5a6ca6525480666b7f0d750a7e9100a832cb4ac2a757198ae6d3d3b4adbfa5f90f8540c71cb1

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\bakaro.png

MD5 531a21c44b66e195a1029b29b2aa1e79
SHA1 eb65f9000dbbcc345692b6c8343d202808b8375d
SHA256 3e6051eefccd1935db1d3bcaaca1538148d23ddf6eeb76d055b4c12877238666
SHA512 0b32cd0b86d5cfbb71c821c3ca441c37c1f7c306e6179936509e589465c0cc4b1c22c0738033c3f186592427a095844b04264e59c24e0680d2be56126c7484c9

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\cn_access.png

MD5 32ea9de96b3b21869e851a055603ab4e
SHA1 9591ab5f86a60b3830bf2ca403bfd34b53de1967
SHA256 9dbc3a5501f2fad6d714cfaabb7765771b7bfc88044976e9326514f91ab7d9a3
SHA512 f6e74575f478d76b6f9b2e247003116f56cdf528413eb63608bcea0f00883dea82dff08d084620f60c2ff34566a7705c183232038825f8da02e9206e5d483a8a

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\newbtn.png

MD5 5e52dcb8d92f9f6e7d8b4ae0c08f4a1c
SHA1 666e652ee0363b167797086a5961651ab31e89e6
SHA256 6ce06189b4927ab29c05f690dbbb1675f5936dd49f6bc72c6a883b154ab00515
SHA512 4a19e65e742239479d380540a945c0524f8c4b34d5fc349fcef232d3317e352aa5734cddcd4ff6bb403f899275127dc73c5d0db74ce6a3c4db12794c8be3de79

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\keybakno.png

MD5 4ceab5c16dca3412747f41124c8464d0
SHA1 d9433ec326315df7479dfd295f806bc119cf7512
SHA256 6ad78c5f714a357b019e1beefe53859886ac55ef798d631c98a196a62c072c08
SHA512 5b09f5ac4492bb066f18b5918ffeb226e914f9e36dba864fd7f1b9b667ede94d2ee340518482c4c1e5d1e35741f3c1655602f11bd1b2b0ece269cb39e690b1d7

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\keyback.png

MD5 66d24f5d96ee09c300f57fba3268cd2d
SHA1 6668309843e3574bba49e557766004c8d1313c98
SHA256 511d2a2d97d54e3df15c6faeb165a80796af8f3118e6c59de91f50e39231eb2e
SHA512 6b2914ced65d2e1ab9ac5225f939546adf54b7a4ff7fd177c21631af1d9ad68ad4d6058e3fb3efc1765e0e23602ac41cd552de2fc4571f0ffa2dd242671930ea

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\glob.png

MD5 5a454dba7025d65da265401ecb6c7607
SHA1 bb635246423c4287ef6bb10939cf53bad81ebf1a
SHA256 4c5a893698068ec39b013e40b4c290fba579b40684459b15ac19a5417e0cef9f
SHA512 7495aba136a7a004297d7792d90b94fafb5ed92747ca7cd38a50da227ca8d21564b0bea37ceb162a8db919bd2e3e04d3a6f25cf988600321543c73536aa25c68

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\en_access.png

MD5 f26a4122f269d0bac1c7f8b72dae5557
SHA1 78bbbdfca77b724886b58e238dab4e535ff975e8
SHA256 01b370f3f0ea9d66185e717f9e1e0963498bea4981a6035db73c62931953c803
SHA512 24941d9d634cfbc5ecc87964437fc38a9c7fc6715cbb83d9ad7138938f5b48b05f07d511726bec732fd3e0962dc3832dfb6cd21d7549edf3b5d08896af165f95

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\del.png

MD5 3103a2f2c768ae3e1cb6a05dad51d2ae
SHA1 00ceb26ce636ab8090dcd2b8ca0ca1b5db82a403
SHA256 744738ffe92b1b2acaaf69991b00b6a2874f52e583a2cc820e392ca25a18b1f4
SHA512 4afe3d78d220ea5dac03c54a966fed4ab0feed8347acc1f7346036c26b13368154ca493d03b038634c25498fb896110aff933726bd296b9aab535b7c1e6ca8ba

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\cpas.png

MD5 b11de8eeec86780a704aebb574ff5b20
SHA1 bf5ec267ce3e18252d9d07b5b94b08ee9b66383a
SHA256 95af58ee4857dccd8d5409dd7b7f6ee4c5a82f96ae51c1a766729cc65f44b415
SHA512 8ea36caa44b406606356c954160944840aeba59f673187c0552100850f2da3e95f059df94d2616e61a9f36a2c318beaee0b50bb6aa8198d68f4eeffc7f099480

