5be19e6b167f6cb19e826e99b98207d21f3d8135c0a688c743c5f6e79ab23c14

Analysis

max time kernel
726s
max time network
723s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

image_2024-05-10_093951142.png
Size

275KB
MD5

39498e4f6bb277b99bc02e4e60843318
SHA1

9e8e9d4df874a734362f96a989da687898fc8083
SHA256

5be19e6b167f6cb19e826e99b98207d21f3d8135c0a688c743c5f6e79ab23c14
SHA512

d314c1ea8300068faf41f57b61f847a993cf2cc9a42b061ca0bc6276fad93fb6d2d38798aae9410eb8abbf87239c9bd5436b40e081454708971179bfe3654f3a
SSDEEP

6144:R0tK3pytiBIpR+b26wiHJFLB39nNr0yGSJ3yqwdX/nJMMyzD1:HYbpQPwwFN39Nr0yGC3yzvnKMw1

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/1176-2353-0x000001B05C380000-0x000001B05D3EC000-memory.dmp	agile_net

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

CraxsRat.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\TypedURLs	CraxsRat.exe

Modifies registry class 4 IoCs

Processes:

firefox.exeCraxsRat.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.apk\DefaultIcon	CraxsRat.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.apk	CraxsRat.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.apk\DefaultIcon\ = "C:\\Users\\Admin\\Downloads\\CraxsRat 7.4 Cracked By @Hidden_Blaze\\CraxsRat 7.4 Cracked By @Hidden_Blaze\\res\\Icons\\apk.ico"	CraxsRat.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\CraxsRat 7.4 Cracked By @Hidden_Blaze.zip:Zone.Identifier firefox.exe
Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

CraxsRat.exe

pid process

1176 CraxsRat.exe
1176 CraxsRat.exe
1176 CraxsRat.exe
1176 CraxsRat.exe
1176 CraxsRat.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

CraxsRat.exe

pid process

1176 CraxsRat.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\CraxsRat 7.4 Cracked By @Hidden_Blaze.zip:Zone.Identifier	firefox.exe

pid	process
1176	CraxsRat.exe
1176	CraxsRat.exe
1176	CraxsRat.exe
1176	CraxsRat.exe
1176	CraxsRat.exe

pid	process
1176	CraxsRat.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

firefox.exeCraxsRat.exeCraxsRat.exe

description	pid	process
Token: SeDebugPrivilege	2416	firefox.exe
Token: SeDebugPrivilege	2416	firefox.exe
Token: SeDebugPrivilege	2416	firefox.exe
Token: SeDebugPrivilege	2416	firefox.exe
Token: SeDebugPrivilege	2416	firefox.exe
Token: SeDebugPrivilege	2416	firefox.exe
Token: SeDebugPrivilege	2416	firefox.exe
Token: SeDebugPrivilege	1176	CraxsRat.exe
Token: SeDebugPrivilege	2416	firefox.exe
Token: SeDebugPrivilege	2416	firefox.exe
Token: SeDebugPrivilege	5908	CraxsRat.exe
Token: SeDebugPrivilege	2416	firefox.exe

Suspicious use of FindShellTrayWindow 9 IoCs

Processes:

firefox.exeCraxsRat.exeCraxsRat.exe

pid	process
2416	firefox.exe
2416	firefox.exe
2416	firefox.exe
2416	firefox.exe
1176	CraxsRat.exe
1176	CraxsRat.exe
1176	CraxsRat.exe
1176	CraxsRat.exe
5908	CraxsRat.exe

Suspicious use of SendNotifyMessage 6 IoCs

Processes:

firefox.exeCraxsRat.exeCraxsRat.exe

pid process

2416 firefox.exe
2416 firefox.exe
2416 firefox.exe
1176 CraxsRat.exe
1176 CraxsRat.exe
5908 CraxsRat.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

