Analysis
-
max time kernel
726s -
max time network
723s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10-05-2024 07:39
General
-
Target
image_2024-05-10_093951142.png
-
Size
275KB
-
MD5
39498e4f6bb277b99bc02e4e60843318
-
SHA1
9e8e9d4df874a734362f96a989da687898fc8083
-
SHA256
5be19e6b167f6cb19e826e99b98207d21f3d8135c0a688c743c5f6e79ab23c14
-
SHA512
d314c1ea8300068faf41f57b61f847a993cf2cc9a42b061ca0bc6276fad93fb6d2d38798aae9410eb8abbf87239c9bd5436b40e081454708971179bfe3654f3a
-
SSDEEP
6144:R0tK3pytiBIpR+b26wiHJFLB39nNr0yGSJ3yqwdX/nJMMyzD1:HYbpQPwwFN39Nr0yGC3yzvnKMw1
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies registry class 4 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of FindShellTrayWindow 9 IoCs
-
Suspicious use of SendNotifyMessage 6 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\image_2024-05-10_093951142.png1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.0.139121576\920371778" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5aa73abc-2658-4b59-b276-fff58c29455d} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 1960 24ae1aede58 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.1.1282398232\2018174756" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2336 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb542640-5649-4df0-abb5-0f42ad05394b} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 2360 24acdf72558 socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.2.2050211879\70236136" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3180 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dd58abf-8fdf-4140-89d8-8216d771d833} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 3356 24ae5ca0958 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.3.658326345\225795862" -childID 2 -isForBrowser -prefsHandle 2520 -prefMapHandle 2508 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8acbb104-33ad-43d1-a276-6037a76f3166} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 3580 24acdf5df58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.4.735725475\809346360" -childID 3 -isForBrowser -prefsHandle 3764 -prefMapHandle 3760 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16dc8b92-94fa-4551-a8ca-c250bc46f1db} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 3772 24ae4790b58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.5.35487910\678826278" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5152 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9e66819-1cfb-47d8-a1de-cfdc83dd31bc} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 5168 24ae8410758 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.6.774779835\140010612" -childID 5 -isForBrowser -prefsHandle 5304 -prefMapHandle 5308 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9af4d969-7b1a-4172-a2fd-7845c28b4bcf} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 5296 24ae840f558 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.7.1284932040\846790218" -childID 6 -isForBrowser -prefsHandle 5504 -prefMapHandle 5576 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1c4216d-9922-4db0-8a84-7d933f8450a0} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 5492 24ae8412b58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.8.717808738\1815606527" -childID 7 -isForBrowser -prefsHandle 5924 -prefMapHandle 5948 -prefsLen 29440 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f085ca5-c9ac-424d-a2eb-a1e938623c6e} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 5920 24aedad7e58 