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\nont.png

MD5 64660d754f805034a58bb25176d33273
SHA1 87a7d6fb75f334b10691ed78511811dae40206b8
SHA256 14b29e9370a4b4151d71d6e38713bcecf99de1436ead1bf4d8f169bca5c79a2f
SHA512 5402914cb829755b10f05d21a9e9fa41ae9b5f7ff01b1fc47a0d2d0a4731d003f33a3927ba4185c2244164f560f0095e2d9845378fc516549c24d53805bba717

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\oppo_bty_ar_1.jpg

MD5 efc13a6647b5474367b86b835fd4faf1
SHA1 2f2946d0274ec481c798c168ecd8fce588c7879a
SHA256 734250f3de8f40cb3145de509ae552eabc07f53368befab886f8b049c470edbb
SHA512 d99d2234ff967b3d691508fc6ac7409a459265d4c66d0eaa1836c1a156d7d26b61a8e79b3b92720a36fc6a5679e5583c7bc9bbafa477ff524332560ae5929c36

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\oppo_bty_ar_2.jpg

MD5 5dac58540858bf955775131648459ec8
SHA1 00d10ef0d343293a00ba686dca52c4c0d2d7b320
SHA256 afcc5c0213bdef5a0d1d5c09406972466ce5b76bd246f60d5937098f67d639b6
SHA512 9ad2042e91aa1e2404cbf565f467ccccd8d641ffd00ad940f2e6ba0e41bc687c45daa772cf71605f6181959ef9f820bc9681e3e0cf3368297f0705ff4d9b9505

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\oppo_bty_cn_1.png

MD5 f89a7dfaa4489dd06cf03f0eccb61516
SHA1 9fa34466e7a8a8bd2747ab68cde827d40e03342f
SHA256 0aa5fbccd5f246b408e5e863c5e63578722adb243e68559fcc1fffbba0c6b8b8
SHA512 f60048e4bf0c0fdbb42126764372e9d6a71c22370214e342bcedef9bcb5d1aae723814596bb3411f47d01381b196ddd368a7056f7382ce002541d4b90c86508a

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\oppo_bty_cn_2.png

MD5 0d8630478e1f0c73e2b9c2f41a4f3816
SHA1 2d72b9e7ac9e10d7b7376ca82a6b789c6b2d6870
SHA256 9e86de042c926fd41d9c1e1cbc7a775af1a0835d8c182a0312bda3a77ae8fb68
SHA512 b42ca837b2a244ab7eba7cd842bc337c75362266b07c24402bc25d5fd290aa6f139913422d9ca8b28778ac99ed5f90fbc6d3baf05d10440ad03fc1aedf785b6b

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\oppo_bty_en_1.png

MD5 4f99302a19da90cc12c230f4601fb9c0
SHA1 6a3c3c548b682a78ea6f8bd1b989b14b492fc74d
SHA256 8c04c76f8fce35362cb4819c175ae81253d574cc5160b488b8b3aa872cec557a
SHA512 082dfb2d42244e9c4eca9d4ffce800b74e6f15a5151226382ff5bab9deadcbd3506d4cf80be27db8e3a116d2f3013b8e1d28598b14f900355889402a145ba70a

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\toggle.png

MD5 f21953ea0bae88db07b5552a5ad4dec4
SHA1 1e946e1167b0d3fa15af22b402e231af6f29c3b6
SHA256 999c9fe7c01758050e7ed0e8ef61199c9e482f436a9caff7a995ce8101a30a23
SHA512 9a38d637e9edd3b9996247a3900f6814a2a5993f7a2911ef7b0e3a09b8fba722b82fc3eecb5adb4ffe30a0ecd411329f07df3daf61259d41fa7fe05faad43224

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\rpand.png

MD5 07efc149d9e0aec58d4691b04718f464
SHA1 0559be9d64306b03a4350af8db97c715bd0054bf
SHA256 c11fb632f4d6af016766f204069e25b5782baa2d0a5c9e550fb5e246d92b234c
SHA512 c2366f476c5e8b1d9a3294b9a38f2bc19a30ee141a5c1c6964859e0a812c209812df46cb5fd19402adcf7c469f33c1bdbb1ae0c13d6317d5c7b9c3c490d4f4e2