firefox.exeCraxsRat.exe

pid process

2416 firefox.exe
2416 firefox.exe
2416 firefox.exe
2416 firefox.exe
5908 CraxsRat.exe
5908 CraxsRat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3692 wrote to memory of 2416	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 2416	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 2416	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 2416	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 2416	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 2416	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 2416	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 2416	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 2416	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 2416	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 2416	3692	firefox.exe	firefox.exe
PID 2416 wrote to memory of 4532	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 4532	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 3576	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 2600	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 2600	2416	firefox.exe	firefox.exe
PID 2416 wrote to memory of 2600	2416	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\image_2024-05-10_093951142.png
1⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:2108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.0.139121576\920371778" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5aa73abc-2658-4b59-b276-fff58c29455d} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 1960 24ae1aede58 gpu
3⤵
PID:4532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.1.1282398232\2018174756" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2336 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb542640-5649-4df0-abb5-0f42ad05394b} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 2360 24acdf72558 socket
3⤵
PID:3576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.2.2050211879\70236136" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3180 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dd58abf-8fdf-4140-89d8-8216d771d833} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 3356 24ae5ca0958 tab
3⤵
PID:2600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.3.658326345\225795862" -childID 2 -isForBrowser -prefsHandle 2520 -prefMapHandle 2508 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8acbb104-33ad-43d1-a276-6037a76f3166} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 3580 24acdf5df58 tab
3⤵
PID:3188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.4.735725475\809346360" -childID 3 -isForBrowser -prefsHandle 3764 -prefMapHandle 3760 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16dc8b92-94fa-4551-a8ca-c250bc46f1db} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 3772 24ae4790b58 tab
3⤵
PID:1468

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.5.35487910\678826278" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5152 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9e66819-1cfb-47d8-a1de-cfdc83dd31bc} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 5168 24ae8410758 tab
3⤵
PID:400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.6.774779835\140010612" -childID 5 -isForBrowser -prefsHandle 5304 -prefMapHandle 5308 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9af4d969-7b1a-4172-a2fd-7845c28b4bcf} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 5296 24ae840f558 tab
3⤵
PID:3092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.7.1284932040\846790218" -childID 6 -isForBrowser -prefsHandle 5504 -prefMapHandle 5576 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1c4216d-9922-4db0-8a84-7d933f8450a0} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 5492 24ae8412b58 tab
3⤵
PID:4940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.8.717808738\1815606527" -childID 7 -isForBrowser -prefsHandle 5924 -prefMapHandle 5948 -prefsLen 29440 -prefMapSize 233444 -jsInitHandle 1444 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f085ca5-c9ac-424d-a2eb-a1e938623c6e} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 5920 24aedad7e58 tab
3⤵
PID:708

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2632

C:\Users\Admin\Downloads\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat.exe
"C:\Users\Admin\Downloads\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Hidden_Blaze
2⤵
PID:2856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Cracked4You
2⤵
PID:548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3996 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=3556 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:5800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4936 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:5796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5736 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:5880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5840 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:5736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5968 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=3744 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3764 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:2996

C:\Users\Admin\Downloads\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat.exe
"C:\Users\Admin\Downloads\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat 7.4 Cracked By @Hidden_Blaze\CraxsRat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Hidden_Blaze
2⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Cracked4You
2⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=4128 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:5676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5560 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=6404 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6312 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
1⤵
PID:5396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=6632 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
1⤵
PID:5040

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\8ac4c1c1d021492496670641145c6e4a /t 5972 /p 5908
1⤵
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
fca8af0dc8436b9952fdf961f8c7f401

SHA1
ac194f887a84a4538985ece94daf59cea48fe65b

SHA256
477645c7b83bbde8bdcf6d066f0de596d5b02fd47c223f89dde7d86903338cf9

SHA512
ba0d8f654216d9530bec83aa011a3433cea27873be327ac60eb1244997995489db76e25077dead09fcd43009b05deda51fd37b30a33fff01c94ba3927e1c21d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_685A755F9E99B4D751E9D861DE8DDD77

Filesize
472B

MD5
9a334bfd5d0fd0f25bc3a07ba563581d

SHA1
720523b8d88103b98e7788951437e1499b5fa25c

SHA256
0b6aa76d0f006573521aec48a9d3565c0b47294a0baeb5af3ddd6e106b7acef9

SHA512
f81740315692b2038cc601edc7f70b94b236907e2c299e568495033e1e10ab07235254b38a8bf70a3c55495cf4a54fa9a87af7786ec86443218250028fce48a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
c8a44bc0918340a101df521569e47033

SHA1
c8ecac622ee65098412ced3998b7bc0a25bb8d73

SHA256
6f88e5d9069466b1ef8198463600806e9e3a5a8e0278e06453e504a387d660e4

SHA512
de1c5b07c22ae24238fe9db1b27fa07db5eca29b4c40808816680ce85c57c422a516d2ec8faa747919a7b3fd4e4d4979cd5994d440ec569278e93e2393ac816f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_685A755F9E99B4D751E9D861DE8DDD77