tab3⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat.exe"C:\Users\Admin\Downloads\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat.exe"1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Hidden_Blaze2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Cracked4You2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3996 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=3556 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4936 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5736 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5840 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5968 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=3744 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3764 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:81⤵
-
C:\Users\Admin\Downloads\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat.exe"C:\Users\Admin\Downloads\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Hidden_Blaze2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Cracked4You2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=4128 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5560 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=6404 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6312 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=6632 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:11⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\8ac4c1c1d021492496670641145c6e4a /t 5972 /p 59081⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
1KB
MD5fca8af0dc8436b9952fdf961f8c7f401
SHA1ac194f887a84a4538985ece94daf59cea48fe65b
SHA256477645c7b83bbde8bdcf6d066f0de596d5b02fd47c223f89dde7d86903338cf9
SHA512ba0d8f654216d9530bec83aa011a3433cea27873be327ac60eb1244997995489db76e25077dead09fcd43009b05deda51fd37b30a33fff01c94ba3927e1c21d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_685A755F9E99B4D751E9D861DE8DDD77Filesize
472B
MD59a334bfd5d0fd0f25bc3a07ba563581d
SHA1720523b8d88103b98e7788951437e1499b5fa25c
SHA2560b6aa76d0f006573521aec48a9d3565c0b47294a0baeb5af3ddd6e106b7acef9
SHA512f81740315692b2038cc601edc7f70b94b236907e2c299e568495033e1e10ab07235254b38a8bf70a3c55495cf4a54fa9a87af7786ec86443218250028fce48a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
410B
MD5c8a44bc0918340a101df521569e47033
SHA1c8ecac622ee65098412ced3998b7bc0a25bb8d73
SHA2566f88e5d9069466b1ef8198463600806e9e3a5a8e0278e06453e504a387d660e4
SHA512de1c5b07c22ae24238fe9db1b27fa07db5eca29b4c40808816680ce85c57c422a516d2ec8faa747919a7b3fd4e4d4979cd5994d440ec569278e93e2393ac816f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_685A755F9E99B4D751E9D861DE8DDD77Filesize
402B
MD54cebe0a247122c2d4a7c28808f724960
SHA17460500062afc9e4b33887af47073b6d0df22b4a
SHA256bd4e525e5f852be5a389e1413832f7b03af8430a5bc181fceb2d437caa585483
SHA512b40a079c0e5fbc32fe8be4305a0ee9fcb29930737290cffb30937954ca402311ad321c55d54b47f076e496420c6369bf3de0bef1133882902f6ec6681f7fb84c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
392B
MD54ecd1037ceea798e3d44b12abaf6ba4d
SHA1f91adb3dc1749231c5ab0a222f6006fc0e9ad1d3
SHA25681b21199b4cec908515e637dbb667072800ca435b3f910e7514f88ebbb916ec8
SHA51238205105ea225e2b66b2100ec60e0e663364fe073d0dc098544c76b4f995023c75ffcb10b6004f773838ef07da4960549dfea889e48fe5fd9ce93e74cc613abb
-
C:\Users\Admin\AppData\Local\EVLF_-\CraxsRat.exe_Url_oyxqh2q3efoj5cvbxdi4c404hdwf2cju\7.4.0.0\2xeqjrp4.newcfgFilesize
2KB
MD5cb34ec212d71a84e9e07a14e6a94b948
SHA18ac001c0e4dfb043de08ed70c08e4637507442c2
SHA25699679971824d319e2e16f923f0ba9ffbecc10cc5efa26ade7bdae5cc881e2311
SHA512240e560095b010e3ce45a6863f560ac4e898ce26ae4530a516952bbc68c2e767d85fd218fd7043b384802744afcb5fedfc1ad40e63d1c2623c9135af6eb5e7f0
-
C:\Users\Admin\AppData\Local\EVLF_-\CraxsRat.exe_Url_oyxqh2q3efoj5cvbxdi4c404hdwf2cju\7.4.0.0\ezp4dxta.newcfgFilesize