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\remove.png

MD5 ce291781d9b3b824005a0c734fa2a034
SHA1 b09074f429072b5a6a0c5753bcbde8b40a7007cd
SHA256 61ea6524a86b21891fc7444c615da203639fe3447dabecc2c6c9f4a6e59974c8
SHA512 a3b3731e6135056872b6688c5770f75fd1d5602efa7cb5896a29d40720dd543d2b56ee2663f82f693ece8586ff8b5202d0cdd03ee7234b298388497e7327e307

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\oppo_bty_en_2.png

MD5 50c79d913be1e6e93220df9368d9b6c8
SHA1 f585a3f3c16952f5cb0d877fbf565c791016a351
SHA256 1f456d699383617c711aa5f0004b11a2ce5672a09d6618b80b27785d999a9fd6
SHA512 f54c3d462d8061e76cf204ec8493721eadf3d0eb44b1b5a7e5d3ce8599f881e7ddf833e152b1dc99df665e9b32c60f48ee8f81d805fbbfd0ee085d28616dcf65

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable\treelins.png

MD5 146619e7179d32ed2c56f749d38542d8
SHA1 42834afbc70437211015aa3de8a50b2b8813d2be
SHA256 15a771cda6439cbaebf85c8042686819931877047c7848d39a833e13e656fd89
SHA512 12186dd68bd30eb0f6c9b123ff68a44942f0a8fb16d49bbfcf2ec8f5635e7833d42f5931ac0181e2cac1233edeee47f3357092cd6b9c6628c4585a359dd7a10f

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-xhdpi\notification_bg_normal_pressed.9.png

MD5 fa054cbba957c42a29528e848242f4fd
SHA1 344d8897537d06d483fd9ec163a727036da65521
SHA256 4a24d2180b1dfd48e40bd675e2b601fdb26099732b4700678984f59cbd67d417
SHA512 180bd0c909721fe183600dd2736b2703fccb4f4eec51440708a91f5feb7aadb45b67823325c7b7653b368060729a5a1c15e9c4d9cf8ba95aa66d489795b00600

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\resources.arsc

MD5 c32145e2f765425e8eb25ab93c3713e6
SHA1 07312aca5a38b8b50332743a0f3fc82b2a9e154d
SHA256 f511dfbe77c253309333b6f751c2f96243037b3d2a8b0fa80a73f964883f3bb7
SHA512 ef424ec27d387355b49a916a1a29efc928b549f4c89905e8e9280d7a33e518d22b15d124f8a8b79b8646a53302148319ffa087c7ba76554a681b528c9b85a91e

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-xhdpi\notification_bg_normal.9.png

MD5 bf3a10daa260ba3f4cd3325b94f75cf7
SHA1 511cf72f3fed223300b577cd1e299670340b4ed4
SHA256 559bf783d765c02338e97952bdc9c6689c7ff99090b8c9813369118da8b080f0
SHA512 c558774509b6d6cd102fe5758fd8dbc242bd66efac8484399f2a11be604e4610be9a8bc51c682b22b71b226c50c70c000353dac011e5186fb456e938650b0eaa

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-xhdpi\notification_bg_low_pressed.9.png

MD5 668d179f248f33343f95b98ba90066a1
SHA1 07386f05e7edda430c9a0e1dc079396d840f662c
SHA256 3b79243ef0228d6a5b66a25416c980ba9620851c879093a9da4feb84b33961a0
SHA512 524c0f4be67bba44157a0a917f5521a3451254ecb41dd4d16e5a3746f80159d05f55e3698dddb57a930d4b0f7b04e4065924b4f52ff16d962c5fec002f2a15a1

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-xhdpi\notification_bg_low_normal.9.png

MD5 3d4e903880e581df0dff44a4cc07c65b
SHA1 76739b885ae4d43bed479546809590c04ea835ea
SHA256 3e09afa21c45372c035598c017c8fb405a6d678e6cb84dc857581cb3b40e482d
SHA512 88b24898f5206a6a4c2ec6b153e8cb2f082a88c685d48b2f9969b3cf109b8c3afe41bf30dac301fc58b28122eb4a83e41693fd61e27ae338f6eb3006b51ac3a6

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-mdpi\notification_bg_normal_pressed.9.png

MD5 34c35696bd285f91cb2a5506eb258afe
SHA1 5ccedf7866cc6be4fc127c0e54fe07e4de450dcd
SHA256 c7d9e7992b7fe7fad1ac8a469e0d3767e96336ae151a0f5cf85265a88f452605
SHA512 05453111699d0b6e4c15321f6f17c80aee0a018cdca19344352c6fbb6a62a285d918f84ed2a4f8adae2e5342ef4d30aca2afd315ead3d2c25939664c3110b805

