Analysis
-
max time kernel
1799s -
max time network
1407s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
14-12-2024 20:21
Static task
static1
Behavioral task
behavioral1
Sample
Bawless Windows Cracked By Vidhayakji786.rar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Bawless Windows Cracked By Vidhayakji786.rar
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Bawless Windows Cracked By Vidhayakji786.rar
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral4
Sample
Bawless Windows Cracked By Vidhayakji786.rar
Resource
win11-20241007-en
General
-
Target
Bawless Windows Cracked By Vidhayakji786.rar
-
Size
102.1MB
-
MD5
99a1d2a905676cf0542c2a4d45e58d46
-
SHA1
35fac87f8ca98865b6dee79023fb1c55cb925f0d
-
SHA256
1801c0278583e34f09b0a202c83afbc6f2bb97ab0acb2932057a25e5eba597a6
-
SHA512
3b1027101ef2d18a83aabd399c5ae3432b30f9ce541635ed35d1708864c55f94054b013e1c19e5b681838698067c8d6d722c3f9cf4c8b74c5c4ea8be40da8737
-
SSDEEP
3145728:lp5yB7PXOvhxn3VGFEWDE6YorqEU+vhI9C:lpIB7PevhVVGbw5oex9C
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 2 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions Bawless RAT Cracked By vidhayakji786.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions Bawless RAT Cracked By vidhayakji786.exe -
Looks for VMWare Tools registry key 2 TTPs 2 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\VMware, Inc.\VMware Tools Bawless RAT Cracked By vidhayakji786.exe Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\VMware, Inc.\VMware Tools Bawless RAT Cracked By vidhayakji786.exe -
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Bawless RAT Cracked By vidhayakji786.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Bawless RAT Cracked By vidhayakji786.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Bawless RAT Cracked By vidhayakji786.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Bawless RAT Cracked By vidhayakji786.exe -
Executes dropped EXE 2 IoCs
pid Process 4800 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe -
Loads dropped DLL 8 IoCs
pid Process 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe -
Maps connected drives based on registry 3 TTPs 4 IoCs
Disk information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 Bawless RAT Cracked By vidhayakji786.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum Bawless RAT Cracked By vidhayakji786.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 Bawless RAT Cracked By vidhayakji786.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum Bawless RAT Cracked By vidhayakji786.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Bawless RAT Cracked By vidhayakji786.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Bawless RAT Cracked By vidhayakji786.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Bawless RAT Cracked By vidhayakji786.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Bawless RAT Cracked By vidhayakji786.exe Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Bawless RAT Cracked By vidhayakji786.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Bawless RAT Cracked By vidhayakji786.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer Bawless RAT Cracked By vidhayakji786.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion Bawless RAT Cracked By vidhayakji786.