2KB
MD528aeb943e4b9c053644bf95c945b6e2b
SHA1795e6bd4385983d75521dbdac15ebf06498df730
SHA25623a63a4b60b91d4d00289e90810085eaa351b1ee76281463ad919faed5fe74a3
SHA512694a4ceb951d7ebfd5bc937ebdd4084ea72d214142e882cddb004347cb70d854cc9fea594af89cbe7efa7c3a423f96312a8f02a4ac59c4fdd37fd53bf4c88f9b
-
C:\Users\Admin\AppData\Local\EVLF_-\CraxsRat.exe_Url_oyxqh2q3efoj5cvbxdi4c404hdwf2cju\7.4.0.0\hie55dsp.newcfgFilesize
2KB
MD53325ffb7506eb297b338beb60a20e95e
SHA1bcfac8326d7094cc16b6b83d715bd10fea0fb040
SHA2568cb6bca98c2887e3ca62d2c49195f151713a080b2bf774ee0b821582a1c2a4d9
SHA512b9776fa201d99e1d9e49e64cddec3df8ae5e75e7d11e4d14c3fc559c419c221cc60aa17e9cc5ff0976e998251bc280cdbe6b2a8d4bad20981a5077e471cb75b2
-
C:\Users\Admin\AppData\Local\EVLF_-\CraxsRat.exe_Url_oyxqh2q3efoj5cvbxdi4c404hdwf2cju\7.4.0.0\user.configFilesize
672B
MD5defcab24d78f34ec1f9e208d1b1eaa34
SHA1b088741718a13636b8c666711deec5928e30c627
SHA25654e52e8517a1f1d9cc3af279119d0ffe12fbed6799bf8c95427718fa0c2ed093
SHA512bb825ab95d04bf67b8b6a5a32346aca67b435ddeb802499bb27aa0b9ee014463e4023ea081f337359938a46f519ea2ee532739278f19603c4548f024f71163b3
-
C:\Users\Admin\AppData\Local\EVLF_-\CraxsRat.exe_Url_oyxqh2q3efoj5cvbxdi4c404hdwf2cju\7.4.0.0\user.configFilesize
2KB
MD5a973ad931c8719adb636b68f032f59f7
SHA1a5e63d762a6afb1512a389e2f74b729b4e49c560
SHA25642b819f84c5922cf471a79de26fbd013ac968c3edcdf56e9b6c4c4c87b675bbf
SHA5122e388fad045bb638c27d903d41e35c372699ce60ddebbd73d4b342a6fbd8ac8371ea864d9b7dc73a75246ae5a3625083b7f6b6b43744f31a03eeebf00bc664e4
-
C:\Users\Admin\AppData\Local\EVLF_-\CraxsRat.exe_Url_oyxqh2q3efoj5cvbxdi4c404hdwf2cju\7.4.0.0\user.configFilesize
1KB
MD5f81ece2a99b4e155a3b6f433eea6392a
SHA151a2c7656efa04b5899129b4c979fc07be5379f4
SHA256a42d8dd71be265c5d4117a3205eea6f289280ef4e0615144089f16df9b1ddc17
SHA51292c7bc291db3566020a1b55137c0ebd81bc1012ac30deda710a1e573008409f56c3b0862bd0881c7e26f1eb9c72f82227a426ca838537b251c5356c190480992
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\CraxsRat.exe.logFilesize
3KB
MD549e1ea28be3bf4989dcd48514e51134c
SHA1ff9bbda4bcd5d1420583d8ca912ad5eff66b8a73
SHA2561a4dd27a4b77ca46b73c1498893d28ad0b8f05462d6320e56cddd43ddedc090d
SHA512ed4679aad9f5122af89016c3c88daf76376474ed59f5287924428e3901a0ff3bc2e285bbf5d06fbb0d3682dfee3301e4df754c1c07b3d54433ca4189d641100c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\30251Filesize
11KB
MD5c76d4df4369ef309eba74bb1c45fbf43
SHA13bf940387896cf9ab8e838a029d2db8fd2ce80e3
SHA256fd51f75fcabd15ba3a022e9478cd67ae68081537078bbc1d57bfeb7faca311e3
SHA512961df830369829cf1792ac002d5da481a16a6e3df7f0fba4d5ae084dce1a7f5ca34598091d99ed3b5e6a69928643b4acf29033544501f20f3baccbe44985f4f8
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BAFilesize
13KB
MD53119642613e871aab0f3c9a85c819fc0
SHA1aa0fd404ec7c3e2114195bc350ee74c8a7b5cb8f
SHA256e92c7a8ba4071ad54219249bd379f7b59902ce59d93f679a3315fff5324ccda9
SHA51292655a1ab99da2ec38e544b38c3f1d422e955d84de64fd4703a9edddf84dd5f9496039ab7d36cd4d6ed7684d7a2115767d40b0be046e1a3a2783c0be1ef8db22
-
C:\Users\Admin\AppData\Local\Temp\tmpaddonFilesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-msFilesize
9KB
MD519d83706e89a5f629d4c5668cec44653
SHA17df78baf9226ad82f6fa8e899ead4e8a8655b110
SHA256a3c9088b366ac25d2d95d16cf7882e3f39e49b23d2e66321f4564eb4bc7bdf6f
SHA512eb88dd2114f195d0c74c34a2c577aec16c03e9d5fcbea5189ca64a8b5eb5a25a29dd8cab1318f7ba208fa5e0ca68a2a89cf6959f756a238acc07f7bd9204074f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-msFilesize
9KB
MD5e9f7453511f895aaf3727af36f1339b6
SHA1f1a702fdbae140bd47f6840dad5941863abec180