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-mdpi\notification_bg_normal.9.png

MD5 b9272156e69985c12fb792d602828b8d
SHA1 5a5e2306486d3d2f44f89916692d063b2a0c6eec
SHA256 a8676a1793ac8310ffb12986232df66df092d29c242aeedc2b73556c010d38dc
SHA512 3ad0cf717a293a3f52cba088d8ffa7a21424ecbb3660306ac5543d3a26fc1cd1940e3e2b2dce5d2fbd02241b2c3a30abde71f826a074873f10e4a2957bbc3a87

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-mdpi\notification_bg_low_pressed.9.png

MD5 a07d2b366567cc7e6149d388f7897c9f
SHA1 1f95867eb54974b9006f736ad723a5f81e92925c
SHA256 452a417d7ba3af7292f03e7a8b73d8a9122fda7953425fd5603f5f6aa51e6a1a
SHA512 5ed078f25cfc5e02286daf8974f92ca9726f8388a270cad3ab8f9ebd478ce7deaf67ad23a0be40c619823964957323ac4386a610783735113f42acca3ea89628

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-mdpi\notification_bg_low_normal.9.png

MD5 becfcdc666bad2da32848991e97e1475
SHA1 b145c1483988c2b5615cc018b6c9a9300759b153
SHA256 2f7fbda0ba6e53e9a47e2fc0e24e32c447c613a5808c2d6285dc651e83a07ad7
SHA512 9df721e22a3845858500fa0da497a109c74ecc619b7a6bbd0cc57296859a470fd7a17dd3d5dc8858bfc99d680bb30b1461a1e45f5a36935d01eff4f78d038181

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-hdpi\notification_bg_normal_pressed.9.png

MD5 6e8af82f4c8393d50496361364f43542
SHA1 163e34d2001e4efc110ff1ec79c1980e60cbfcbd
SHA256 bbe825fae7ad565073981bb22700d71837708b515ebe99fe2fd0ed5ba5928a0f
SHA512 1577384c857936796e5915f2722453519b2f1301552e2f685eaad1c9dc7262ff1bc0845278f029793ae0ca55d3608c5800077b358b9c7afa9fb2bc341615f125

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-hdpi\notification_bg_normal.9.png

MD5 6c3c4b9d0b6c4f7019ce57cbc7e7aeab
SHA1 ada9458bfc632f36738a64a69401821405207db1
SHA256 0c6328c7b2420570a7ec38b3beb3bac9a29d895ac1ab7239315aba7266418593
SHA512 197a49aba9e31671e73709f0c18ab4732fdbf3c7bdfd33c411a80c3818fe5d787c25fb6dac1e758acaa8bbe498699630d5111746c4aeeea36adcdfd91283d6c4

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-hdpi\notification_bg_low_pressed.9.png

MD5 ddff200be4c8e0794003808eec48267c
SHA1 507c5f65f380dc8cbad0a5bcbe0e3085d34e3355
SHA256 859dbbc97eecb8c52d4a4cd299511d947ad9fd704687818d5c84a803b46eacda
SHA512 96fc42b457ca9d93d97410df478b7a7a12c5b0737a0b90c9f104da7082ce4396a7f8767f47d44970bda201812b3726beedf021c5e417957fd5ac24a6dd0cce9d

C:\CraxsRat_Bilder\platformBinary64\bin\temp\build\apk\res\drawable-hdpi\notification_bg_low_normal.9.png

MD5 9beb0f023e6da0e206be1340063cfd1a
SHA1 0f63e128ce75b58668f1aefdae22775e2503da77
SHA256 21f0b55280be10b187ceff8edef4a5a7047683e6e9fcf47de410aa3839f41094
SHA512 880ad614daca85f36d7e986bb32b1a8f678eed22570e7ff3962ab8161da9c6574580b17ecf6101e6f44668d07dd7392066b583e813a382ef5206e1a0f6af9324

C:\CraxsRat_Bilder\platformBinary64\bin\temp\dist\temp.apk.apktool_temp

MD5 4abf16bbfdfcd397d05b09d6850b72f8
SHA1 00880def3e77bcc38f7037188ba39bb24d237647
SHA256 165109e54b9d1d64934dd8adfa33f82bb23aa9e53692e7b527731d5ccde11ef4
SHA512 d26dfbacc7b1ce9667cb9c0de71fb0d7a449f18257c166f079307dca11a7bb6f0e6f64978f53bf1b2e5659e0551a76999900b769ce82fc434a7d43bcff4771a3