Filesize
402B

MD5
4cebe0a247122c2d4a7c28808f724960

SHA1
7460500062afc9e4b33887af47073b6d0df22b4a

SHA256
bd4e525e5f852be5a389e1413832f7b03af8430a5bc181fceb2d437caa585483

SHA512
b40a079c0e5fbc32fe8be4305a0ee9fcb29930737290cffb30937954ca402311ad321c55d54b47f076e496420c6369bf3de0bef1133882902f6ec6681f7fb84c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
4ecd1037ceea798e3d44b12abaf6ba4d

SHA1
f91adb3dc1749231c5ab0a222f6006fc0e9ad1d3

SHA256
81b21199b4cec908515e637dbb667072800ca435b3f910e7514f88ebbb916ec8

SHA512
38205105ea225e2b66b2100ec60e0e663364fe073d0dc098544c76b4f995023c75ffcb10b6004f773838ef07da4960549dfea889e48fe5fd9ce93e74cc613abb

Download Submit
C:\Users\Admin\AppData\Local\EVLF_-\CraxsRat.exe_Url_oyxqh2q3efoj5cvbxdi4c404hdwf2cju\7.4.0.0\2xeqjrp4.newcfg

Filesize
2KB

MD5
cb34ec212d71a84e9e07a14e6a94b948

SHA1
8ac001c0e4dfb043de08ed70c08e4637507442c2

SHA256
99679971824d319e2e16f923f0ba9ffbecc10cc5efa26ade7bdae5cc881e2311

SHA512
240e560095b010e3ce45a6863f560ac4e898ce26ae4530a516952bbc68c2e767d85fd218fd7043b384802744afcb5fedfc1ad40e63d1c2623c9135af6eb5e7f0

Download Submit
C:\Users\Admin\AppData\Local\EVLF_-\CraxsRat.exe_Url_oyxqh2q3efoj5cvbxdi4c404hdwf2cju\7.4.0.0\ezp4dxta.newcfg

Filesize
2KB

MD5
28aeb943e4b9c053644bf95c945b6e2b

SHA1
795e6bd4385983d75521dbdac15ebf06498df730

SHA256
23a63a4b60b91d4d00289e90810085eaa351b1ee76281463ad919faed5fe74a3

SHA512
694a4ceb951d7ebfd5bc937ebdd4084ea72d214142e882cddb004347cb70d854cc9fea594af89cbe7efa7c3a423f96312a8f02a4ac59c4fdd37fd53bf4c88f9b

Download Submit
C:\Users\Admin\AppData\Local\EVLF_-\CraxsRat.exe_Url_oyxqh2q3efoj5cvbxdi4c404hdwf2cju\7.4.0.0\hie55dsp.newcfg

Filesize
2KB

MD5
3325ffb7506eb297b338beb60a20e95e

SHA1
bcfac8326d7094cc16b6b83d715bd10fea0fb040

SHA256
8cb6bca98c2887e3ca62d2c49195f151713a080b2bf774ee0b821582a1c2a4d9

SHA512
b9776fa201d99e1d9e49e64cddec3df8ae5e75e7d11e4d14c3fc559c419c221cc60aa17e9cc5ff0976e998251bc280cdbe6b2a8d4bad20981a5077e471cb75b2

Download Submit
C:\Users\Admin\AppData\Local\EVLF_-\CraxsRat.exe_Url_oyxqh2q3efoj5cvbxdi4c404hdwf2cju\7.4.0.0\user.config

Filesize
672B

MD5
defcab24d78f34ec1f9e208d1b1eaa34

SHA1
b088741718a13636b8c666711deec5928e30c627

SHA256
54e52e8517a1f1d9cc3af279119d0ffe12fbed6799bf8c95427718fa0c2ed093

SHA512
bb825ab95d04bf67b8b6a5a32346aca67b435ddeb802499bb27aa0b9ee014463e4023ea081f337359938a46f519ea2ee532739278f19603c4548f024f71163b3

Download Submit
C:\Users\Admin\AppData\Local\EVLF_-\CraxsRat.exe_Url_oyxqh2q3efoj5cvbxdi4c404hdwf2cju\7.4.0.0\user.config

Filesize
2KB

MD5
a973ad931c8719adb636b68f032f59f7

SHA1
a5e63d762a6afb1512a389e2f74b729b4e49c560

SHA256
42b819f84c5922cf471a79de26fbd013ac968c3edcdf56e9b6c4c4c87b675bbf

SHA512
2e388fad045bb638c27d903d41e35c372699ce60ddebbd73d4b342a6fbd8ac8371ea864d9b7dc73a75246ae5a3625083b7f6b6b43744f31a03eeebf00bc664e4