SHA256773f1ad03d01b38765d031112a2f9e5233b1e15fb6d507d9938c606bbedb3340
SHA51281dbdf6da6f9bedcb24e10aa979f0fd15eb66ad1a4d07737363f4e4fbe516ca428d13ffac437c19f3c9f697d7423824f497e1c1b687eeeeff388cdfd3c58701d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD5da2cfd05bf85c06ceb5582ad1f2b506a
SHA14b318e0184013b35918cba9d8c4f67a193f176fd
SHA256819b5fa3ad5a425fb71de09322af68eaa809b6425a765942ce8da0b8fd22946d
SHA512403e94561328042b74bbdb7001442e91733499fcfa8e154200d61592ffecfc235ae6a9b6743efac410a1f4b893e6476e3c96f38ba79d975dcf934eb62cdba05e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\6710f455-0a3d-4c8b-8927-0323deb878b3Filesize
746B
MD558f83a9e455809420ee9fa53a64ae8a8
SHA1ac3595f9a802f7f9d2722a9188dcf3145697e858
SHA256408416b6ac8b04961489a3c1ba1c0c916e133571e88d716e4708cc432254b27f
SHA512cbaf8a263b4adb3dd1310655fd52565ff31b9b1912c07ebd631d07997bf0755a64c1fe20a7f814d37f6f8179784b4c3861d2e909923ecfed0d032d059bc166cc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\aecee0d5-0f24-42e7-8766-aa3abea0ba4fFilesize
11KB
MD511834d6a4f06170d647320b0df590db2
SHA12c9e4ab32e6c405b297462f7e53b531d91c3ae3a
SHA256024786ffbc5ff351f36e64fbab658f2bdc393bbb3ddac1ee4f50ceef14f61cf9
SHA5120c355f93702c9c43acbec79fb4f0fed068d1db2dc8ddbbfc2d09b2dd9a9d10ca8357d7059d484bf4dc7f57885dfc7f4c5a500a5a818fa4179f8b0270694deeaa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dllFilesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.infoFilesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txtFilesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.jsonFilesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dllFilesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.libFilesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sigFilesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.jsFilesize
8KB
MD525818ca04b459f5cfcf705af21fe4141
SHA12c56b1a83d3fdb0fa18f46ed63cf8020467bf11b
SHA2568346991907040adf4e203f4f1a7ee2f60d44188d572b1a516c3e4b1c1637f602
SHA51250de67d54e70241931bdad18ae4823e468ff908686ee1108870a551637d3c9b620a9266e870b367f2e7a2b738c4f19393ab376fdf5b0572533d1e50e864bf527
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.jsFilesize
6KB
MD544e9ea20635b04bd83e19864f8bb4807
SHA138a5aab89fa5e265843a200ba8e611317d391094
SHA25614a53a02e2eaf68a1c985e62a7a6f9fb8c6ee9ed0bac3a016f99f714929dd951
SHA512161d33a13c9dedb9b85bd0d50d610817fac33a48fa06deec715ef7b8aac40e6fa270f8ab6d72eee53533ce62a4e2b84a95ef17cc79e38e188c02c6a76a4244fb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.jsFilesize
6KB
MD539a2e0423c6eec7f50fee6902135a525
SHA1aa0bbc085b14f91ef5f1c4b83bf510473106e9a0
SHA2566e96f599a43214f8e90c325a62d1c0f238772b9e1063991519847a79b17a3d81
SHA5124398b78f75f757b0b75375848cf648758b26af9fdbb6d12d035c348e91359a2fe15f0f2963c65d5c6b36ba23c856efb06d96b11f60eeffceecb2a1854b6745b6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.jsFilesize
6KB
MD558eb79677ace840f8b6cd439d1c4373b
SHA10b7c6850e09e0c0479fae2e7797cffe20b7477eb
SHA2562eb8ffc3e4f6180545d8fd3857e2486c49bf29ceb7e808a6c6efd778cc378b4a
SHA5126fce38df475bb7e0379b345d47c039696e2609f7402b4e3df2e268f82525b389d270d21d15ebc19971eb44d8a8218510cb85e63450494c99bc9ab0efed8f7ef7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.jsFilesize
9KB
MD58d56bfd7e7f58c6e2349c9877231fbca
SHA1540361981aab6ec45b335a92850f633cda70665e
SHA2566904eec28301699b0062781fc8014d679665d3fd5cc72e0dc80615ac8afc5777
SHA51215fad525eb7ad09f6d774abc72bec74fa3315a02961ebd25c3c77c1edaa4925856d053eca5bf9a2594ff033cacc471cd480e4dffcd56cdb2bac75eb03372d6e2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.jsFilesize
9KB
MD55b7998cb231f349657ccd5fa4b314c1c
SHA14259a3d5e1ec0ab9c6ac3be5cba2d02dae33993b
