Analysis

  • max time kernel
    1799s
  • max time network
    1407s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    14-12-2024 20:21

General

  • Target

    Bawless Windows Cracked By Vidhayakji786.rar

  • Size

    102.1MB

  • MD5

    99a1d2a905676cf0542c2a4d45e58d46

  • SHA1

    35fac87f8ca98865b6dee79023fb1c55cb925f0d

  • SHA256

    1801c0278583e34f09b0a202c83afbc6f2bb97ab0acb2932057a25e5eba597a6

  • SHA512

    3b1027101ef2d18a83aabd399c5ae3432b30f9ce541635ed35d1708864c55f94054b013e1c19e5b681838698067c8d6d722c3f9cf4c8b74c5c4ea8be40da8737

  • SSDEEP

    3145728:lp5yB7PXOvhxn3VGFEWDE6YorqEU+vhI9C:lpIB7PevhVVGbw5oex9C

Score
9/10

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 2 IoCs
  • Looks for VMWare Tools registry key 2 TTPs 2 IoCs
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Maps connected drives based on registry 3 TTPs 4 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 56 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Bawless Windows Cracked By Vidhayakji786.rar"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3280
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3676
    • C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Bawless RAT Cracked By vidhayakji786.exe
      "C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Bawless RAT Cracked By vidhayakji786.exe"
      1⤵
      • Looks for VirtualBox Guest Additions in registry
      • Looks for VMWare Tools registry key
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Maps connected drives based on registry
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4800
    • C:\Windows\system32\wbem\WmiApSrv.exe
      C:\Windows\system32\wbem\WmiApSrv.exe
      1⤵
        PID:3248
      • C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Bawless RAT Cracked By vidhayakji786.exe
        "C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Bawless RAT Cracked By vidhayakji786.exe"
        1⤵
        • Looks for VirtualBox Guest Additions in registry
        • Looks for VMWare Tools registry key
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Loads dropped DLL
        • Maps connected drives based on registry
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Enumerates system info in registry
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2856
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
          PID:4760

        Network

        • flag-us
          DNS
          136.32.126.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          136.32.126.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          fd.api.iris.microsoft.com
          Remote address:
          8.8.8.8:53
          Request
          fd.api.iris.microsoft.com
          IN A
          Response
          fd.api.iris.microsoft.com
          IN CNAME
          fd-api-iris.trafficmanager.net
          fd-api-iris.trafficmanager.net
          IN CNAME
          iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
          iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
          IN A
          20.223.36.55
        • flag-us
          DNS
          21.49.80.91.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          21.49.80.91.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          56.163.245.4.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          56.163.245.4.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          55.36.223.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          55.36.223.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          241.42.69.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          241.42.69.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          83.210.23.2.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          83.210.23.2.in-addr.arpa
          IN PTR
          Response
          83.210.23.2.in-addr.arpa
          IN PTR
          a2-23-210-83deploystaticakamaitechnologiescom
        • flag-us
          DNS
          14.227.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          14.227.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          172.210.232.199.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          172.210.232.199.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          checkappexec.microsoft.com
          Remote address:
          8.8.8.8:53
          Request
          checkappexec.microsoft.com
          IN A
          Response
          checkappexec.microsoft.com
          IN CNAME
          prod-atm-wds-apprep.trafficmanager.net
          prod-atm-wds-apprep.trafficmanager.net
          IN CNAME
          prod-agic-us-2.uksouth.cloudapp.azure.com
          prod-agic-us-2.uksouth.cloudapp.azure.com
          IN A
          172.165.69.228
        • flag-gb
          POST
          https://checkappexec.microsoft.com/windows/shell/actions
          Remote address:
          172.165.69.228:443
          Request
          POST /windows/shell/actions HTTP/2.0
          host: checkappexec.microsoft.com
          accept-encoding: gzip, deflate
          user-agent: SmartScreen/2814751014982010
          authorization: SmartScreenHash eyJhdXRoSWQiOiJhZGZmZjVhZC1lZjllLTQzYTYtYjFhMy0yYWQ0MjY3YWVlZDUiLCJoYXNoIjoibElMUFpqVUcvUWs9Iiwia2V5IjoiallNbVJyd3oydGh1MmV0UEs2dnpUdz09In0=
          content-length: 1182
          content-type: application/json; charset=utf-8
          cache-control: no-cache
          Response
          HTTP/2.0 200
          date: Sat, 14 Dec 2024 20:26:12 GMT
          content-type: application/json; charset=utf-8
          content-length: 183
          server: Kestrel
          cache-control: max-age=0, private
          request-context: appId=cid-v1:7f05e9f0-1fe6-401c-8ae7-2478e40e2f1e
        • flag-us
          DNS
          228.69.165.172.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          228.69.165.172.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          200.79.70.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          200.79.70.13.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          fd.api.iris.microsoft.com
          Remote address:
          8.8.8.8:53
          Request
          fd.api.iris.microsoft.com
          IN A
          Response
          fd.api.iris.microsoft.com
          IN CNAME
          fd-api-iris.trafficmanager.net
          fd-api-iris.trafficmanager.net
          IN CNAME
          iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
          iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
          IN A
          20.199.58.43
        • flag-fr
          GET
          https://fd.api.iris.microsoft.com/v4/api/selection?&asid=0BA81D41D9574B7AA7750C85BE9F7E55&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1733929156&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3AC56F7BC2-5242-9BDD-A5BE-0153F731EDBC&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=20479&lo=4665&tsu=4665
          Remote address:
          20.199.58.43:443
          Request
          GET /v4/api/selection?&asid=0BA81D41D9574B7AA7750C85BE9F7E55&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1733929156&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3AC56F7BC2-5242-9BDD-A5BE-0153F731EDBC&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=20479&lo=4665&tsu=4665 HTTP/2.0
          host: fd.api.iris.microsoft.com
          accept-encoding: gzip, deflate
          x-sdk-hw-token: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAYFRjCe2f8UTTvaxqHLKrdpiXSRQgiPnTyCbFk+/x4ZeDl8wir7uEsNriheGhw4WWBSyTLCicZSGnWa9dxYT0DL/dZNWAO0GH79I1+yGiw2h9jQMnWd/LTNcBCvxf2UTcZNPG5jYIbEl4DtOiFkWjtUdTSl8EpYoRUVYzI+Y9IVE1uSHMJurkUg0r9fRECmsY12r+07eAvYJ6dqvKDfTXF2M+GNQXd3RILJg+/Gm5j8F5Fg3tQMycomFSSqmSoiqtMPangv551YH0kEJeFxKfSvBXmiK1HoZ7AoSow9pvhAQsRMkn9YxJTKsmAhrg+pgnUkQnsPD9ZkzzK4ZVZXiRQcQZgAAEFIQwLcPM32MnbZmX0Mfq/GwAdfw17hN1y1YgbJOSW1rHNWnzWX6Oi0Ek+l25u1HfD8SawZIsm+JTrDaex1FTITRd8aEL74JUIQ2202bHdzRlm0ZMWpOJy5AGAspVF2rCpcAktn5weSSbkPNoly+bUefMYmOOT2I3PtkGyjP5zV+0QUJO8eggQ7es1tuwZ8Bo1ZAzmkkn/cFimj5AUbtu1wSmb7XI1ctI060Vc3Zrqo1/i5odqo1u62tfxhM/UpN1OgGp6dbRPYte2gCfHTcioSi7mefng+i1OZCOVfw6c7YtsfJPYjH1qKESjW+cNCi/EhbKJrQgqZ0KoXnMm+by05wwyohRaT3f7Xa5KRubh4dbgVWirKjFRy+jikJLqHHVGBBv8E57PvyjG0QEhzy9RvOBhdbRuiUgn/OkZHA8E3tcQXVyMJCaJLemxu4IpISMg/VyBQze+IF4BC8/PR3UK+u7kTBrdOQA8ZB1GE/eVxEi+qzmbeyHaJ6flk2ysbOI2F3W3Gz8e7emE79SV4XXMXYi0FDH9H46IzMOo7kKPugFOdMZ/8EBsyema/vHoPKM9N0dkviBpgKq1R4IfhRMtud/9oB&p=
          Response
          HTTP/2.0 200
          cache-control: no-store, no-cache
          pragma: no-cache
          content-length: 131
          content-type: application/json; charset=utf-8
          expires: Mon, 01 Jan 0001 00:00:00 GMT
          server: Microsoft-IIS/10.0
          arc-rsp-dbg: [{"DcoPlusDebug":"Status: Ok"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}]
          accept-ch: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version
          x-aspnet-version: 4.0.30319
          x-powered-by: ASP.NET
          strict-transport-security: max-age=31536000; includeSubDomains
          date: Sat, 14 Dec 2024 20:45:44 GMT
        • flag-us
          DNS
          43.58.199.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          43.58.199.20.in-addr.arpa
          IN PTR
          Response
        • 20.223.36.55:443
          fd.api.iris.microsoft.com
          tls
          624 B
          6.5kB
          9
          6
        • 172.165.69.228:443
          https://checkappexec.microsoft.com/windows/shell/actions
          tls, http2
          3.1kB
          9.7kB
          25
          19

          HTTP Request

          POST https://checkappexec.microsoft.com/windows/shell/actions

          HTTP Response

          200
        • 20.199.58.43:443
          https://fd.api.iris.microsoft.com/v4/api/selection?&asid=0BA81D41D9574B7AA7750C85BE9F7E55&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1733929156&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3AC56F7BC2-5242-9BDD-A5BE-0153F731EDBC&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=20479&lo=4665&tsu=4665
          tls, http2
          2.7kB
          7.5kB
          19
          13

          HTTP Request

          GET https://fd.api.iris.microsoft.com/v4/api/selection?&asid=0BA81D41D9574B7AA7750C85BE9F7E55&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1733929156&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3AC56F7BC2-5242-9BDD-A5BE-0153F731EDBC&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=20479&lo=4665&tsu=4665

          HTTP Response

          200
        • 8.8.8.8:53
          136.32.126.40.in-addr.arpa
          dns
          72 B
          158 B
          1
          1

          DNS Request

          136.32.126.40.in-addr.arpa

        • 8.8.8.8:53
          95.221.229.192.in-addr.arpa
          dns
          73 B
          144 B
          1
          1

          DNS Request

          95.221.229.192.in-addr.arpa

        • 8.8.8.8:53
          fd.api.iris.microsoft.com
          dns
          71 B
          199 B
          1
          1

          DNS Request

          fd.api.iris.microsoft.com

          DNS Response

          20.223.36.55

        • 8.8.8.8:53
          21.49.80.91.in-addr.arpa
          dns
          70 B
          145 B
          1
          1

          DNS Request

          21.49.80.91.in-addr.arpa

        • 8.8.8.8:53
          56.163.245.4.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          56.163.245.4.in-addr.arpa

        • 8.8.8.8:53
          55.36.223.20.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          55.36.223.20.in-addr.arpa

        • 8.8.8.8:53
          241.42.69.40.in-addr.arpa
          dns
          71 B
          145 B
          1
          1

          DNS Request

          241.42.69.40.in-addr.arpa

        • 8.8.8.8:53
          83.210.23.2.in-addr.arpa
          dns
          70 B
          133 B
          1
          1

          DNS Request

          83.210.23.2.in-addr.arpa

        • 8.8.8.8:53
          14.227.111.52.in-addr.arpa
          dns
          72 B
          158 B
          1
          1

          DNS Request

          14.227.111.52.in-addr.arpa

        • 8.8.8.8:53
          172.210.232.199.in-addr.arpa
          dns
          74 B
          128 B
          1
          1

          DNS Request

          172.210.232.199.in-addr.arpa

        • 8.8.8.8:53
          checkappexec.microsoft.com
          dns
          72 B
          192 B
          1
          1

          DNS Request

          checkappexec.microsoft.com

          DNS Response

          172.165.69.228

        • 8.8.8.8:53
          228.69.165.172.in-addr.arpa
          dns
          73 B
          159 B
          1
          1

          DNS Request

          228.69.165.172.in-addr.arpa

        • 8.8.8.8:53
          200.79.70.13.in-addr.arpa
          dns
          71 B
          145 B
          1
          1

          DNS Request

          200.79.70.13.in-addr.arpa

        • 8.8.8.8:53
          fd.api.iris.microsoft.com
          dns
          71 B
          199 B
          1
          1

          DNS Request

          fd.api.iris.microsoft.com

          DNS Response

          20.199.58.43

        • 8.8.8.8:53
          43.58.199.20.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          43.58.199.20.in-addr.arpa

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\KVTUeGqEzCfMMgCNfCLmJoBNI\Bawless_RAT_Cracked_By_vi_Url_lqx5whgxrp3qiuvkfqhhw0xynuenadmn\1.0.0.0\user.config

          Filesize

          323B

          MD5

          f9386d27234e43fe47b6795942a7a8ff

          SHA1

          4191f495d7abac1cdac478ce50fddbbbfebe723e

          SHA256

          b546a456ef0590f41e1c61682380b4997e9d0b7216b3092bf598c14dd2b128bf

          SHA512

          96b9aedbe5bc6c7cf7317eb05ac355ae2caed8480425b31012e0c95f62f02db65c6412f10596d187d880a98572cf43e2f5cd70b73f6074efb21af78e834ec498

        • C:\Users\Admin\AppData\Local\KVTUeGqEzCfMMgCNfCLmJoBNI\Bawless_RAT_Cracked_By_vi_Url_lqx5whgxrp3qiuvkfqhhw0xynuenadmn\1.0.0.0\user.config

          Filesize

          443B

          MD5

          e638c22bea6f9e94ff8a7fd911b116b3

          SHA1

          af544cf8769ddb610290010c01f7c242857ae558

          SHA256

          250571b222424f8f70bc7264b918d14705de15323bd2266286374735bd66a2c8

          SHA512

          715f68cfc2cf2aebb9be455598b1046389484d41d31c3f78f138ec33bfc9a6010b903db5c3eac8eb6d54a887eb7d2a571b396232efcca688d9ad834efe9d70f2

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Bawless RAT Cracked By vidhayakji786.exe.log

          Filesize

          1KB

          MD5

          065d12ad48da4f4b2294dae36fd242a0

          SHA1

          da3802f57a2751e58691f8eda8407ff12c806731

          SHA256

          86568fffba8fd1f51f71fa0a72a3768b0ee9e90e417e952ffa8aac56c228b32f

          SHA512

          3a01a0e266307dd04d96c5ddcc56f6419855f54c6afad54a4c3d511d9bd9a88b3a0822c478d7ff195ab59605b557d796facb28ac6dc35df5c63cab17765c4a1a

        • C:\Users\Admin\AppData\Local\Temp\7zE0DC1F81A\Bawless Windows Cracked By Vidhayakji786\Logs\Ookii.Dialogs.dll

          Filesize

          126KB

          MD5

          c43d1d849935bd82fc577155dba84af0

          SHA1

          edc34ad456dc57979078b62373bf865e694a9666

          SHA256

          3e09f4104fc86a3ec4d6a600269d99c78485fa8b00726b19c7abf7a27eedbce1

          SHA512

          8a40199d220f55b28e13398472af12dbaca926603c778750c6a645ae92a9aea73b9f3b00e016ec81793420fa29f146b33f86dd6676652a55ce6d1eb61824c04a

        • C:\Users\Admin\AppData\Local\Temp\7zE0DC1F81A\Bawless Windows Cracked By Vidhayakji786\Logs\ProgressControls(4).dll

          Filesize

          12KB

          MD5

          c57a6c026cd6ea2870b83a423e6de4eb

          SHA1

          4177bd227f4bed55c7715091c7117f210650343d

          SHA256

          86d3053ad9366fef9ada575c9a4898ee5ac62067f1fa4c5914831f26b4dc9642

          SHA512

          86bcfa9a1f3dfe2356f1589f01873a4ca09e262e881dd97ec0028cd674332e0b9ab4129716e7bd4b810fccb59608e067e5ab56783e63e0b222f4821581073063

        • C:\Users\Admin\AppData\Local\Temp\7zE0DC1F81A\Bawless Windows Cracked By Vidhayakji786\Logs\vdump_03BF22DC.dll

          Filesize

          12KB

          MD5

          0658acea2f429d6bd5f75eccb8149ab1

          SHA1

          94924ab49ac27a33d40d465ede34391f64e3cecb

          SHA256

          70ef00516d8eb2d0650fbbba61f4edb785939e90c9d52a315f29b48f2c625e9d

          SHA512

          71e920d50343399cb39d29d9ec51ebf33bfbd0cf28663740220979b2974c047b1a1c47d431f04b2df0a6139b162463a1542b3d12c94691c1988cedd4ed67fe21

        • C:\Users\Admin\AppData\Local\Temp\7zE0DC1F81A\Bawless Windows Cracked By Vidhayakji786\Logs\vdump_0C7869D8.dll

          Filesize

          126KB

          MD5

          33d7c1072648f75e50b99ed7b68afe44

          SHA1

          9fe80ddaf34a93eac09d76816d5b2051626dbe02

          SHA256

          05a6a9ddc257ea82ec112db8a01eac70cadc7828e985c1cea4757b3b4c1f437b

          SHA512

          86a9b32395738fba5ab6417497a79d933256e73b03d33627f886309513bfb6e968c10b8c536c95ba4f98f9bb1df7142bbb37cbdcfdcf5c6ffbf64cc27d340227

        • C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Bawless RAT Cracked By vidhayakji786.exe

          Filesize

          14.7MB

          MD5

          7e228fdc2c17c3ef4ee02fcec4a4df7f

          SHA1

          a5112a8cf9e6dac6bb7ad6767c9979600f581a7b

          SHA256

          bd1ee9c456e4c08c4c8f184a8cb680b88dc444e231c855c850a4df2a9cb3aeb9

          SHA512

          3f1871a01d097a241d7533819b51099870888607fb8a4b51b669357fedafc197f6dc2551328e7f920a3a245e6bec183e460865dc20240d9d54ff4936cbc29eb4

        • C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Bawless RAT Cracked By vidhayakji786.exe.config

          Filesize

          3KB

          MD5

          7256166cbe820cf4b580ea75e30e1b0c

          SHA1

          60cbe96a43e827f4c110ea4ce9e1519d30a35625

          SHA256

          f35535c7c7b47ec67f2250aba3176455d700e1c3cb108d6c078863e278cd0dc6

          SHA512

          dfc3270104c602df33f5885ffb3c3d77fa8770ac1c84ee5717d2e11e52fc426f7d7e654c4f612c3facab46e8685d88d7ff923fca44b0c984b4317757eba6e2ad

        • C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Guna.UI2.dll

          Filesize

          1.9MB

          MD5

          c1789e4cf0b77749e0bef8f984f9cd6d

          SHA1

          cdf9d3f1c45bf294380d59846ae26b9da8a65725

          SHA256

          d590f05dc6980e4681243e68bda05b7da7952d75d4aa34963c1535f79c8fc060

          SHA512

          e51e76476d5c46d467bbf92a25471e6525a8ea58a4cca7ee305b295b396cb53650169665979eac0ed9bebb38c74d62c03e2f3b29b70eb6eafaf9ba474fea33ca

        • C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\ServerCertificate.p12

          Filesize

          1KB

          MD5

          b025a65a61c6e8967637c346f6687f14

          SHA1

          b4a8ae31eb5518edc1b91079b966168f6af69202

          SHA256

          dae1407390b2fa60074fe872ab49d9f0669fdfb6996660fb2145ee8b198cba94

          SHA512

          54660d68e6c9d6e3fe5890977787c8396fed7744994255461ade1742d25aae226864b558658a0fedd749af4d94a85d16c21c2d7a006dc96c5ef362dd27908617

        • C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\cGeoIp.dll

          Filesize

          2.3MB

          MD5

          6d6e172e7965d1250a4a6f8a0513aa9f

          SHA1

          b0fd4f64e837f48682874251c93258ee2cbcad2b

          SHA256

          d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

          SHA512

          35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

        • memory/2856-612-0x0000000006240000-0x00000000062A6000-memory.dmp

          Filesize

          408KB

        • memory/4800-577-0x00000000749A0000-0x0000000075151000-memory.dmp

          Filesize

          7.7MB

        • memory/4800-581-0x000000000AC90000-0x000000000AEE2000-memory.dmp

          Filesize

          2.3MB

        • memory/4800-582-0x0000000005440000-0x000000000544A000-memory.dmp

          Filesize

          40KB

        • memory/4800-576-0x00000000749AE000-0x00000000749AF000-memory.dmp

          Filesize

          4KB

        • memory/4800-586-0x000000000C480000-0x000000000C676000-memory.dmp

          Filesize

          2.0MB

        • memory/4800-588-0x00000000749A0000-0x0000000075151000-memory.dmp

          Filesize

          7.7MB

        • memory/4800-575-0x0000000007D60000-0x0000000007DF2000-memory.dmp

          Filesize

          584KB

        • memory/4800-574-0x00000000749A0000-0x0000000075151000-memory.dmp

          Filesize

          7.7MB

        • memory/4800-573-0x0000000006CF0000-0x0000000006D56000-memory.dmp

          Filesize

          408KB

        • memory/4800-572-0x0000000007210000-0x00000000077B6000-memory.dmp

          Filesize

          5.6MB

        • memory/4800-571-0x0000000000200000-0x00000000010BA000-memory.dmp

          Filesize

          14.7MB

        • memory/4800-570-0x00000000749AE000-0x00000000749AF000-memory.dmp

          Filesize

          4KB

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.