Download Submit
C:\Users\Admin\AppData\Local\EVLF_-\CraxsRat.exe_Url_oyxqh2q3efoj5cvbxdi4c404hdwf2cju\7.4.0.0\user.config

Filesize
1KB

MD5
f81ece2a99b4e155a3b6f433eea6392a

SHA1
51a2c7656efa04b5899129b4c979fc07be5379f4

SHA256
a42d8dd71be265c5d4117a3205eea6f289280ef4e0615144089f16df9b1ddc17

SHA512
92c7bc291db3566020a1b55137c0ebd81bc1012ac30deda710a1e573008409f56c3b0862bd0881c7e26f1eb9c72f82227a426ca838537b251c5356c190480992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\CraxsRat.exe.log

Filesize
3KB

MD5
49e1ea28be3bf4989dcd48514e51134c

SHA1
ff9bbda4bcd5d1420583d8ca912ad5eff66b8a73

SHA256
1a4dd27a4b77ca46b73c1498893d28ad0b8f05462d6320e56cddd43ddedc090d

SHA512
ed4679aad9f5122af89016c3c88daf76376474ed59f5287924428e3901a0ff3bc2e285bbf5d06fbb0d3682dfee3301e4df754c1c07b3d54433ca4189d641100c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\30251

Filesize
11KB

MD5
c76d4df4369ef309eba74bb1c45fbf43

SHA1
3bf940387896cf9ab8e838a029d2db8fd2ce80e3

SHA256
fd51f75fcabd15ba3a022e9478cd67ae68081537078bbc1d57bfeb7faca311e3

SHA512
961df830369829cf1792ac002d5da481a16a6e3df7f0fba4d5ae084dce1a7f5ca34598091d99ed3b5e6a69928643b4acf29033544501f20f3baccbe44985f4f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

Filesize
13KB

MD5
3119642613e871aab0f3c9a85c819fc0

SHA1
aa0fd404ec7c3e2114195bc350ee74c8a7b5cb8f

SHA256
e92c7a8ba4071ad54219249bd379f7b59902ce59d93f679a3315fff5324ccda9

SHA512
92655a1ab99da2ec38e544b38c3f1d422e955d84de64fd4703a9edddf84dd5f9496039ab7d36cd4d6ed7684d7a2115767d40b0be046e1a3a2783c0be1ef8db22

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
19d83706e89a5f629d4c5668cec44653

SHA1
7df78baf9226ad82f6fa8e899ead4e8a8655b110

SHA256
a3c9088b366ac25d2d95d16cf7882e3f39e49b23d2e66321f4564eb4bc7bdf6f

SHA512
eb88dd2114f195d0c74c34a2c577aec16c03e9d5fcbea5189ca64a8b5eb5a25a29dd8cab1318f7ba208fa5e0ca68a2a89cf6959f756a238acc07f7bd9204074f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
e9f7453511f895aaf3727af36f1339b6

SHA1
f1a702fdbae140bd47f6840dad5941863abec180

SHA256
773f1ad03d01b38765d031112a2f9e5233b1e15fb6d507d9938c606bbedb3340

SHA512
81dbdf6da6f9bedcb24e10aa979f0fd15eb66ad1a4d07737363f4e4fbe516ca428d13ffac437c19f3c9f697d7423824f497e1c1b687eeeeff388cdfd3c58701d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
da2cfd05bf85c06ceb5582ad1f2b506a

SHA1
4b318e0184013b35918cba9d8c4f67a193f176fd

SHA256
819b5fa3ad5a425fb71de09322af68eaa809b6425a765942ce8da0b8fd22946d

SHA512
403e94561328042b74bbdb7001442e91733499fcfa8e154200d61592ffecfc235ae6a9b6743efac410a1f4b893e6476e3c96f38ba79d975dcf934eb62cdba05e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\6710f455-0a3d-4c8b-8927-0323deb878b3

Filesize
746B

MD5
58f83a9e455809420ee9fa53a64ae8a8

SHA1
ac3595f9a802f7f9d2722a9188dcf3145697e858

SHA256
408416b6ac8b04961489a3c1ba1c0c916e133571e88d716e4708cc432254b27f

SHA512
cbaf8a263b4adb3dd1310655fd52565ff31b9b1912c07ebd631d07997bf0755a64c1fe20a7f814d37f6f8179784b4c3861d2e909923ecfed0d032d059bc166cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\aecee0d5-0f24-42e7-8766-aa3abea0ba4f

Filesize
11KB

MD5
11834d6a4f06170d647320b0df590db2

SHA1
2c9e4ab32e6c405b297462f7e53b531d91c3ae3a

SHA256
024786ffbc5ff351f36e64fbab658f2bdc393bbb3ddac1ee4f50ceef14f61cf9

SHA512
0c355f93702c9c43acbec79fb4f0fed068d1db2dc8ddbbfc2d09b2dd9a9d10ca8357d7059d484bf4dc7f57885dfc7f4c5a500a5a818fa4179f8b0270694deeaa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
8KB

MD5
25818ca04b459f5cfcf705af21fe4141

SHA1
2c56b1a83d3fdb0fa18f46ed63cf8020467bf11b

SHA256
8346991907040adf4e203f4f1a7ee2f60d44188d572b1a516c3e4b1c1637f602

SHA512
50de67d54e70241931bdad18ae4823e468ff908686ee1108870a551637d3c9b620a9266e870b367f2e7a2b738c4f19393ab376fdf5b0572533d1e50e864bf527

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
44e9ea20635b04bd83e19864f8bb4807

SHA1
38a5aab89fa5e265843a200ba8e611317d391094

SHA256
14a53a02e2eaf68a1c985e62a7a6f9fb8c6ee9ed0bac3a016f99f714929dd951

SHA512
161d33a13c9dedb9b85bd0d50d610817fac33a48fa06deec715ef7b8aac40e6fa270f8ab6d72eee53533ce62a4e2b84a95ef17cc79e38e188c02c6a76a4244fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
39a2e0423c6eec7f50fee6902135a525

SHA1
aa0bbc085b14f91ef5f1c4b83bf510473106e9a0

SHA256
6e96f599a43214f8e90c325a62d1c0f238772b9e1063991519847a79b17a3d81

SHA512
4398b78f75f757b0b75375848cf648758b26af9fdbb6d12d035c348e91359a2fe15f0f2963c65d5c6b36ba23c856efb06d96b11f60eeffceecb2a1854b6745b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
58eb79677ace840f8b6cd439d1c4373b

SHA1
0b7c6850e09e0c0479fae2e7797cffe20b7477eb

SHA256
2eb8ffc3e4f6180545d8fd3857e2486c49bf29ceb7e808a6c6efd778cc378b4a

SHA512
6fce38df475bb7e0379b345d47c039696e2609f7402b4e3df2e268f82525b389d270d21d15ebc19971eb44d8a8218510cb85e63450494c99bc9ab0efed8f7ef7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
9KB

MD5
8d56bfd7e7f58c6e2349c9877231fbca

SHA1
540361981aab6ec45b335a92850f633cda70665e

SHA256
6904eec28301699b0062781fc8014d679665d3fd5cc72e0dc80615ac8afc5777

SHA512
15fad525eb7ad09f6d774abc72bec74fa3315a02961ebd25c3c77c1edaa4925856d053eca5bf9a2594ff033cacc471cd480e4dffcd56cdb2bac75eb03372d6e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
9KB

MD5
5b7998cb231f349657ccd5fa4b314c1c

SHA1
4259a3d5e1ec0ab9c6ac3be5cba2d02dae33993b

SHA256
d54a5677fdf676277c2a0e5356dc308a7a368637aaa42a534c186760f2f3050e

SHA512
be3faf16c0a287844377543c42881a1f32eeacdd4c2748efd75d161e165fd701a86e40e12ebc6044ceda8750947d09e82564a4eabf2288365a1a877e310328ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
9KB

MD5
ab373d60b61f3bd67af37c2de6a71c4a

SHA1
bdcb81875b7c38bba51228e332adbd10d885f718

SHA256
24f105ec704bf849daf7bdc80216273ee16a635d066fb58a002c5c2cbd397f10

SHA512
e2c179dc5a102356d904be453a0ad9b2b94ad0466ca573bead5516354dc9c81aeb7c8900a0d0bad33db2bd0ec8000879f370f672612a26a04a179173523675fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
9KB

MD5
211502f2617064baf5c7762ae206447c

SHA1
555ca4346f0806cd8bbfb649f6fc10f017b3b471

SHA256
a63ce76d37193073063e47c002f4c5a7a0aa3f000c653da535de32d65a71b2a5

SHA512
a93539d8220d7c8a7b4edc0b82880c369d0e713b6a70124cc55544dd974336aa7e7f4dd8b45a5f48a67c0e21d60b5fa25e92a518109ed483cf60881d5684004a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f07334fd9f86bb736576be6c3b3cd476

SHA1
e52f1a365c72dee577995e93137d99ba161b102d

SHA256
4c4364ab2923010224af50a33daaf27d70d2384d403b174ad57c763b1c6b13c5

SHA512
12b426d6d6cb680aa61fa86e5158eba0bdfeb6a9eca9478facbe3985e9115302edd9c608117985e408cd4a1a828b9a3d3e4588e13f4fff59e9d18b4a7e682554

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
45cd291130ee17649e7ee6333828658f

SHA1
8d5f71cbfea708998afcee764451d6203464b9e4

SHA256
0b44a9a4ea9a65c69d2ea6fc69608a87893d2a805eada1c1b1a9a88e7ef9f68c

SHA512
bd315e9126c58f2ab7cff2f29989e651397f4d5fe42e80eedeea342a44acccccc54427acda98a6710f1f094e4fef5d91fad8d3e09af3dbc9115b90e1412cb7b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
53151067f72fa2bfd733f6e447a16ea5

SHA1
eadeca8698dfa877c50a84fc6630463c49a8aecf

SHA256
2c34c887a0e8aeb53655acdb2e31a3754e5b70ddae93c292edad1ed4c8f32657

SHA512
e4427d719d3d915676df2d3b9bd2ef3f69bdcfd4e674cdc40f3c9369d73b3598f2fb9bab8eecb4ae450c71ec030fd6850b65efab73e93f8160ca878151b0d0b6

Download Submit
C:\Users\Admin\Downloads\CraxsRat 7.u_1YM5YW.4 Cracked By @Hidden_Blaze.zip.part

Filesize
1.1MB

MD5
9f1c42784c4dea7db387d1e7763e61f0

SHA1
68436738df9bdd0a99141387df9de4e956499075

SHA256
9d8642d4aae181b69ff3a811008fb6f6cffd3868dad39f71106dae490624d588

SHA512
37bfa34fd0eb08a02d8089844b961c98255e4536bb32cc8c886b6dcfe70f600b7212f15d6840c23aae4b1dd6f8e706af33cfbc187bc8431490e512b17fe305c1

Download Submit
memory/1176-2350-0x00007FF96EF83000-0x00007FF96EF85000-memory.dmp

Filesize
8KB

Download
memory/1176-2370-0x00007FF96EF83000-0x00007FF96EF85000-memory.dmp

Filesize
8KB

Download
memory/1176-2351-0x000001B03C960000-0x000001B040A40000-memory.dmp

Filesize
64.9MB

Download
memory/1176-2390-0x00007FF96EF80000-0x00007FF96FA41000-memory.dmp

Filesize
10.8MB

Download
memory/1176-2388-0x000001B06BC80000-0x000001B06BCB6000-memory.dmp

Filesize
216KB

Download
memory/1176-2352-0x00007FF96D770000-0x00007FF96D8BE000-memory.dmp

Filesize
1.3MB

Download
memory/1176-2541-0x00007FF96EF80000-0x00007FF96FA41000-memory.dmp

Filesize
10.8MB

Download
memory/1176-2353-0x000001B05C380000-0x000001B05D3EC000-memory.dmp

Filesize
16.4MB

Download
memory/1176-2364-0x000001B05B760000-0x000001B05B906000-memory.dmp

Filesize
1.6MB

Download
memory/1176-2369-0x00007FF96EF80000-0x00007FF96FA41000-memory.dmp

Filesize
10.8MB

Download
memory/1176-2365-0x000001B05AFE0000-0x000001B05AFEC000-memory.dmp

Filesize
48KB

Download
memory/1176-2368-0x000001B05B5F0000-0x000001B05B62C000-memory.dmp

Filesize
240KB

Download
memory/1176-2367-0x000001B05B570000-0x000001B05B59C000-memory.dmp

Filesize
176KB

Download
memory/1176-2366-0x000001B05B520000-0x000001B05B53C000-memory.dmp

Filesize
112KB

Download
memory/5908-2543-0x00007FF97BB50000-0x00007FF97BC9E000-memory.dmp

Filesize
1.3MB

Download
memory/5908-2567-0x000002696EEA0000-0x000002696F646000-memory.dmp

Filesize
7.6MB

Download