564d3ef419bb0aacee6e8e28ebaa73403444f16259d4bf9d5758a01a436c2bb7

Analysis

max time kernel
1166s
max time network
1169s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
24/05/2024, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CraxsRat-V6.7.rar.html
Size

8KB
MD5

4455936176cca6c5656ab2a34636b4b0
SHA1

2fd55bd56bbb38246837ae0ad9f3ef2659201cbc
SHA256

564d3ef419bb0aacee6e8e28ebaa73403444f16259d4bf9d5758a01a436c2bb7
SHA512

b13d2c6b57d449c044ad1ff944b23c619af9fc6441ab42322e29cced2f423f5ee4e12ede6e3790b830f0c73fa3c0b49abb52ef2ad83b6dc4e40f2896b44aaa4e
SSDEEP

192:0HQs+Wx3+IQZBftX24VtAmFkbbGjKTzLf5nPiLElc2DbM:0HQs+G3+nZBftmWN0G04Elc2DbM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\CraxsRat-V6.7.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
4028	msedge.exe
4028	msedge.exe
2128	msedge.exe
2128	msedge.exe
1884	identity_helper.exe
1884	identity_helper.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 4984	4028	msedge.exe	79
PID 4028 wrote to memory of 4984	4028	msedge.exe	79
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 2968	4028	msedge.exe	81
PID 4028 wrote to memory of 3544	4028	msedge.exe	82
PID 4028 wrote to memory of 3544	4028	msedge.exe	82
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83
PID 4028 wrote to memory of 2380	4028	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CraxsRat-V6.7.rar.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa8f5c3cb8,0x7ffa8f5c3cc8,0x7ffa8f5c3cd8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1768,5309860461783417512,5177878569262619502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
888B

MD5
a4527c20b9b04fa065f4f391c867e778

SHA1
90ab94da360b809be6a3b3dfb8692c80950e7a6c

SHA256
40de8a9fb8dbb2b4b3626ad314bb186bbaf34148eed2e89e587bbb87937f14ce

SHA512
37e349f98e86b26803e5a50cf94365f8122dd6b5ea781f3d4dcdc6759e0f81225bd609d0f33c842d03943b4eda65855caea54d5d89044cb548b12502e9a6bd07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d591a8131350deedace1d6b122e29500

SHA1
ea2e400c3669f6a2034077ecc37ea9f1536398d8

SHA256
fb9f2c109119e7bdf9b1816be0b8ce3438c5499136a7b5128f4802b135ba067e

SHA512
cbece58c30c51f38e427980270b32940d093b8c57db775de0ec00dc0d4e444957416f8221b65a615b9abde78b590f30454e7c9200b8f9dcf8d31e621a71952f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
6327288488de10640b5eab38b4260cda

SHA1
91e831971dadbe85da15d33b0e98fe886e2c05d4

SHA256
9445e6c714213bdd65a73ae30c1abf6428a67b7c70fdba41062e1d2f000835b1

SHA512
51eff96c8066fb22124ed9889b7b83c1d2879b854fe46985e4c74084e94d94bae5dbfa754dcd6ede0e442ac57e34940c8d377ae64185e04c12f060820fcdac17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
8da39b8673ac2b8486d10d29d75f0052

SHA1
21088d9d28878cbcbd81bf708d89d6f97ec8dd3e

SHA256
91999487fc922787c06a44c95777d17f315163400707daebb3a5150adfc4eb92

SHA512
1f28cc4b18ca9d41a0f0709b106a5d540e0d7476f1f1a5a5a66f82a607a53b72519d4236fd243637bfc2780e9249d5d9c514d9098051a61371af5bb9254766b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
58ac019381bc7c2ef9889920589ac157

SHA1
1c55415ac0508243a16198bc2d9f5e306717744c

SHA256
85c7948e00a84c147bb88babc8b5fee410ebd98ee8cec0fbeafcc755e35efc3b

SHA512
5a54348858d91227bab032e0eb2a50a64312a341efd279aa270112b9e70a90f8b9ae88d54a9bda26052cfd96e99d425d5aff0c2aafc89ecefebf7f86e9d14fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
aaeb2f7ff4604c214cbbdfbd5cbbd49f