SHA256d54a5677fdf676277c2a0e5356dc308a7a368637aaa42a534c186760f2f3050e
SHA512be3faf16c0a287844377543c42881a1f32eeacdd4c2748efd75d161e165fd701a86e40e12ebc6044ceda8750947d09e82564a4eabf2288365a1a877e310328ab
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.jsFilesize
9KB
MD5ab373d60b61f3bd67af37c2de6a71c4a
SHA1bdcb81875b7c38bba51228e332adbd10d885f718
SHA25624f105ec704bf849daf7bdc80216273ee16a635d066fb58a002c5c2cbd397f10
SHA512e2c179dc5a102356d904be453a0ad9b2b94ad0466ca573bead5516354dc9c81aeb7c8900a0d0bad33db2bd0ec8000879f370f672612a26a04a179173523675fc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.jsFilesize
9KB
MD5211502f2617064baf5c7762ae206447c
SHA1555ca4346f0806cd8bbfb649f6fc10f017b3b471
SHA256a63ce76d37193073063e47c002f4c5a7a0aa3f000c653da535de32d65a71b2a5
SHA512a93539d8220d7c8a7b4edc0b82880c369d0e713b6a70124cc55544dd974336aa7e7f4dd8b45a5f48a67c0e21d60b5fa25e92a518109ed483cf60881d5684004a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD5f07334fd9f86bb736576be6c3b3cd476
SHA1e52f1a365c72dee577995e93137d99ba161b102d
SHA2564c4364ab2923010224af50a33daaf27d70d2384d403b174ad57c763b1c6b13c5
SHA51212b426d6d6cb680aa61fa86e5158eba0bdfeb6a9eca9478facbe3985e9115302edd9c608117985e408cd4a1a828b9a3d3e4588e13f4fff59e9d18b4a7e682554
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD545cd291130ee17649e7ee6333828658f
SHA18d5f71cbfea708998afcee764451d6203464b9e4
SHA2560b44a9a4ea9a65c69d2ea6fc69608a87893d2a805eada1c1b1a9a88e7ef9f68c
SHA512bd315e9126c58f2ab7cff2f29989e651397f4d5fe42e80eedeea342a44acccccc54427acda98a6710f1f094e4fef5d91fad8d3e09af3dbc9115b90e1412cb7b9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4Filesize
5KB
MD553151067f72fa2bfd733f6e447a16ea5
SHA1eadeca8698dfa877c50a84fc6630463c49a8aecf
SHA2562c34c887a0e8aeb53655acdb2e31a3754e5b70ddae93c292edad1ed4c8f32657
SHA512e4427d719d3d915676df2d3b9bd2ef3f69bdcfd4e674cdc40f3c9369d73b3598f2fb9bab8eecb4ae450c71ec030fd6850b65efab73e93f8160ca878151b0d0b6
-
C:\Users\Admin\Downloads\CraxsRat 7.u_1YM5YW.4 Cracked By @Hidden_Blaze.zip.partFilesize
1.1MB
MD59f1c42784c4dea7db387d1e7763e61f0
SHA168436738df9bdd0a99141387df9de4e956499075
SHA2569d8642d4aae181b69ff3a811008fb6f6cffd3868dad39f71106dae490624d588
SHA51237bfa34fd0eb08a02d8089844b961c98255e4536bb32cc8c886b6dcfe70f600b7212f15d6840c23aae4b1dd6f8e706af33cfbc187bc8431490e512b17fe305c1
-
memory/1176-2350-0x00007FF96EF83000-0x00007FF96EF85000-memory.dmpFilesize
8KB
-
memory/1176-2370-0x00007FF96EF83000-0x00007FF96EF85000-memory.dmpFilesize
8KB
-
memory/1176-2351-0x000001B03C960000-0x000001B040A40000-memory.dmpFilesize
64.9MB
-
memory/1176-2390-0x00007FF96EF80000-0x00007FF96FA41000-memory.dmpFilesize
10.8MB
-
memory/1176-2388-0x000001B06BC80000-0x000001B06BCB6000-memory.dmpFilesize
216KB
-
memory/1176-2352-0x00007FF96D770000-0x00007FF96D8BE000-memory.dmpFilesize
1.3MB
-
memory/1176-2541-0x00007FF96EF80000-0x00007FF96FA41000-memory.dmpFilesize
10.8MB
-
memory/1176-2353-0x000001B05C380000-0x000001B05D3EC000-memory.dmpFilesize
16.4MB
-
memory/1176-2364-0x000001B05B760000-0x000001B05B906000-memory.dmpFilesize
1.6MB
-
memory/1176-2369-0x00007FF96EF80000-0x00007FF96FA41000-memory.dmpFilesize
10.8MB
-
memory/1176-2365-0x000001B05AFE0000-0x000001B05AFEC000-memory.dmpFilesize
48KB
-
memory/1176-2368-0x000001B05B5F0000-0x000001B05B62C000-memory.dmpFilesize
240KB
-
memory/1176-2367-0x000001B05B570000-0x000001B05B59C000-memory.dmpFilesize
176KB
-
memory/1176-2366-0x000001B05B520000-0x000001B05B53C000-memory.dmpFilesize
112KB
-
memory/5908-2543-0x00007FF97BB50000-0x00007FF97BC9E000-memory.dmpFilesize
1.3MB
-
memory/5908-2567-0x000002696EEA0000-0x000002696F646000-memory.dmpFilesize
7.6MB