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS Bawless RAT Cracked By vidhayakji786.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer Bawless RAT Cracked By vidhayakji786.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion Bawless RAT Cracked By vidhayakji786.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS Bawless RAT Cracked By vidhayakji786.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2934520114-3201407646-466687995-1000\Software\Microsoft\Internet Explorer\TypedURLs Bawless RAT Cracked By vidhayakji786.exe -
Suspicious behavior: EnumeratesProcesses 56 IoCs
pid Process 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 4800 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe 2856 Bawless RAT Cracked By vidhayakji786.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeRestorePrivilege 3280 7zFM.exe Token: 35 3280 7zFM.exe Token: SeSecurityPrivilege 3280 7zFM.exe Token: SeDebugPrivilege 4800 Bawless RAT Cracked By vidhayakji786.exe Token: SeDebugPrivilege 2856 Bawless RAT Cracked By vidhayakji786.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3280 7zFM.exe 3280 7zFM.exe
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Bawless Windows Cracked By Vidhayakji786.rar"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3280
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3676
-
C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Bawless RAT Cracked By vidhayakji786.exe"C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Bawless RAT Cracked By vidhayakji786.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4800
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:3248
-
C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Bawless RAT Cracked By vidhayakji786.exe"C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Bawless RAT Cracked By vidhayakji786.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2856
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:4760
Network
-
Remote address:8.8.8.8:53Request136.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestfd.api.iris.microsoft.comIN AResponsefd.api.iris.microsoft.comIN CNAMEfd-api-iris.trafficmanager.netfd-api-iris.trafficmanager.netIN CNAMEiris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.comiris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.comIN A20.223.36.55
-
Remote address:8.8.8.8:53Request21.49.80.91.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.163.245.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request241.42.69.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request83.210.23.2.in-addr.arpaIN PTRResponse83.210.23.2.in-addr.arpaIN PTRa2-23-210-83deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request14.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestcheckappexec.microsoft.comIN AResponsecheckappexec.microsoft.comIN CNAMEprod-atm-wds-apprep.trafficmanager.netprod-atm-wds-apprep.trafficmanager.netIN CNAMEprod-agic-us-2.uksouth.cloudapp.azure.comprod-agic-us-2.uksouth.cloudapp.azure.comIN A172.165.69.228
-
Remote address:172.165.69.228:443RequestPOST /windows/shell/actions HTTP/2.0
host: checkappexec.microsoft.com
accept-encoding: gzip, deflate
user-agent: SmartScreen/2814751014982010