C:\CraxsRat_Bilder\platformBinary64\bin\temp\dist\tmp-804870544

MD5 5b9aac2883efd7d7cbbeac6a61ba270e
SHA1 18a128a4f277075d6036002aa54856be73253e94
SHA256 d46f19d92dade2a456a47c77e3952250bd0a7f9d935cdf573c3c45e41f351e63
SHA512 91eb6526a68bab1ea541afa796d7294e2e8fe296b0c93a5deaab3515500a4bd6a187dcf15780fe6026d6ba7231c0596d80b477934c4bea01c30f30c7724fc2d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 98ec0d6a2a859941ba70cd5848c5ad3e
SHA1 4615eebd9c02a61421e57e2806c1ed23797a01d6
SHA256 59713f73bdde09fbdca3e085e7015de46dbc06e83a851d182de162c851a18629
SHA512 99f5bdf3f3a20f4ac7935a12bee489d384f01e6e2bf8fa05ec4673af5386b50a051b3317f3cbd65b0b4bdd7a85dd91cbfdd3a1c51a2ea1de9b5bfd8c67d84b54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1832ec00237c7160c824485242aa2013
SHA1 22b7e2b9d2144adc4f96e86e05713855d4e62120
SHA256 ed1ff70400d34c13a6e9b61de6b6eff105b89c4ff797c4de598de453750a8e53
SHA512 69b9deada04e01d63f0da5850c09b6840f2a2b8b14a4b4be17b2502963a02f894155b45047ff099131ac5593dd294ca46fdaff5a615871e023d5f53444c0eb72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 3db01f3289b7517e321aac642a91c7f3
SHA1 4d54518f6f94dbe3e4e0cd7cc0d13698272d197f
SHA256 45c8217bf1571647763788b5472b9621330f6b065ea3107e2c6340a60ccb73a1
SHA512 69e7726636a206b910a971c00bb9a2a79835e5f98bc588158f62484ae77cfed138f8741e68b6d69ce77830420bb87df46762c51862a80f01d04112a3561673cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20d331237048ab5c12cf318e92873624
SHA1 70984ede84928df70c9a7f07bad5bdaa8f3521b0
SHA256 7b36c477852d419242e1f5710b05f8a41e71fdba321a4c30409191582b27aedd
SHA512 6c5ddb6ac8de0e1d2cf5e08645a4aa6fb1525333c005c4f40e0f0f5b3b9a7aed22caae73cf17a99ca628f965ec7a815ee9033f2ecdc45be57a28c85e888d6cd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6c268fad0ea01397b033c2d98646bc4c
SHA1 95f04eb2430cc99dc47fe985334c4e2da75ee4cb
SHA256 24273ffae76950d22a66515dbda573adc45a35da0953027914466a928f4d234c
SHA512 5c987328a49785146cd9b3fc9d65c2fdd58a6fe29cf5370bb059acc88f64671fbf2bd8d88d4a378f2029186eb473170b5a1f9c13a5445a913c90ac29e4f19451

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f0c3a65f42e7c68dec2fffe9293446cf
SHA1 8143357653f1d4c5da182e000ffc3bd00fc02d9c
SHA256 a287acff34878577266b5f99c951a54c6a6cf0845a2f364598a80810baa5b45b
SHA512 0427727e186d5c2912154d0ef96ecf9eee7fae66a907faa0996e3ed5b54b21510fa2b36fbdebc964d6d43491822c8dade2585c221bb9b0580a3dd839f373ebd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a9a270171b73417c854f178a3ff16c23
SHA1 707303f276b9874ef803c74c6f341de708f324da
SHA256 ffe51f1bba6b77887f918735c75f3de755c3877f91bb49a9da3308361fbd4d7f
SHA512 391b851de4bae8a545b08fd506d418489e6188356cfb2f035d1ef09e9581654abc37005ecdc7ff4e9d813ebf954bfd8ffc568d9af4324cc8817e780c05aadceb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d46d38221c49562ec0f3bbd58ad980a9
SHA1 57f207736d766dcd11637bf50667a196cad4abd3
SHA256 1044f171be604e3dc98a82c773f5f449c621d40f452c231a0f03566ee2ff45ae
SHA512 9f422ad1edfb9d8d03d8150aaf0abf81f636a8eaa81ae3cda4d0d1d6c4df1b96fdd4e58c8cf565b2da9bb93661dbfb5889e9bdb66b397eff475d5ab99a8fd9af