SHA1
0e56529cf8c59066d704f1beb4ccf455840dd107

SHA256
9a61c4f22472bf068f5a9d802651bca8cd6525e9f7e8ca1c8e0612a16137faed

SHA512
1926c0a00d6681bac9bffe1d27e285ef05308f29a8cb84e0169fa1ccefe8459c79d359011f28dcec323af9a4bb537eeebb8860ee25680ae05e9c2c9fbab20718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
11fac381d77ffa36b1cd6fb8fa607ff4

SHA1
37685bbe696fa25b92af013ac5389b70283d664a

SHA256
9413bb70d45b02c842d954044e94979fd486dd44f985b3ddbc0e0c10953f395d

SHA512
a30d4c0d5c9d489386ec4d1cd27f7b8422c1b56b0000a709e211a9c1e991f628732563b13a2828e110e54ebb885107589428981ee5ee14cb4a57fe6eebd13ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f6e96d44029cb105ea6e89ef8d6e5390

SHA1
268bbd84a08d2f4bd8de3198960e2a64e4a5d52a

SHA256
9c5af1ee42ad58c66ffb76972ac0edda3877cd7f5f3445c00e614fc32e1fa49b

SHA512
3fc901fb6e10eebf23e5571f944bf0bd640d65cd8937dac54bbeae8b06022d2631f6d35ddd573eebc9bbe8834ceba26cc72eeef4d106def558a0b191f6e681ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
776B

MD5
727ad3b58825466417f589a3645e27d5

SHA1
893af11937c51bf5a721ce9ae563e18c8abf380c

SHA256
fabf7de1ef01791ccb6c6583cf87be43670dcd62d420e0ab1a1aaf690997248f

SHA512
fc60e67d7871498a5a21d28d3a848de213e6c060c67f95b57b469e5eddb6d255d513355881098b35555d3dbdb68fc2a39549464abb6ddaa170530747024dd36c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b88a2c04158fcbea46f156773b363dba

SHA1
73e13eca1706dcc7b97cc3c0a50f7fd07e01ab63

SHA256
44024759a263def7092686785237880bd6d6919331658823d210a1f66f714d58

SHA512
9b0b737003683398197001e19e4933c6fa00b85a639bdc0f96bfb5b1d11d563f743efcdc3815686ff6737c8a97802107a14824320caea57e45e742523b83987a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
780c77406d4d4d4795372f8f255d8d92

SHA1
2605e9b66b3361759d78b80f7898f2253426f42f

SHA256
29889a5d75adef5e61da398f6eef8aa8e33b67dbe12fb28ba1bb740a7aa5e83d

SHA512
f1ed4d0a4badfa6af93e7950f00dbcd01b07ae22977cb425fdfd20b7495e2c7d0c652646d7c612eb98842585214641edf8fc613e848ad50b6bc6d3f61cfb1c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
06f1df7dadfc4c300c959728813be743

SHA1
be8363fb19fe07ae4bae7cc7e99d6f3afbce0ace

SHA256
6ae3eddbe6ba5e1b0f5c1f769a3e9529782e3ebd2690b83fafd15c257ca89974

SHA512
0e94be1869d7cbf97053bf62a7711a7265d2e4b1de6623ff4dfa0f5b5a4700ca93fb66b48d23fc54ab3b4d130a93585b160c002cc2671a6852b418b170ce6cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aa080b86ad711164232311b5ad2a21d8

SHA1
b8c09541672b60de12a5aa9421015400fb1df70c

SHA256
6db3d9f64761d1b75372e2e4dc12c8d2338f4cc5a5890705a8e5570e906c916a

SHA512
8a374030d43e1833503b3311e4e89eed218e49179ba3f102d957abf822177a4082384abc6e50181d6e91ce612b7e7d63e8a0601fb594c2a2bf46f0f54b435fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75018a2993c9bf8d4eb8313221db4f99