authorization: SmartScreenHash eyJhdXRoSWQiOiJhZGZmZjVhZC1lZjllLTQzYTYtYjFhMy0yYWQ0MjY3YWVlZDUiLCJoYXNoIjoibElMUFpqVUcvUWs9Iiwia2V5IjoiallNbVJyd3oydGh1MmV0UEs2dnpUdz09In0=
content-length: 1182
content-type: application/json; charset=utf-8
cache-control: no-cache
ResponseHTTP/2.0 200
content-type: application/json; charset=utf-8
content-length: 183
server: Kestrel
cache-control: max-age=0, private
request-context: appId=cid-v1:7f05e9f0-1fe6-401c-8ae7-2478e40e2f1e
-
Remote address:8.8.8.8:53Request228.69.165.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request200.79.70.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestfd.api.iris.microsoft.comIN AResponsefd.api.iris.microsoft.comIN CNAMEfd-api-iris.trafficmanager.netfd-api-iris.trafficmanager.netIN CNAMEiris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.comiris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.comIN A20.199.58.43
-
GEThttps://fd.api.iris.microsoft.com/v4/api/selection?&asid=0BA81D41D9574B7AA7750C85BE9F7E55&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1733929156&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3AC56F7BC2-5242-9BDD-A5BE-0153F731EDBC&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=20479&lo=4665&tsu=4665Remote address:20.199.58.43:443RequestGET /v4/api/selection?&asid=0BA81D41D9574B7AA7750C85BE9F7E55&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1733929156&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3AC56F7BC2-5242-9BDD-A5BE-0153F731EDBC&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=20479&lo=4665&tsu=4665 HTTP/2.0
host: fd.api.iris.microsoft.com
accept-encoding: gzip, deflate
x-sdk-hw-token: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAYFRjCe2f8UTTvaxqHLKrdpiXSRQgiPnTyCbFk+/x4ZeDl8wir7uEsNriheGhw4WWBSyTLCicZSGnWa9dxYT0DL/dZNWAO0GH79I1+yGiw2h9jQMnWd/LTNcBCvxf2UTcZNPG5jYIbEl4DtOiFkWjtUdTSl8EpYoRUVYzI+Y9IVE1uSHMJurkUg0r9fRECmsY12r+07eAvYJ6dqvKDfTXF2M+GNQXd3RILJg+/Gm5j8F5Fg3tQMycomFSSqmSoiqtMPangv551YH0kEJeFxKfSvBXmiK1HoZ7AoSow9pvhAQsRMkn9YxJTKsmAhrg+pgnUkQnsPD9ZkzzK4ZVZXiRQcQZgAAEFIQwLcPM32MnbZmX0Mfq/GwAdfw17hN1y1YgbJOSW1rHNWnzWX6Oi0Ek+l25u1HfD8SawZIsm+JTrDaex1FTITRd8aEL74JUIQ2202bHdzRlm0ZMWpOJy5AGAspVF2rCpcAktn5weSSbkPNoly+bUefMYmOOT2I3PtkGyjP5zV+0QUJO8eggQ7es1tuwZ8Bo1ZAzmkkn/cFimj5AUbtu1wSmb7XI1ctI060Vc3Zrqo1/i5odqo1u62tfxhM/UpN1OgGp6dbRPYte2gCfHTcioSi7mefng+i1OZCOVfw6c7YtsfJPYjH1qKESjW+cNCi/EhbKJrQgqZ0KoXnMm+by05wwyohRaT3f7Xa5KRubh4dbgVWirKjFRy+jikJLqHHVGBBv8E57PvyjG0QEhzy9RvOBhdbRuiUgn/OkZHA8E3tcQXVyMJCaJLemxu4IpISMg/VyBQze+IF4BC8/PR3UK+u7kTBrdOQA8ZB1GE/eVxEi+qzmbeyHaJ6flk2ysbOI2F3W3Gz8e7emE79SV4XXMXYi0FDH9H46IzMOo7kKPugFOdMZ/8EBsyema/vHoPKM9N0dkviBpgKq1R4IfhRMtud/9oB&p=
ResponseHTTP/2.0 200
pragma: no-cache
content-length: 131
content-type: application/json; charset=utf-8
expires: Mon, 01 Jan 0001 00:00:00 GMT
server: Microsoft-IIS/10.0
arc-rsp-dbg: [{"DcoPlusDebug":"Status: Ok"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}]
accept-ch: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 14 Dec 2024 20:45:44 GMT
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
624 B 6.5kB 9 6
-
3.1kB 9.7kB 25 19
HTTP Request
POST https://checkappexec.microsoft.com/windows/shell/actionsHTTP Response
200 -