SHA1
e81d7476ce87f6de6bff693de062bcaaf4be8cb1

SHA256
a66666893805c387d883a6b5b158db5c7bf5f6f7726b8323ca22ea2a9a66adc8

SHA512
05ef714d30763ac993c48f1f241f1a179dec9428555736e973d398cb9590f204bac0893a3858778d498146c4fda2c9d28e6b398046d11a65b96f051288542381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d461078cbd9a15f2c454018a51c315c

SHA1
eb999b25461b348a0c1056e0b70b4768e72d1535

SHA256
77707fa05c91e19255b387db74196627e182f1a107f289d36d58348695b330e6

SHA512
4c7bfc66e02bae233b8c0edb0ce728d9cdada7b0da7b639ce75adaae65872ff8501ba52bd5f42ffd7814cee6d813c6c09780fc8869bd0d264c28dece142c1abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e315e11ec9d43fdcba19d8a52ca72a25

SHA1
5c244eef53074f37bc3bb8013ebc62b0031b4b47

SHA256
ef89d19c3749f2a5617d726bcb153f134690a8270a52bf66bc7c81219a0bf1b9

SHA512
cdb8316eaeb96e1ea3642f20cdc8bfada4f51cd5a446a86d1e6bcce000b1df7b5d458cc0991dbf93d8fe2afcf704313f3abd5bdc417aae73c3da259336baff3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
995f4d226161094cebb24ee0c41489c2

SHA1
b976818353004fe730d77bedeeac260064140178

SHA256
faeb826c41ddad6261fe3512ec6338b5867210cc6683a740653631d34137f874

SHA512
04c5529be52859845d107b7fc0f5f58a10fac20a9979d79c55391dcf17199895df5dfe7f13aeb99d014d64c84e39a9b75128be9b1d227bac1b7d9858914eee58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
62df472aa73c8b4510bad79d714d36a1

SHA1
f8db223b6c67fb2d6baf8e25bafb6b51b0a92601

SHA256
da2eba88b399a40b24863dfd9b54eb00a3f29f5301065e3d11bc46b8223dfe27

SHA512
b4f50cc93f400d140d07b2ae2c49f65604a7377fb36e19aef1272127c003ffb8876689096c8462448671653bd3b9c7f85358d9410bb019dd0b996d9b711b8175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ebf0d75b871f339bd7a2ef393a0b1b98

SHA1
3dfd554bb82829390c5ec483d2daa44f7e9bd380

SHA256
afd2b609c885c383d4cae4d71cdc34febdf5954e21a5ce16c28c297e846dcea3

SHA512
e542e09fa3ae25c7edb28f8470e525a370977c50e171d84f7e3fd96cdda6bef90348e37d8f681aabb3ae437e1c442ebdc0ba7202a2ecf96b81e6ddafd47a5474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b43ba9c6bada8576caea75f667fc37f1

SHA1
85ff04187d0e806df1a2ba23b80524b472175ad9

SHA256
9c4a044f74487c702981d3bb1cd0bff993190c3fdf2fe22232442463502914ba

SHA512
e4a9c43f5404ab24199c7d4f86ae836e573bf1750e016e703729404ec4943b9eeaa477bb6765fd5e1793679cb80eedfb095953ba77addeaa0b47f0dc6362be53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
ba6973b67ee0d9d0edcf174ba73fc1ad

SHA1
274191494bd8e9442909b8de2edc347d8e959af6

SHA256
83bf08ef75a6ee3ce5ac34038c48110406caab0a47b24cf2ba266f9fa1b0038d

SHA512
49b23b3b646b1c63d35f3ccc0f330df1af4cb9a20ac0afec9947f151547d557b872a964b6fc58ccfe18f14652fdbf1ce6744746e563d8774d8f19372c7b3fc2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d6fdf7c81a806dd29bfde28f1a86ac1c

SHA1
7d16f24078c62bbbb8fd5b9608ff3d665b26a73b

SHA256
4c430a2ba83e3dbcd5f314bacdf5eace3d3d721a42e0dcfac35364842c9464ed

SHA512
19d10be5699f36157a5b5377043e0f4c79e82deaf87ae10fba503bb1d2050112bbda52da70f1918112ebad526e38c2b316b272a65f1bc1f078fe2c9dd03e2d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
53f47696b47661ba170dfd51355708b5