20.199.58.43:443https://fd.api.iris.microsoft.com/v4/api/selection?&asid=0BA81D41D9574B7AA7750C85BE9F7E55&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1733929156&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3AC56F7BC2-5242-9BDD-A5BE-0153F731EDBC&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=20479&lo=4665&tsu=4665tls, http22.7kB 7.5kB 19 13
HTTP Request
GET https://fd.api.iris.microsoft.com/v4/api/selection?&asid=0BA81D41D9574B7AA7750C85BE9F7E55&nct=1&placement=88000677&bcnt=30&country=US&locale=en-US&poptin=0&fmt=json&clr=cdmlite&arch=AMD64&concp=0&d3dfl=D3D_FEATURE_LEVEL_12_1&devfam=Windows.Desktop&devosver=10.0.19044.4529&dinst=1733929156&dmret=0&drgng=244&flightbranch=&flightring=Retail&localid=w%3AC56F7BC2-5242-9BDD-A5BE-0153F731EDBC&osbranch=vb_release&oslocale=en-US&osret=1&ossku=EnterpriseS&osskuid=125&prccn=2&prccs=4192&prcmf=AuthenticAMD&procm=Intel%20Core%20Processor%20%28Broadwell%29&ram=4095&tinst=Client&tl=1&pat=0&smc=0&sac=0&disphorzres=1280&dispsize=14.7&dispvertres=720&ldisphorzres=1280&ldispvertres=720&moncnt=1&cpdsk=241361&frdsk=20479&lo=4665&tsu=4665HTTP Response
200
-
72 B 158 B 1 1
DNS Request
136.32.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 199 B 1 1
DNS Request
fd.api.iris.microsoft.com
DNS Response
20.223.36.55
-
70 B 145 B 1 1
DNS Request
21.49.80.91.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
56.163.245.4.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
241.42.69.40.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
83.210.23.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
14.227.111.52.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
72 B 192 B 1 1
DNS Request
checkappexec.microsoft.com
DNS Response
172.165.69.228
-
73 B 159 B 1 1
DNS Request
228.69.165.172.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
200.79.70.13.in-addr.arpa
-
71 B 199 B 1 1
DNS Request
fd.api.iris.microsoft.com
DNS Response
20.199.58.43
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\KVTUeGqEzCfMMgCNfCLmJoBNI\Bawless_RAT_Cracked_By_vi_Url_lqx5whgxrp3qiuvkfqhhw0xynuenadmn\1.0.0.0\user.config
Filesize323B
MD5f9386d27234e43fe47b6795942a7a8ff
SHA14191f495d7abac1cdac478ce50fddbbbfebe723e
SHA256b546a456ef0590f41e1c61682380b4997e9d0b7216b3092bf598c14dd2b128bf
SHA51296b9aedbe5bc6c7cf7317eb05ac355ae2caed8480425b31012e0c95f62f02db65c6412f10596d187d880a98572cf43e2f5cd70b73f6074efb21af78e834ec498
-
C:\Users\Admin\AppData\Local\KVTUeGqEzCfMMgCNfCLmJoBNI\Bawless_RAT_Cracked_By_vi_Url_lqx5whgxrp3qiuvkfqhhw0xynuenadmn\1.0.0.0\user.config
Filesize443B
MD5e638c22bea6f9e94ff8a7fd911b116b3
SHA1af544cf8769ddb610290010c01f7c242857ae558
SHA256250571b222424f8f70bc7264b918d14705de15323bd2266286374735bd66a2c8
SHA512715f68cfc2cf2aebb9be455598b1046389484d41d31c3f78f138ec33bfc9a6010b903db5c3eac8eb6d54a887eb7d2a571b396232efcca688d9ad834efe9d70f2
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Bawless RAT Cracked By vidhayakji786.exe.log
Filesize1KB
MD5065d12ad48da4f4b2294dae36fd242a0
SHA1da3802f57a2751e58691f8eda8407ff12c806731
SHA25686568fffba8fd1f51f71fa0a72a3768b0ee9e90e417e952ffa8aac56c228b32f
SHA5123a01a0e266307dd04d96c5ddcc56f6419855f54c6afad54a4c3d511d9bd9a88b3a0822c478d7ff195ab59605b557d796facb28ac6dc35df5c63cab17765c4a1a
-
C:\Users\Admin\AppData\Local\Temp\7zE0DC1F81A\Bawless Windows Cracked By Vidhayakji786\Logs\Ookii.Dialogs.dll
Filesize126KB
MD5c43d1d849935bd82fc577155dba84af0
SHA1edc34ad456dc57979078b62373bf865e694a9666
SHA2563e09f4104fc86a3ec4d6a600269d99c78485fa8b00726b19c7abf7a27eedbce1
SHA5128a40199d220f55b28e13398472af12dbaca926603c778750c6a645ae92a9aea73b9f3b00e016ec81793420fa29f146b33f86dd6676652a55ce6d1eb61824c04a
-
C:\Users\Admin\AppData\Local\Temp\7zE0DC1F81A\Bawless Windows Cracked By Vidhayakji786\Logs\ProgressControls(4).dll
Filesize12KB
MD5c57a6c026cd6ea2870b83a423e6de4eb
SHA14177bd227f4bed55c7715091c7117f210650343d
SHA25686d3053ad9366fef9ada575c9a4898ee5ac62067f1fa4c5914831f26b4dc9642
SHA51286bcfa9a1f3dfe2356f1589f01873a4ca09e262e881dd97ec0028cd674332e0b9ab4129716e7bd4b810fccb59608e067e5ab56783e63e0b222f4821581073063
-
C:\Users\Admin\AppData\Local\Temp\7zE0DC1F81A\Bawless Windows Cracked By Vidhayakji786\Logs\vdump_03BF22DC.dll
Filesize12KB
MD50658acea2f429d6bd5f75eccb8149ab1
SHA194924ab49ac27a33d40d465ede34391f64e3cecb
SHA25670ef00516d8eb2d0650fbbba61f4edb785939e90c9d52a315f29b48f2c625e9d
SHA51271e920d50343399cb39d29d9ec51ebf33bfbd0cf28663740220979b2974c047b1a1c47d431f04b2df0a6139b162463a1542b3d12c94691c1988cedd4ed67fe21
-
C:\Users\Admin\AppData\Local\Temp\7zE0DC1F81A\Bawless Windows Cracked By Vidhayakji786\Logs\vdump_0C7869D8.dll
Filesize126KB
MD533d7c1072648f75e50b99ed7b68afe44
SHA19fe80ddaf34a93eac09d76816d5b2051626dbe02
SHA25605a6a9ddc257ea82ec112db8a01eac70cadc7828e985c1cea4757b3b4c1f437b
SHA51286a9b32395738fba5ab6417497a79d933256e73b03d33627f886309513bfb6e968c10b8c536c95ba4f98f9bb1df7142bbb37cbdcfdcf5c6ffbf64cc27d340227
-
C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Bawless RAT Cracked By vidhayakji786.exe
Filesize14.7MB
MD57e228fdc2c17c3ef4ee02fcec4a4df7f
SHA1a5112a8cf9e6dac6bb7ad6767c9979600f581a7b
SHA256bd1ee9c456e4c08c4c8f184a8cb680b88dc444e231c855c850a4df2a9cb3aeb9
SHA5123f1871a01d097a241d7533819b51099870888607fb8a4b51b669357fedafc197f6dc2551328e7f920a3a245e6bec183e460865dc20240d9d54ff4936cbc29eb4
-
C:\Users\Admin\Desktop\Bawless Windows Cracked By Vidhayakji786\Bawless RAT Cracked By vidhayakji786.exe.config
Filesize3KB
MD57256166cbe820cf4b580ea75e30e1b0c
SHA160cbe96a43e827f4c110ea4ce9e1519d30a35625
SHA256f35535c7c7b47ec67f2250aba3176455d700e1c3cb108d6c078863e278cd0dc6
SHA512dfc3270104c602df33f5885ffb3c3d77fa8770ac1c84ee5717d2e11e52fc426f7d7e654c4f612c3facab46e8685d88d7ff923fca44b0c984b4317757eba6e2ad
-
Filesize
1.9MB
MD5c1789e4cf0b77749e0bef8f984f9cd6d
SHA1cdf9d3f1c45bf294380d59846ae26b9da8a65725
SHA256d590f05dc6980e4681243e68bda05b7da7952d75d4aa34963c1535f79c8fc060
SHA512e51e76476d5c46d467bbf92a25471e6525a8ea58a4cca7ee305b295b396cb53650169665979eac0ed9bebb38c74d62c03e2f3b29b70eb6eafaf9ba474fea33ca
-
Filesize
1KB
MD5b025a65a61c6e8967637c346f6687f14
SHA1b4a8ae31eb5518edc1b91079b966168f6af69202
SHA256dae1407390b2fa60074fe872ab49d9f0669fdfb6996660fb2145ee8b198cba94
SHA51254660d68e6c9d6e3fe5890977787c8396fed7744994255461ade1742d25aae226864b558658a0fedd749af4d94a85d16c21c2d7a006dc96c5ef362dd27908617
-
Filesize
2.3MB
MD56d6e172e7965d1250a4a6f8a0513aa9f
SHA1b0fd4f64e837f48682874251c93258ee2cbcad2b
SHA256d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
SHA51235daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155