SHA1
40a0fe00accae3fa1665267dd3e9365467f14cee

SHA256
dae6247cffefff0a256e54e1c47b62699716acfd81ad6b8957fb8e702f977741

SHA512
d144c3575d56208c08d8b00ff88a9a9688f9ad18d08cf3b212a1f137fe6ae6c1aa717802822b1ce738f41d82009a90b2aa4a3b24b11f34842e580037d8632859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
580038c09d9339652e30ba8a2cfe3e4b

SHA1
0d4fd93584b78f22d5bdf0728782f0159ed46603

SHA256
ea1e3e6112c9b81e080f860197a816bbcba8661a0d96cd1ba1c0e62ed25cd4b1

SHA512
167bd8993d79862a03ba86e2231a7e935ae6678703b6dab1f4db51550de32b1ac4c0bb9a62428a499d2f7db7f8d34dc827a90453be043aac6539600f516c43be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58821c.TMP

Filesize
371B

MD5
2f733ae7c7e921271699bb9e824df8c7

SHA1
623b7aa55ed86fae8a85321b1773073fb24589b1

SHA256
c68b4ea8d2deb22f0b9b75bacd88ccb8f0185782ed8dffd97dc2fd746ebb5051

SHA512
ff4ececd6f9250a5b85bc5e0661ff15fca761e338e354862d24c1f1afbeaa2093f917a1dd599c3003d1ce9387b5658457437afc8b3ee5ed74c49ad3ec9e342ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c4ea9372810271b8c5017b4e029889d6

SHA1
bdce2127ba9011c598cc3e0d46853e3740128b65

SHA256
10ca44c5757032a9e094d57994b1cefdd3f0ebc4671b9f4646a61d26591cf8d9

SHA512
bf19c02cca5450ff18c501d5748055202bd586541b4c2e0e414522f6dec95ba2cca0947536e8fad73fc6f55aefe9187e6d71cc4c733cad8f534c671dae549a93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0b083406c3ca7e45ebf1aec70aac29f

SHA1
531f18b4c772322e8807851726aba1b19627eb2d

SHA256
87af3e50b59f74f9efbb2af41dff0963e26846021840ffdc50f74ea14172e7cb

SHA512
59ea89e01314e0d349e2a3b32acf09b25f1f12a7c0119eeac940db85e801d6536e1a198f8117ccd54431fbc9c645de60ccb0794d99880e30ea5610f676766977

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
25fd1666117eeab6601571ad97406718

SHA1
68e12c97ab675da9215aeaa3892192cd5ffad532

SHA256
ecb0fc2f0b832235362b99ded9493f7d4875194025c68fa7e6a7e2e157645e36

SHA512
55672da29b62d7090185b888c39a7e02688a64a7a33f10d897d50e822c0abe505dcb3a7018ed6aa15d82b7ec19cb3fb82a848e0463e5d1b5cbc2cdc4ec05d041

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
d6dcff7a9386d8a5469f92131d8b9df8

SHA1
56352bc3eaed85eb59124f873f68e4cddeb74eec

SHA256
ba26392b813cedc25e44ec1c9b76418d877cb85022e7d27ab08455e2ffe92810

SHA512
4c42daca9ed9e4263e0d0a2df8ace829556ec052b66ec255fc33a50802ac937e50b6f769f0b4951360cd2c5cf1d1762f1681f8e32be359394f1a4eda158b8931

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
84165bd000d538a7cab701742f67134a

SHA1
e7ddc8125579299c0b36e998a305f93d2d4ee6ae

SHA256
6f5f7130393b5f23fc95f40e3ef6db7a79aadcc634ab274aaa690da5d826c682

SHA512
e20f29a95ca20793bf1839998121f529ea9a3ceb413b1b66a2c24e80f28ec488dd207150469d5b22b20227c30a73239b5c8bc5ce56c562dda5e67e7e1a19db38

Download Submit
C:\Users\Admin\Downloads\CraxsRat-V6.7.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit