xred | 2677883f2109a228a80bebbd723c70ec58e01526af5944d92627d2fcf634a3dd

Analysis

max time kernel
254s
max time network
264s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CraxsRat°v7.1cracked [RDP].zip
Size

259.5MB
MD5

c222287d1a010c086a301f789de8ea87
SHA1

a5999d3213ecb6ffe1c593866a384e983aa0b350
SHA256

2677883f2109a228a80bebbd723c70ec58e01526af5944d92627d2fcf634a3dd
SHA512

b2fb338af2a99d79a4b7658b3e251a13d76b23279985a043dd18136ef4816c044bf61543f31e95e77ea58fa51c61ddc7bf749462d6d0e97d85a228c8168f5e1d
SSDEEP

6291456:lgl+OvcaWK3Y/Eod2qQlqFbp1XfTsmgmvv7GInbBsH:l0+zLr2jMXf1gcGGKH

Score

10^/10

xred agilenet backdoor defense_evasion discovery evasion themida trojan

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Signatures

Xred
Xred is backdoor written in Delphi.
backdoor xred
Xred family
xred

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	CraxsRat7.1BJSrat.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	CraxsRat7.1BJSrat.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	CraxsRat7.1BJSrat.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 6 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	CraxsRat7.1BJSrat.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	CraxsRat7.1BJSrat.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	CraxsRat7.1BJSrat.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	CraxsRat7.1BJSrat.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	CraxsRat7.1BJSrat.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	CraxsRat7.1BJSrat.exe

Executes dropped EXE 3 IoCs

pid	Process
1796	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe

Loads dropped DLL 3 IoCs

pid	Process
1796	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/files/0x0007000000023e6f-3732.dat	agile_net
behavioral1/memory/1796-3733-0x000002D17FBA0000-0x000002D180BCE000-memory.dmp	agile_net

Themida packer 24 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0008000000024585-3719.dat	themida
behavioral1/memory/1796-3724-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1796-3727-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1796-3728-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1796-3729-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1796-3730-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1796-3751-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1796-4373-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/3968-4379-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/3968-4383-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/3968-4382-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/3968-4384-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/3968-4381-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/3968-4418-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/3968-5081-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/3968-5087-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1772-5089-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1772-5093-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1772-5092-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1772-5091-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1772-5094-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1772-5102-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1772-5640-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida
behavioral1/memory/1772-5649-0x0000000180000000-0x0000000181D0F000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	CraxsRat7.1BJSrat.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	CraxsRat7.1BJSrat.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	CraxsRat7.1BJSrat.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
181	pastebin.com
124	pastebin.com
126	pastebin.com
127	pastebin.com
128	pastebin.com
164	pastebin.com
180	pastebin.com

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	128	https://pastebin.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=90046eb3eaa56373	17

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
1796	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\7z.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\aapt.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\aapt.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z.exe:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3484	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 37 IoCs

pid	Process
1796	CraxsRat7.1BJSrat.exe
1796	CraxsRat7.1BJSrat.exe
1796	CraxsRat7.1BJSrat.exe
1796	CraxsRat7.1BJSrat.exe
1796	CraxsRat7.1BJSrat.exe
1796	CraxsRat7.1BJSrat.exe
1796	CraxsRat7.1BJSrat.exe
1796	CraxsRat7.1BJSrat.exe
1796	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
5712	msedge.exe
5712	msedge.exe
4040	msedge.exe
4040	msedge.exe
3968	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
5660	identity_helper.exe
5660	identity_helper.exe
3968	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3716	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeRestorePrivilege	3716	7zFM.exe
Token: 35	3716	7zFM.exe
Token: SeSecurityPrivilege	3716	7zFM.exe
Token: SeDebugPrivilege	1508	firefox.exe
Token: SeDebugPrivilege	1508	firefox.exe
Token: SeDebugPrivilege	1508	firefox.exe
Token: SeDebugPrivilege	1508	firefox.exe
Token: SeDebugPrivilege	1508	firefox.exe
Token: SeDebugPrivilege	1796	CraxsRat7.1BJSrat.exe
Token: SeDebugPrivilege	3968	CraxsRat7.1BJSrat.exe
Token: SeDebugPrivilege	1772	CraxsRat7.1BJSrat.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
3716	7zFM.exe
3716	7zFM.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1796	CraxsRat7.1BJSrat.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
3968	CraxsRat7.1BJSrat.exe
4040	msedge.exe
3968	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1796	CraxsRat7.1BJSrat.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
3968	CraxsRat7.1BJSrat.exe
3968	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe
1772	CraxsRat7.1BJSrat.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe
1508	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1508	3000	firefox.exe	97
PID 3000 wrote to memory of 1508	3000	firefox.exe	97
PID 3000 wrote to memory of 1508	3000	firefox.exe	97
PID 3000 wrote to memory of 1508	3000	firefox.exe	97
PID 3000 wrote to memory of 1508	3000	firefox.exe	97
PID 3000 wrote to memory of 1508	3000	firefox.exe	97
PID 3000 wrote to memory of 1508	3000	firefox.exe	97
PID 3000 wrote to memory of 1508	3000	firefox.exe	97
PID 3000 wrote to memory of 1508	3000	firefox.exe	97
PID 3000 wrote to memory of 1508	3000	firefox.exe	97
PID 3000 wrote to memory of 1508	3000	firefox.exe	97
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3676	1508	firefox.exe	98
PID 1508 wrote to memory of 3028	1508	firefox.exe	99
PID 1508 wrote to memory of 3028	1508	firefox.exe	99
PID 1508 wrote to memory of 3028	1508	firefox.exe	99
PID 1508 wrote to memory of 3028	1508	firefox.exe	99
PID 1508 wrote to memory of 3028	1508	firefox.exe	99
PID 1508 wrote to memory of 3028	1508	firefox.exe	99
PID 1508 wrote to memory of 3028	1508	firefox.exe	99
PID 1508 wrote to memory of 3028	1508	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\CraxsRat°v7.1cracked [RDP].zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3716

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fce27cb0-9bbf-4b33-968d-20de26e6e4f3} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" gpu
    3⤵
    PID:3676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89c9f5ae-b098-4901-8ff7-086d9f35f368} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" socket
    3⤵
    PID:3028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2952 -childID 1 -isForBrowser -prefsHandle 3304 -prefMapHandle 3340 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4eef507a-5cc4-4d42-8710-6ad90be379c6} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" tab
    3⤵
    PID:2524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4004 -childID 2 -isForBrowser -prefsHandle 3996 -prefMapHandle 3992 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7cd3b8b-0b98-4f54-b350-3500615d2948} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" tab
    3⤵
    PID:4020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4632 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4720 -prefMapHandle 4468 -prefsLen 32287 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {826b0fd4-0a99-45af-bf2d-ca3486922772} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" utility
    3⤵
    - Checks processor information in registry
    PID:5260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5044 -childID 3 -isForBrowser -prefsHandle 4632 -prefMapHandle 4952 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcbd9ee3-ccd0-4b9e-9cdb-0bc80144a198} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" tab
    3⤵
    PID:5400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 4 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b71ddc2-466d-44d5-a15c-8205386fa1fd} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" tab
    3⤵
    PID:5420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 5 -isForBrowser -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2703c59-fe66-4311-86b5-9dd45a93ee5f} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" tab
    3⤵
    PID:5432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4708 -childID 6 -isForBrowser -prefsHandle 4188 -prefMapHandle 4472 -prefsLen 31251 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee6453d5-ed78-4475-a113-075d5e4bed20} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" tab
    3⤵
    PID:4436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 7 -isForBrowser -prefsHandle 3176 -prefMapHandle 5968 -prefsLen 31251 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb159739-64f1-4041-b31b-532ea49844fa} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" tab
    3⤵
    PID:5908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 8 -isForBrowser -prefsHandle 5240 -prefMapHandle 5160 -prefsLen 31251 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4280e8cf-66d0-4458-8cec-14064f85092f} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" tab
    3⤵
    PID:2468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 9 -isForBrowser -prefsHandle 5396 -prefMapHandle 3688 -prefsLen 31251 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3db85aee-2b19-42fb-a432-e78cf32a6ada} 1508 "\\.\pipe\gecko-crash-server-pipe.1508" tab
    3⤵
    PID:1404

C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\CraxsRat7.1BJSrat.exe
"C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\CraxsRat7.1BJSrat.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1796

C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\CraxsRat7.1BJSrat.exe
"C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\CraxsRat7.1BJSrat.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\Help BJS\CraxsRAT 7.3.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef67646f8,0x7ffef6764708,0x7ffef6764718
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8162030174689491926,14056222492263331411,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,8162030174689491926,14056222492263331411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8162030174689491926,14056222492263331411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8162030174689491926,14056222492263331411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,8162030174689491926,14056222492263331411,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3220 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,8162030174689491926,14056222492263331411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,8162030174689491926,14056222492263331411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8162030174689491926,14056222492263331411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8162030174689491926,14056222492263331411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8162030174689491926,14056222492263331411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8162030174689491926,14056222492263331411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1296

C:\Users\Admin\Desktop\a\CraxsRat7.1BJSrat.exe
"C:\Users\Admin\Desktop\a\CraxsRat7.1BJSrat.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1772

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\a\Errorlogs.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
304B

MD5
90e699a8203fae622c80d4f724fd4e27

SHA1
0cd7a95c10c0b752df42333385d34dcf6a9e9a0e

SHA256
268b02bb7ff90dc43487c4bca1bdcabcfe4fb3aff4d6f9eaef8d3c8aee8271d1

SHA512
e80a444d5fe6ee6837068ed567e0f0a827ac1717645a5b35d5e592526f864b740f0644108ab2d18ff2a3ba14ef159ca0105a8e35a63daf4603bab2647d9c427f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d09b3821f0c1c93ef9135f01285b8bf

SHA1
dce84d2030c4d626b77905142c992708644264c0

SHA256
ebc1a9d1f1e2cd55f556a955fa1c03536a7c89c5fd989d4f07446f201b4b9e27

SHA512
828422cdde8df807b75a2c42edea53e161393b1e183d087ea4a4d45d2afb8151e153d9b7f115dccb5f596fb065a4947fdea1a385844586a6d55d312d4e11a6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a65a7a7c70063492da53b3597eeaf77

SHA1
5ecdf6ef1ef5961a54466dcbabc2d1c4ca5879cd

SHA256
addfd31ec9c3cbb72d86a4123b8e8e4587ac04fc03703bda29e0f82835f8632f

SHA512
8c3f1f7458a06f4eba8a79a44bb288a87f2ac89f06ad319ce4020a327409162d8872a638183ba073facabb3f9ec5a844f8ae2c87bfb2159315f5660cc65107db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d0e0726873dee0f6897b30de3b3f948

SHA1
23d1f27f936b9019cb6d17f4a308804e686989d3

SHA256
c5d5a78a2e462c5021991a610719b77b213326740682c7fa1818151939e6acde

SHA512
561acd1a743b3dfa989e270f88160732d95b96f7a9876396ba082fb843276c633c5df568b3e464fc4d11240af9e05a28525728cc2c1bb9f097812133eb3b7b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bb5ade5b0c15e4324578fa35a9b58f4d

SHA1
5761999aa4f703e1a55279dbe65866c4dc67a090

SHA256
766edeafe7135a8d1049eabccff69ec22342c022cce660723b3a57969af1b95b

SHA512
f8afcd473182e9157379eb6876e8e1d25d9fe425c815a74c3781bace44b7599fe9ea7d1c8c276c0c541c17107622a217710abdb2eb0a810daf8f657fdbf636a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ddcba4bccf609eb91ec6f914faae95de

SHA1
b1dd53ec2335b99e7a42beefaa517b6fc9e89208

SHA256
0bb4eab0efdccb0574aac0ff076f59c4c972be918e1f605bd75f3e2f5970a725

SHA512
1bcc96add8e83011b092cc2a5def34d7bf89bdf4764cdc0da1e8e82e86b53b3d40a516559b12a32b3e39c136d156560b40e87c19ea272c2c95e34f257e762a07

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
b84c96ce0e6240933752bd4ac34feec5

SHA1
9b3679d3a26333f80026e81fefe94e0ec223db7d

SHA256
6b8cc7b138c20df7e7f5e3828d933f962d2730ebe80699791e0e82593559b31b

SHA512
23f3d1f1b852cddff2dbea58f18a95330789c296009fce9c932be86ab7b712ff37c1315416f5e24399cb7a2f183887c26ca99413eefbf05bc511ce051ce30fc4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\6653BC7BE242C21AA1988A4A42D1DEDA18231C31

Filesize
13KB

MD5
6b8298d472ef6dd0ad1c9a927dcc8046

SHA1
45634f957aa44eeb669d34ad52b0c489d2f03f18

SHA256
625d8cc23ce543282833995f175019e22924e0481b8b596607d695a4ff9ad02b

SHA512
286c4e14d2380566142db60eaf784b8af64428996bac8528b4f4b0e7ca4b9e2c45bc82919cead4fefbae74e814108630802f1446ccbdb0d983cf171fc63c663f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\FBF093D342F7996FCEDB2B9CFB01A3ECAB8D99F9

Filesize
13KB

MD5
82a99ef5605fef976f84ad581d88b44f

SHA1
1688f5a697b61a85fde61665e9c0843cf019c08f

SHA256
53f0475a6f3f3c508848b63f5a75bf0246b09c738ff34cc0cbe41dd6f6e15cb7

SHA512
173160d86cb819afeb2ec5015dea3c4b94bc0259c10a1421fbf8f2c4f9dcf1d3425c78124a926d2c4257e3ec36a67745a08328af9b036103163381409da4636f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\DN000000006569C4B6\Runtime64.dll

Filesize
13.6MB

MD5
21e00d8cffdb42642b3b413540e9dd24

SHA1
eae6d44c96117fcf12b4aebad2b95af76bd11f8c

SHA256
611bb16bff870f5de73b83a4dc37e1dd519c4dad9ca323e5908c67516f2109b7

SHA512
e938e2c94484da96ec813f401e20787e91923377be9f8217d3a9e3a4d10a36e1ec548db054c99e03abb117b2897a44556a9de4c34b57b1fd3b190a321746906f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
6KB

MD5
82d68652de416820e9969d04cbc6a02b

SHA1
3e2468adde39185642b99bb15c560fcd224f073e

SHA256
f69d515e772765fc3ba32f5b1b5ca2b99ba6e07430481b16d6aae54f41f55c15

SHA512
6ddf87cb881eb49fc5a3967308d0378fe6d1fb7340343a52bbbe989b82cbfead7bf8c3e2c8e1f1c420b28c7787d75b12904fa7afaaf16e5f9c8ba07bbaeba758

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
6KB

MD5
c47e98672bc429aa892eb44149ebdbcb

SHA1
f145cdd89397416996b685f35a3930a8f68eb322

SHA256
647e1f8824222df4bbb76917aa70e401ef21ddc01f28ff8bf457e91bf7be8cd0

SHA512
512a5cef09cebccf945a8c4e4e3164ea9f7dfa47b89d3fce88a0418bfec8810e3cf6e6eed87839646d64c4d11e61240e1c96bb9bbb9f7002e9ef9e8a850be7fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
8KB

MD5
6219acfdac4a782d84d75605aeb6aaa1

SHA1
6f0fa79076048d20ed88c7bdad47549121c7d1b0

SHA256
1120f7a82baa0c52ff3ccf48454e50eefcbddfb3d0d3f8873845c98bcd838302

SHA512
6ef7c61a331b6c25be49a61bdedb6937e4491a8283e57dd73687a678d5e60242e66ae4a674a39f48ef4898a55253722dc986a4ac0265c351ddd88e121f19e549

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a494db59fde0656e9a786cb7f57c6f67

SHA1
476b863b8592bd610bd1400b1579569e32bc9301

SHA256
cde6adf7e403002d4196222de05965d9ecfd41ef235f96835c27d5b2998d1a9f

SHA512
26b01af14bd9bed90eaf1ccf09919024a5a414dc49afaef7957d51aeb5210905fe36909dddd30636672a633e08a5beb661323431ec5276120ad3740d6fdf997a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
c9c20383e138bc13f3016a10f128baeb

SHA1
af3109043f678b7a2c6c46936dd81c046fec81c0

SHA256
1789558552f02dde2db29d69e4fc41d7e4cc3ef6b6dcb770c84fb31b6bb10d4a

SHA512
34a53733398ce12eb1a5e7adad069e2148da91399723d60de1a9965158ee9d5252ba5e412afbd7cbf9fd0afbbd219ee57e2f71de3ff1b2234355ddb94c37799f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6dd914984f52a66f5ca2ea7b50f6ef57

SHA1
de6be2c05e7eea2ca37ae61ae5fcfdb43a17d985

SHA256
1a4babce040beb8d2e67b7ce3d27843a25e3465706650e83992c961aedbae708

SHA512
e497e936c919f6cc563318bbf7bee5e1d9deb46aee00fd67c6db0f826f7578f858ef345c111d4bf7b547e0dbf16478cdcd4985a59d4ed385c5a2c38537fb8c56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\03bf7070-cf96-4a27-bd4e-f39961bd7495

Filesize
982B

MD5
a1167b859b347a8a59cc8c5b16b5c096

SHA1
694ae8c02ef758250aeb22458fd5c6a75565240d

SHA256
5e539d1c104ac04a3fb6a4a74171a1efcd002ddd7878d130020a1a47e51a9603

SHA512
6aecb40a24fd66f05daab50cf5dff26261f254e61376f151b54b89fcefb206930b693c4c52bdda9fa28c42ae2652cfb1bc1824260ccaed4b5464990e89e616c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\cd150885-13a9-40e1-8141-41bb479bd3ca

Filesize
29KB

MD5
4e845a5acbb0007ae6353a15fee67187

SHA1
f88a46bb9f8d66fd1fc26f390f839e794d2dad61

SHA256
523dc719e7ad99aa4658005ef03e5212eca8c6ed8e42df89fabe841bfdb069b1

SHA512
fc8cb63cd82fd3342a8753a3bd1c9099fd1dd5869e6abd1368a8841401192bd1bd25f8c89e871a472c32aa4d1d2c0db80b66fb9aa96b61c87bcb396ff42b52e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\fbb6edd1-088f-4196-a633-0898136d7ee7

Filesize
671B

MD5
418df382d0d992138f065c13876ede4d

SHA1
8c4d4289cbfc0e4fb783d6f446d773d486e377f4

SHA256
68a495d747894c3a7d1b258cc17704ab12e54a4e7dfbaa409ec207e2addd50b7

SHA512
3ecd74da173f84eaa304888903a29da3029c863b984dfffb64db128afb7c240a34ab55fd6420b3eaee49967755a55cea3f36f2e411a0497d9fa947e93b606083

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
9KB

MD5
5e0cc48c797add28eb8c5b3da5d1c873

SHA1
911af16427760cc30d2ac7d3cbed33ea4f2fa97d

SHA256
c577b99bd03785f05f70ad86c79f0f181080de6e88cc7a6c1c85ea37bbc22ec9

SHA512
625f45536e439466673ca547920c39b6b29c7df4bfb19c659542198db0237e9de6819433554bff4ff282f0ee684e9088ce9a1ea887787692a0e1ea50d379a532

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
10KB

MD5
ac1ba9c0509a53b7eb4026b1402ee330

SHA1
6eaeb3d080ddd514fceedc41c6505b3f9c7a8a0e

SHA256
d8c6fdaaa72376764334504ebb93551d7c108b6d7e5d0db51fc9947c98df055d

SHA512
4adde5fa8d2ffeb1edd5746d9dfd8d7f18fdce997beb9520c36fa407f98492fc2f39b6c5a526beea82f298025ede72363c6719de45c047fb8f5192ee765e28c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
10KB

MD5
9648f70b41e4e460d97205c69c5ccbad

SHA1
d184ccb63de673cc3f50913b06127cc6bdc2c171

SHA256
86c50f5860ce1e45237bae9659cc90094f040d6fff27a78347387b8dcf8f1f2d

SHA512
c706adb03e6a457b0136b8dbdf0c013159fafe9c8280c75ccccab194f3a55346a2a1a41f6c4bffe21dede79b47097ddf1cdd81aa6fefb8d309c230a5c8f55c2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
10KB

MD5
c9d1bb53e257a2631e8c2319daaf2068

SHA1
b14874b3e467f0dab98ed8577a16295d5a88123a

SHA256
0195b06300c819e42876cda7134429a28b3e44a73eaad618af8dba6aada9dc36

SHA512
3a8a7c3dfe64695b7a1b59babc96a1aa545d082f31b7d76902c46d851ef8f362214d262fdc1bee297bb1ac9ff410e53947829721861a9f697b9e9e966c353814

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
0042ea30a3827229892c30fc81bf66a5

SHA1
1e6513418c7d894fc4a1ccb5d29890c9c7de2733

SHA256
b0e64a0a8b30a4467612b59543a134abb0a8214cc0cf179c5a5eb7a946e52eb1

SHA512
16ac417341625a9f011f060ca0279c422f5f3234112784c41a6d33882e2994c9a64a97baf29b04586d9cf3b311beae649f8ff9d44b90338fd7af4abec710d1b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
2081021d0e68ca24b4ab6d361dd10e1d

SHA1
14c83a5de304b2993bf4420b41a88b7d63c4391a

SHA256
57644244201707492e63ab188c0986bb2bdd99e518539e4aadfefc6ef827c6fa

SHA512
7f5b3553433035ff91b88a8296a3ef903c7e4957b77c074c98aed993cd33ae33a5b8aae48f326bca7a4544b4b4f6212f66d7511a8cc80688aa6ca730452147f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
5a8ecf8139a3bffb4b665e12eab3a9c0

SHA1
d861b34088b8ac09abd7db5c89ddcfbff8325bce

SHA256
469aeff8ce0a6ed9fca2bccdf478da750f56a97bb6d69865796b6d4ea3487cb5

SHA512
a5d7d12c38029e2d39c2de4e02313430643f485a4f860516f45473ba8a28a51779699baeafdf9ba914c30a4d2bbf04c7dc3b36d70f4adc75604edef238f19b45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
a17cabedb15523ec9831bce6a861f733

SHA1
4953b8e75c16ba7b8775fa90b87ebbaec98ebc84

SHA256
b07c0a226cbdc88fe351b993aa1f7b8b3436ef1ebbb99150bf68db5ecd0d8d81

SHA512
cbeef465f6d1061d22e43c64d2c21488dddb8ef1e4f1693c4ce1b2ff5eb4b6375e9c970b72f7119c5f385198426008f1f89222bb80ba05fc32ad5a9a3f839a5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
9.5MB

MD5
acd9829ffdd3a8ec76f478fff62f4396

SHA1
2ffe909da230f4830dbfb58a79054a39326f0881

SHA256
d447d4bddadf61c2c8d1d2b855e223976c263be617635995d3c155d5725a116e

SHA512
5a74a1c7756e6e2693a24b978e02fa1bf3aff9eb4a041b52682ac729f28952d3c662afae76a238c12575a91b1f6ca7a5800809edc4579ad7914a385dc8d99d47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
9.5MB

MD5
ffb152b36132aef8491fda405e9ac843

SHA1
3adae6af753dbfa710870d59546173b56821d94d

SHA256
f32566230001578ff64866000a041475417cf9584cf72e1f49998e1615b825e8

SHA512
d64bca7bb4c7bebfb42aad37aa7a0a5cd5994026842a8d6225f1508fc371ea239abfe06a1a23c3e274dc286c952714bac87e63938680dcbd1a684223236e1518

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
9.5MB

MD5
7296ba48959a7f9b3f93e8aa9db6174b

SHA1
23386f50e6056374a57d0f843735bcf38ce7fbc3

SHA256
6976120596542ab3ca93101345ed9d6deabef68aeeadf714e241cc469af38c66

SHA512
c4b19b0163aeb72a5b9a2af87ec3c538590a0e0603a6c7510a1fbe59643d4eb7d3de3eb89bfe3f07a585400449823fc4c7a6bd976b0609d4f3311d71756132c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
9.5MB

MD5
415bc8e93717d0ec7a2b42dc3c5be8ac

SHA1
7b18f459ed8216c7a655c855cd2843c853a8c1a1

SHA256
78bf294aa67586414ea07a679257e54d709c51462297c2c9007b9d93e945fdd7

SHA512
2cb2ba1a946adb0ebda243ff60cd67283a4caeeccd392626461225d00e18830976cb34c72a30708ee68e0a035a23a46270915a8b72efe596e362cbfe58fa8b5b

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\DrakeUI.Framework.dll

Filesize
1.6MB

MD5
0562b4c97f643306df491a938ae636da

SHA1
0807c37b711374ed4814a9518c9e264517de89a0

SHA256
70e72477f7fe0018e043ce8fe2228a289459058ee41caecd6f05855898bc5b80

SHA512
c969cd274b6bf65a34f1d129b6531616a3485a1f153088609ad2369d380fdec37c3e88a423495912715a26e353dd5498f7f9e73c895e9f3f18fc7d1e65d2ecaf

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\GeoIPCitys.dll

Filesize
191KB

MD5
c070f2421851420e832e4f5989a775a2

SHA1
d6af3c48ffbe0fa1e0e54860836d3bbf374b8b46

SHA256
d54fd6c5903eea49a75d620d4ba232f8effb1863f5f9c974e4ac0a8fb1904131

SHA512
75c3edeb4c16d8e82eedc5595b9c3fde4cbd4a3e9deae1967ad513474920a48e4e9275fdc76f44032b1be570a4ece1a6393c4680af8989f67bcdec039d06798e

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\LiveCharts.WinForms.dll

Filesize
19KB

MD5
76c775d09b24798f6923452e920979b5

SHA1
3fe2c79512a0d1153fb07f6640b27106c90d333e

SHA256
a5b61c1726304e6b72e09a0f35ddbf52f89a75a4e28e6ed098c8d1df6081b4ad

SHA512
eacc093f8ac9401f617df7e07fd68a8a0f1f03aa150283de67ad8c338fcb1520b0f07335547cf533a646ff95f239c92b029f952a706e736bcd9508817c9be0f9

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\LiveCharts.Wpf.dll

Filesize
212KB

MD5
e924f79f0b5f3e79c98477d75831813d

SHA1
64f71e20e1953b13c771d8a8e63549ad6d64216e

SHA256
1bdbb1b5c1a50653e5c26161e9b7c03edc518721a6e10ea180a84049d967106b

SHA512
063e9bdbdaf0accb46cef5fdb98b30a97b8a6ba097a80d43a9799ff73e820d1c56d41ca9f71d94497736e3def7fbd0109db4000ab1d9e46cdc96357bf3e15fd1

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\LiveCharts.dll

Filesize
148KB

MD5
9642899636959b7fc89bf34a8b998a90

SHA1
479a0254d1c9e5565c7d861bb77f54b7eae50c96

SHA256
9fcf89837b60f69c1c501e4cfa4d2860887afd0b8f325803367e795a4e3bc9ca

SHA512
435dccb57ff3e9d0663770768c866838b19fbaa5b8e79de0ca111d9c73276f016e016d1d268f72cf3435ecac122039764fada952e1a4f68f368b492bb866c9a2

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\craxs.dll

Filesize
16.2MB

MD5
6976141e6a62ec976d7f94a068d7f2fa

SHA1
d40990b875657d4b010005707432a8f36ab09a7b

SHA256
b761133d4b9139dcb75eb0e7297676ceff9ca94ba7721b9615e557067ee301cd

SHA512
288efc33649c35a2ef210f8168eadcce1bd2b3b7610cd4bc34b023f397e0c29324de81a1d990a6258a7db7f3c5ab3fbb17d729fcc518c6aa9231661eaa2f553f

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\Config\Pass.inf

Filesize
24B

MD5
f13c9fd7401845bcfaca535744744440

SHA1
a0f1325a69f2c303449177932c43030a4b5991ff

SHA256
87c67159e71ef382bd47a763527c906c18a77f79fa66d9e18569d1ed0cbdd167

SHA512
8bd1dfc2df7e51ae7113f9b0212335614961716dc0b10f58433d8618b9dcc80e2aabad9e563b8106a3151314af593aea9fd0a401cde30d7b47bf4b71d3b9abb0

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\-1.ico

Filesize
33KB

MD5
410e4dba1b3e1acd689425d024f3fd56

SHA1
d38fcae133db0cff918dc455acd8ffa437989659

SHA256
e10518132ded7ee51739953121f6efe77412aa85bd744ea7b256a5a6da751e44

SHA512
cac41002ef9ffe4592a0949ebb3a21b3837645838e623d3a188f7e70b6c82b2253c586a6a9395007849da0ef94d6dc47bcfce9cde554e8b6becdaf21082cf014

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AD.ico

Filesize
33KB

MD5
2cce7e02f2decbdcf648cc249eeabbfc

SHA1
4a9cc2ab3162a949d5f559ac2828813da7aaa6d2

SHA256
ffd5e4016c4bc247f49ded9d4ac463e7bd9d7f92c9889528f5f3a865dc8234e2

SHA512
be3d96046ec50bfd8e4399d1268856d0cc1f541635896ad128d660660294cfd98f79998dfa46849a2e6e5aa3e637626a94a062ab694444b7210f69b3a55d1686

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AE.ico

Filesize
33KB

MD5
5c22046c8b4f37adbd0f41a811238d5e

SHA1
e3c49202f86ff0718f169ce4cb82570457891bd3

SHA256
0759c987d55b3e2bc78ea1761d451b0b40928865c5b5652ef7b304426bc1dab9

SHA512
655c129c7456ce083a9eec235e04b871a16c4226f7cb1aa2ac4b119770b24ac61036950b0a77257af96352318a991037a1b9b5e2925ca84272995dd8135abca8

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AF.ico

Filesize
33KB

MD5
e18c650283441dfbdc3aa46a414f326c

SHA1
eda65607858d6b93db9ca4a9f20cac382cb685db

SHA256
ecf99e08bf15aca4325c4790ee20ccc674b6f4fc6dbbef0885f36bf8e6e8aa68

SHA512
f10cd2a31390bbb06546052214a817153f35ed9b5c5403995267e1e9b4987630c08ddf7db414146211b8cfb4769949cd660060bd2a5c8a51bf5bc381372a6673

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AG.ico

Filesize
33KB

MD5
93f8d14b56bf5f257f87ea438c7a3601

SHA1
31b71ace333e016408af2f18290463389206d1c0

SHA256
8e36c85a8ba6b92ea906d4dcda412b492449e668fac3b05f5fc512118fa71e5f

SHA512
a70adeb933e65ba11b28d11fad9a2eae29a623013f9bd8383afa5c794f214a6820f797f03f1714759bd38356b160b9c1e159dfcecbfa7e95f4ce2b24bfb24cf5

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AI.ico

Filesize
33KB

MD5
2d5ee470e51e769e649109d2721937d3

SHA1
89bb18a904dc2857e52cff3a384df50858d5e17c

SHA256
08afe88e8a0475e320c6da70ff530ada3a6fb426051a6337a769c14dc37ae316

SHA512
d6801a6b238a9779b0b8829f79412c227ed8480ec060e3d1992c9b1024c94a8f1f6ed32097c8a93a6f2600ad68b2ac537fba5f0982a41fef01a832994cc0cc20

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AL.ico

Filesize
33KB

MD5
5dbcdfb9a2f9120ba42006c997e22b42

SHA1
01fe537ccabec19b252e07ed6ab557a46a70e6df

SHA256
8f726d2132b2b7764936aaffb52ef7b0271abf857949588c36b32fb3c769bcc4

SHA512
519b0757a1bba205915aea9f8bb715072420fae126a4917f146c9ea7567fc231d74f93ded8dead86dcffb0fc293de1a4c85a161dd894b490e57806df67cf01da

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AM.ico

Filesize
33KB

MD5
16782d3d013fbdd1277424363dd8a0ad

SHA1
c26e1fd52de7ceb24af6f01fb4486d39e1932bfe

SHA256
faf3d661a09912ff0c1f6cc92dd8775c3d2be31e9a72fe0962c144d679021d86

SHA512
44bda0a5d59f1ead6939a6af13b81ab23b28be44a61e7e736d5e21cbfee813a3a44c5832b16036717f0e18a418dc449b5c3aa1e0f05c4830cb3b64698ce0901a

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AN.ico

Filesize
33KB

MD5
ed05e0515da2b4c11d839493abf8d44b

SHA1
8862a2bd75632d916fdd049b31f2155ac7894524

SHA256
8f641c948721c9e7e92f28224b8b1beeb27382e5bac8a4014a57537dd7543a8d

SHA512
31613012f4ea1da8d1318f69e6e9a4be068e9e490f01ef0e1f880b33f50d715d92d7498ca99223ce81d6656ccc4293a7fbd272939e99dbc21d62176a6c6d9553

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AO.ico

Filesize
33KB

MD5
a5c78266329a1eb0f3e52bc0343783b5

SHA1
e0b254e2176f0eab8d2b76213a64c24ba1788675

SHA256
550a1b6e2b97febd865cd130b0c0d484cf2fd02b8066ddf6d7290b9cffb35059

SHA512
61a7bf67f9019e5f4c653246e1844703619d6421c3625c963862ee9b0b3975b26ce2f785c9b3cc79e77181c098f0e3d60c9f0e21203928117c6cd45f104af36f

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AQ.ico

Filesize
33KB

MD5
be6fa7ab4980735841141d4d3f642a4a

SHA1
c6d03cda7f73a959a3d20d0e3897595fbe2915e9

SHA256
3439ebcdd8e7a614f157f58d7f77d190aac7fe514129a01024a8b68b7008fbb2

SHA512
fbc116df306de7a04f43cb2becfecbbaf103d6b252336e0bd37f006506140ceb14f114cdf62e203bc12f78c25906066385eb6caa67f694d8526b341bcf3462f2

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AR.ico

Filesize
33KB

MD5
bb4f489b2ae1f6601513296357fb478b

SHA1
b8337772e2e17d48412f44373ea8a821b85e9c54

SHA256
af2f591584f6c59da15fd42e5175dc136844442e1c755fac047b0efae3956c50

SHA512
547e0753a1ac4058ec609ddd2d6ce54b50cc47177ee319f5bcc82eca9e231d01d74b7c2d02de90557c08224bed962c74f8c4079a1292153cbff32db234ddf6a6

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AS.ico

Filesize
33KB

MD5
caba1e66c954bc8d784efe2a3c02d808

SHA1
ef1d5ba4735c99b55648503513d9ae7393a3a6d6

SHA256
4946c58e14318696ea03cf9bcb5d8a7334273c2f9e30173a3c7ae0bb7ee70bc4

SHA512
430806d048e383411e36a8e3777a27b7efc1819cca50c7d7eeba662d32351a366d3cc0b892f819b6a96db8281c5e249d3faef13e8a4ec3bef75e67b9567bd466

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AT.ico

Filesize
33KB

MD5
8effa2f5bbcecf6415b04f9408c0a65d

SHA1
3f3249fe921c1d4767b76b0c3a720cba0262b565

SHA256
236c59500b9bd83212375ca7514c0d62dc088203ed269e9cd55ca6349adbc8f0

SHA512
3f8a1f0683207ed616819a0e42b18e5b02eab0300fcf6eac1c399f0e5475f45d62e0bdebfe0055d411d529649938623acfd4b3b02fe80fc9da6a0492dcd31822

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AU.ico

Filesize
33KB

MD5
ae8189b2c04d783a2f68f0204f1baeab

SHA1
e5709598ed08427a1dd83e1d994330bba1b1b091

SHA256
047f9bd82ca7e2685c1dca4c065209977b5e8c32f78ee821bcc7aba12decb044

SHA512
ef1dd8330cf3cfa9840a5902e13c669e6de911ca9f383067506e2c106f05021aa79df60e2a867259bbd1dd056b9367d5814e9bcbafb242d718fa7fe0fe664248

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AW.ico

Filesize
33KB

MD5
49d969f363a153b7e1cb4dc2cb742238

SHA1
2a8fbfd37be58690dc2e0ca2b3ce04c2d15d6eec

SHA256
f0d730a0d8ce85f049a6d8a52733c506a8cf48584b18838f3d677b09d9c09b52

SHA512
97f17ab20ee96ae4e71e31c7864c509ef0b714215606413c801b3608770415ab63d6d5be0980af7231e4c2e270407fd273c36e0e47d524e59126b933fafa4eac

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AX.ico

Filesize
33KB

MD5
19169001a889e72fef769900ca7a8b27

SHA1
e17d9c371cc34d19f05c46d81e06f7ae2159dc7f

SHA256
5ac8c61a8ad2d7ecc3e76927fd6d52b4f279c4d3a92dd32715395581c4615423

SHA512
4c8247ab0f37cafa90ae34aa865af45b6b388fdfa8ab96935d2ae2064c620240dbb8f93c9958844a34fbd249422a9b5751639179697bab44aabda8afc18b0454

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\AZ.ico

Filesize
33KB

MD5
3abcf274a070469b7fd5cc1f60408c9d

SHA1
a2fbdbc0028f398a90b351fe5e3a2e4b31153b07

SHA256
d3cc5eeabeae7f54a8c5600b5c2354b355492634031e32e8ba981806b0494b61

SHA512
14be128eaa0b49b7ad07ad2230732e923a30c204faae1c3afac766088836845fc385a99ef50938f6261456e0e45afcd17c0661345ab72cca8b66bd710eb3035f

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BA.ico

Filesize
33KB

MD5
a603875f8aecceb0d62c9c346f250e62

SHA1
44b58245d17d8d205e6bc2015965b3ac9374245e

SHA256
b586dd987bd326d24ad3edddd1f649d2fc49eaf96028e62e6e14208591a31a9b

SHA512
62c218f9e7e30c056c02b0e9e35b39fa9b66faced7fa8c3a14e9636450d271da04aa5f04a627452be03d0df062b38db0bbeb4fcdedb0d7d820d0bb186cb38953

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BB.ico

Filesize
33KB

MD5
a272b143736710d954a021e7b5b1fe41

SHA1
abf3a358da02a0d9786a022a1367d9bf805ae060

SHA256
f679b5b2dfe2c980b55b713a025936c10260db10254391c5b66dcec51dd97705

SHA512
9290ed552de75f080719d3e6f4954234b48cb1bf87952bf62d1799d64c0d0a2419fe6776d5a84f691f877a6e7ccb176824e7dd00f5ceec7da32458faf1ef6485

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BD.ico

Filesize
33KB

MD5
7bb2410b8a58504b0645e9e869cb903e

SHA1
a1d49a900e2367817575d581c34a3f4b5282db25

SHA256
f8d767b5e74cde08d614d64bc51f4d9db90dc056dba1c38ad8b21aa6c598a286

SHA512
a629b6e3a5fc4cc0499e18139260a7c67c629d76c8264ffd3d99c62154354b50bcc5d73b0475891cf38b90809de996648c211a9c2df0aa4e885e536fe4d3f825

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BE.ico

Filesize
33KB

MD5
f7ed63c5a74feb0ee727cab8d64e2ba2

SHA1
d06d03cc1f832a30c3b5ae51f164291498ff4df4

SHA256
bd0eefab4e51b0beae22d4557f8c43e2908c39b23158900d9c3d38d4a3c27b2d

SHA512
01bb6f850b6b213e365b55861f6a92442c15931db6989f6be03a009a97151abf066eb1298fbd6d130a7ff47970097ecda5855acd2f15fb750f1e5f6916b06e48

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BF.ico

Filesize
33KB

MD5
afe862286a0c17305ca72a54bacc21ca

SHA1
e220c5912d11960c8e9ee38f44dca1361b729dd3

SHA256
5f865103ca695247ab7ea7e02a1942ef01cd65120973e17fa3fcc3e59f9f7eb9

SHA512
33905016ee79a2213a5dd03d553e0245058422d45861f4587f4b3aa2e9562686c209fd1e76575d7614a52388f3308907bbdf867223e15a7fe62d3650b130ce68

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BG.ico

Filesize
33KB

MD5
8237c4778058a9bab26f406b8f06dca2

SHA1
4bc2b85679ea7e634af68b4e31135d3205ae01c6

SHA256
426c8b630bdc5916c5a687450e90a265d18a1042111c7f26a5a7d85d143044ad

SHA512
b64ec153ba921e2f91146ec1461a75b59fb8e71ddb27dc306144a9cc1aa271e6a61096210f4a3a8e56b45ced2f16343cf61a8bc594b52ccb1d9a0d5b312456ed

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BH.ico

Filesize
33KB

MD5
75c68788c23a5adf9efe2c1b70526710

SHA1
3750a765118359dd026580d071da6bd3ecd677f3

SHA256
2525fc71eb284013f3add2f13578363e8030ed41fec3a7fd599a96b2a8ba0d70

SHA512
c2a8ee014d1c9ed3ff09d6781c5062fd9aa2dd233c911358eefc2f27d24cee05883086420b2ecab27138a5f6d0143e045ea2b80a221b30b28eb02ecfe3b6c0d3

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BI.ico

Filesize
33KB

MD5
f44e4ff32292c899f1dfc0d40946c945

SHA1
3e1c7d81166d64dcd6052a7fbe72dd6a56753682

SHA256
84145ca9e4595bdd4838af891ca65f3b88f4ce830f867b6d4f821780152b9c16

SHA512
aad82aee512ee6768ab98e83aeda9b6954d792e81273594d4c2f46183fc0f7df8c0fc4a8035a43c8989b61690dbebea8e286461b01eeafa3398ecbe61750fccb

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BJ.ico

Filesize
33KB

MD5
994401f509db6b74c3ba205814ff1f02

SHA1
3334f65250c7ba7cbee20065bf4d52becdbd392d

SHA256
569c37c33bf5fe84cf1766c26c531be1398e80585551cd065dfb8dd62a57b608

SHA512
cbdf647eebcbbab5df5b8b68ffbb900534f2d41ec2f4d74e53e53eabbd2219caf83dce0cdbb53cd9c126ce1f88aa667439bce5a5a6ae5e6eb07acc8c8740d1d2

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BL.ico

Filesize
33KB

MD5
a5b94c9bcb4d88d9db4d0a568f80b079

SHA1
80167cfe16e20d0eda73b7b4627ce676911814be

SHA256
8165efe84da8f10193cadb266016cfb6ca87724614d00c70495a7b9afc172caf

SHA512
5a186a33e52870dbe2e58c889e913315add63486dd184b216cc3a8b2317169e3ffea8eaaf95084eef6ea04a0f3a791d6012bce6b0118143aa514820050577c54

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BM.ico

Filesize
33KB

MD5
d3be823145f7a4b0424beecfff5c9e75

SHA1
0d279742a4c5468d58f2d141b5e3922699b165b7

SHA256
7f33f4d7cdbe5ac4745917badc34bb93d38a8e5abff6bcdc0c76d3171baf275a

SHA512
6f84de202333e036d1aa772a82448e3e0adb2b453d3f93eab5ed745b4399b74e07abd3a533862a68b57dcd1982941698545e239a6510e0f59a51a442adbd7009

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BN.ico

Filesize
33KB

MD5
4af382e98b18f91caac79ae5240ccc40

SHA1
3158bae6579aa85151b67ab08687b64467c19e4b

SHA256
9cb1449764b3abaae85b2edb0e39afb9776e4c662591f3b241b741a502bb777b

SHA512
0a6daa2b22ee49819d0cda58cfe74343638c62041ef342b08918edd4e1e9e4e90ce2e72a09773b2d9a8859310d237cb8f765fa9658cdfa4adaf1b9e40bb5880a

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BO.ico

Filesize
33KB

MD5
ac44c7d4d6d1725f969c9aea026bbff1

SHA1
7796cd8f72ca40280d819cf4512a534eacf35b68

SHA256
a74d0a96d71485df49614b77a3a232af0c0984443cf2a3efd30d2a9b367271f6

SHA512
1a68ed03fd0bb79460fdb2c6a0c3677db9055f17a14da79eb3388fa3d4a61d17984ea3d0b7d69c9bc5b6a39be955fba62962993122d8df860355125b2e759242

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BR.ico

Filesize
33KB

MD5
b44d5f3b7562b900379302a2f8abe2e7

SHA1
93f2167eeb28510497a4cf6e731aadc1deb783cb

SHA256
29be53093407af0aa165535b196cd3233e19903e7d07c7487c3590feaf3806dd

SHA512
6654a62d640d0b20be490d05a871abe2cae150e3ebd9119c656a8e62deb8a820a417c06fad5fcfbbf5d942c73c9042a281affbd9c28240d85d17ffd1af709ef8

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BS.ico

Filesize
33KB

MD5
8e52a4c31bcf00be00030a8e22e0642c

SHA1
a6743ce24e9ccc60064ea3629d54593cda7309b3

SHA256
2f2cf7125492eb037d8c5bfa15c1584ad8b55047f46e5052b142674ce10e95c4

SHA512
c5fe2072d1c029f359f79e07835e528f5527ccffef1d85483760eea8556b842449dd5babdad3b6f3ced1fe5a6104bdb4d9a688630bd9e26c8e533bdacf6096dc

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BT.ico

Filesize
33KB

MD5
6354a3e9500fd25c6b16d06ee185b4df

SHA1
cfc3cdf3c1dffc5b8e00751cd25ec2e25d4ebbbe

SHA256
ea70f8f17623daf8128eeee0fd9b91d942d928e5b20da5e1bbc7a5d7a4be5e1f

SHA512
941b4b4b61f6475dd10df924f6580fc0b351d6bcf3dc75e8a9ed6ad60d57931379483457bf5d3c998e8fcae23ad110160fd73cb1e876119a702c0aceefe3b486

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BW.ico

Filesize
33KB

MD5
52744003db72b685d11c884f2f9e56b6

SHA1
310b6932dc8864a8a6b2811badfac88288609a79

SHA256
9c1c1186d19dd5c439351fcb756df877c4ea351dbf4aac1de226b98b3053ff01

SHA512
6bfa94f9e8905498fd503b55d67d87ad2778799b04c9129c5f15de45d3fbf75d3460b5b855f048d169e345766e4457b25e29b03abeff043ef68b4669822c6d8f

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BY.ico

Filesize
33KB

MD5
4c2fd28b7d3e934b6979550174bf4f97

SHA1
5177886a85094d8446ff457e2956481a68b066db

SHA256
de9fb648d544aee8166232826f3ddf7973d957eedb70ce5100df5a969d7a6cc7

SHA512
fdafcec7528305f0aa03d83ec5888c19bbea333b116a142ade6fb53d2812f4cfe5735ffb2ba2158389751c04b3e172fd196648e9fc8e95892125fdac1183a976

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\BZ.ico

Filesize
33KB

MD5
79c5d3202341bbd141ccd6543fe01983

SHA1
ea4b1accd5025dce621752bd23a5143b1128873e

SHA256
627bbd8aefb32eb4bd11c2519ad35427d5627bdbd54b68119827990ef66b4180

SHA512
790390d2e6bd15f35f7f414504a01f206b6114837388b8897cf74bb0191598b4dbe01f1a99a39e0f3a535bedc714d77b63dfbe1e368f744e04acfe93f938ae25

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CA.ico

Filesize
33KB

MD5
a28d60062ceb07e296f5c4ddd6e76fed

SHA1
e9306422c690eb6e773b9ce306c6e5eb545f6e1c

SHA256
642b7b575255c44fa96167b1268e69f2fa72e76d62aa8f15768eeebdd45d11d2

SHA512
73dfb8a1ca49d5b8e9a739fc36dc68f5ee7a66be7b851f38941c6a7b55af64187b3390d1e8962b850e6d3f3755b9c03c5103ae62cb0e29855b2cc7cc49b3105f

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CC.ico

Filesize
33KB

MD5
549077dbd6355bdf02cf9ae94cd90d31

SHA1
447cee9c147f048529a2f654665e48d390d4ca61

SHA256
4c13e537ae62cfd9e6bf1690ad6fd7a0444ccdbebf9f29478c0238ba60c4bc58

SHA512
720a6f26cb64b4ba56c931370ae74ce0ec83756a1af0a33af2b11ee725ce4eea2945972283b49a908aec9aa42eb7f357e7eb7030465a11d4d63b5802ca6442d9

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CD.ico

Filesize
33KB

MD5
ce3a6c35e3c3c2e5a283e903378b9c47

SHA1
df642801fcfb8c444dd6268a3169cf0d5e3507a1

SHA256
50f6609606763761767bbbcaa7f845644a15612fd7a9228c384729691a14b350

SHA512
22c2eedd1ea6333e0475202ca1835372efe4312480996a02da8067a15cbf90384e455c424b371280fb87494d30a87d580eac7e5bdb42debd522553feb02f53d1

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CF.ico

Filesize
33KB

MD5
6431050f008d7af7d9d445a16959b3e0

SHA1
8fc15ba33e4f1e5332c8485da830bf788da575b0

SHA256
29218dbf97371f2d0282388a8c1f18df0cd59cff572e9a1d3833fa30dfca1210

SHA512
c9d9ed66847f2bff165d3ee13befaee58492950a3c326b94780803daf1d5792e5ebc79dc354b47531be700d703c207b4a7ea06b4ad7d60eb0e6a5eefd02dc122

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CG.ico

Filesize
33KB

MD5
713242b9378bcc70a07f166be42e0283

SHA1
d76fe8c0f13867ee0cd9aa824f9611ffb384e5b5

SHA256
8caaf67c31afba8703fbfb04a416e54720a7f015897daa733bd9d89ab55e7c63

SHA512
f13eddf4c656f982a2c98881cc1df769b67b0764242d85e3c76b355a6dc80e86ee6fdf6ce2956fe4d90f58402de605ef0809080ec28d365c64ca662f33d93bdc

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CH.ico

Filesize
33KB

MD5
02bc13498f6d75a299da5afe6e14208c

SHA1
1306eb72cc25d7f6f1ed27374d06f48a034384b8

SHA256
c712b3b71aab3fd48b7d0256430b3177106a7bf5ec93d1ca39a912d6f5f9d877

SHA512
f71e7b005c1f6e751fc5a65e7c27574c5df548c3af35dc14995413f8bb8368ba515e5f55f0574064e2ee724b96352d3aba69237362383381eb7d9cb325051528

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CI.ico

Filesize
33KB

MD5
08ebf16a5070b3dd3f99b5b595f8014f

SHA1
5ca1eb5e1392161b7bef86245be061107fdb6db0

SHA256
b682dbdd522f2b9e3edb7e2bc80fb82b973f6c913bf2c5992893d26a7b777e6c

SHA512
f1f5a4f6eacc6c773a8d1ff2631ba2505603eda68ef289b91ba9a872d6872e8581749dd2bf34ca56abeae20691bf01917af45496fa717c03a2999cd2e88668ba

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CK.ico

Filesize
33KB

MD5
e298c18a1e686067dbdaa880f0d6d8aa

SHA1
617f5422777ff7de11581c117d917019c93188ee

SHA256
e17e1e1611e1de28707872a2287a45d108a48c9f6fd00574def682dd2fad0beb

SHA512
b72b67fe51e41cfc98d6d31618c19f618b9833f84ac54cda151519b025f5685b258c1393bcc190ae0b6cf5be70cfb71b6d27567807f5ae101e034bf1f57109b0

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CL.ico

Filesize
33KB

MD5
69076ebd2104d4feaacc90c116be22d4

SHA1
5bcda0bc0a3ce338cfdd9211f0c022acb1fa15dd

SHA256
ca76382bc3d8fc37de4f5b957a50e7f4c85afbdf990207c698dd8a28cbfba700

SHA512
f6405e1ce4664b94dc55b7f9e2aa9ac1c9f31249bd2dc455b7bb6c904fd69266bb2c7d00870e08b814a0fc4981b5faa13d724fe5edba73b8ccc75567322fe59b

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CM.ico

Filesize
33KB

MD5
dad6cfedba3ef1c9b983d4085159b0a9

SHA1
dbe742ba3d4ad1a16440b05456387024534ee50c

SHA256
20ba53d3c0953eb1c47842270d4fba6f7a514087fc0d16400df7cb033c75cd8f

SHA512
aee2f194ac62a8a7111805ade9785a2c7afd0a507331005a1936adcb52084478593e00d4091aa46318bfb90a466634fac36e34e71b892d53180c052e3f0ab0e0

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CN.ico

Filesize
33KB

MD5
c38c10cdc79a19a1c6cb3edc6684069e

SHA1
f1682df8292b53ddf1b240b63ef74e75d1b64fce

SHA256
cb888a7fefc252365abc4ca04ff5e6704d1e70e7b19c282907085ec4ef461348

SHA512
12a7caa9b4b41cd2e1d1fb1f9e45c45b52f9dae498b0f4cf07c87ff25872da47f307bfbe61022d6fabd34cf36d349c4120734b23183b1eb06f7822e2fc9ef039

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CO.ico

Filesize
33KB

MD5
b1e6c42481d83915d66beb12d2e5bce4

SHA1
1d3077f62d0db64e45713a33bec0b669cd620ffe

SHA256
6c255557f7d096c47fe2e7d12ddc95d2f143b1c8c42bdc1121e951dd5c306d4b

SHA512
03c7bd4337be7e53f98f4a16a3db558e6ff02b43c7203817897113a663006b005a5a6b31e2ee4e914991b65f1a3e5a3cb7faabea0df8cc12ce42654ca698ece7

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\Flags\CR.ico

Filesize
33KB

MD5
7610187c8942adc6379ee8a928b5943e

SHA1
2e050bf0395a9eb762ff4e274b334c8dba86ae59

SHA256
c8eba9ba7479ed1675eae586687781d98c41edf3e9c29078ff849c17c8b43dc5

SHA512
b8b968c09a37714847e09518ce2741e400d47c934297a0726ff9076071d5368b68d4d9e006ec6f3ff57e44f27f64ac31a662c3afbe1c857a9cf46807a231fa6d

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\GeoIP.dat

Filesize
1.1MB

MD5
2fbec46d430f57befcde85b86c68b36e

SHA1
3ff9829e3242deb69a7fde0832b7d9345b925afc

SHA256
681ede512fe7ac21e976c754bfc1e1a75a9e02c3d931ce6849cfaa9d4080338a

SHA512
42036af6f57e446fec194ce71fa634dee9f4c77342f64a867fca8730d76349190960a7e7a5967ea59c250ca1b220d4845b4911dd63ee870f5620d9eb513b91d6

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\GeoIP\GeoIPCity.dat

Filesize
25.6MB

MD5
fab3cc04a19ffdf90d775e27967a7c25

SHA1
723c1635338bec7c1c876769618789268b8faad2

SHA256
bf41a0a700e3b35415609d090b15c5355e5cf4ca703ab119626b2d450997c608

SHA512
fe013386ff799cda195222341ee601d7b8b3c5c8abacf3c80e3fa03af52ac848f8a79a7dd87d8831d5a366243343f1025f704f49d858da4b02235968f834a9e6

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\Lib\7z.exe

Filesize
1.0MB

MD5
c90af375bc40d0506c16b4ed75efccb6

SHA1
cd29f79b128ba67bc30e44e7a0365c5ffd3be376

SHA256
c6e3aa8b8b76b9e3b9df71b3f31d1b7a23f2a031099aceb68c39f38945b65dc0

SHA512
f0f9e9f6d92ebf20a5303be38e41f66fd052141f04db14ad1d30c974a4e4e70abd51340fe92658563bdb6a7587d9117883241de5bdd123a6e259123869dbabaa

Download Submit
C:\Users\Admin\Desktop\CraxsRat┬░v7.1cracked [RDP]\res\Lib\aapt.exe

Filesize
2.3MB

MD5
380095ec86872cfcab1e1031a16e4750

SHA1
bd5b040d47d16b7847174f9a5ce88732c87aa400

SHA256
7f79865298d3abf371d496a29ad9ae1176d52cebd1635d05ef6d87fb770a6989

SHA512
7aea4411b7892701dc31a980df8b0331804e3206f72dff5f8dba940b4e6250e85181a6c66b78112ba5c835947b223db81f19443f0fc4292d1e605872d1a47201

Download Submit
C:\Users\Admin\Downloads\7z.exe

Filesize
329KB

MD5
453821572a13cc6ea0736f9db6424e13

SHA1
5f994bde8db4b658781756eaaca9416909a3a420

SHA256
b8c3871a5d6a473a2e9d08684a481aea7467a97d0a433cf55b127323ef61218f

SHA512
22468064ae306037d2b241e8a985ad5b037b45f6873e364f46d8066018533993e66834288227ae86e94e23511386f0afcf52776060b17dad11dfba4bc333b07a

Download Submit
C:\Users\Admin\Downloads\aapt.exe

Filesize
1.6MB

MD5
80f136b0642bbc25c7578e0d24d4673b

SHA1
883596e63700c45ab0d4d880b883f687f65c2457

SHA256
aa18b5646881ff3b8ca9879045a1b4a44e2d5b24fbe14486fc8236789de8237a

SHA512
4a95ac6b8d6252b68ccc842e8dd36056d5b0a773a86d4a8234f39cc2195ccec06fc64954655956447dfc27896720c92f8dfa4a39c2bb568c21fcc588723d86fc

Download Submit
memory/1772-5089-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1772-5095-0x00007FFEF6BB0000-0x00007FFEF6CFE000-memory.dmp

Filesize
1.3MB

Download
memory/1772-5091-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1772-5092-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1772-5093-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1772-5094-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1772-5101-0x00007FFEF6BB0000-0x00007FFEF6CFE000-memory.dmp

Filesize
1.3MB

Download
memory/1772-5102-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1772-5639-0x00007FFEF6BB0000-0x00007FFEF6CFE000-memory.dmp

Filesize
1.3MB

Download
memory/1772-5640-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1772-5647-0x00007FFEF6BB0000-0x00007FFEF6CFE000-memory.dmp

Filesize
1.3MB

Download
memory/1772-5649-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1796-3772-0x000002D17EB20000-0x000002D17EB5C000-memory.dmp

Filesize
240KB

Download
memory/1796-4373-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1796-4374-0x00007FFEF22A0000-0x00007FFEF2D61000-memory.dmp

Filesize
10.8MB

Download
memory/1796-3728-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1796-3727-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1796-3724-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1796-4371-0x00007FFEF6BB0000-0x00007FFEF6CFE000-memory.dmp

Filesize
1.3MB

Download
memory/1796-3729-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1796-3731-0x00007FFEF6BB0000-0x00007FFEF6CFE000-memory.dmp

Filesize
1.3MB

Download
memory/1796-3730-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1796-3733-0x000002D17FBA0000-0x000002D180BCE000-memory.dmp

Filesize
16.2MB

Download
memory/1796-3736-0x00007FFEF22A0000-0x00007FFEF2D61000-memory.dmp

Filesize
10.8MB

Download
memory/1796-3752-0x00007FFEF22A3000-0x00007FFEF22A5000-memory.dmp

Filesize
8KB

Download
memory/1796-3750-0x00007FFEF6BB0000-0x00007FFEF6CFE000-memory.dmp

Filesize
1.3MB

Download
memory/1796-3723-0x00007FF4CF1E0000-0x00007FF4CF3CF000-memory.dmp

Filesize
1.9MB

Download
memory/1796-3717-0x000002D1790C0000-0x000002D17E6F8000-memory.dmp

Filesize
86.2MB

Download
memory/1796-3716-0x00007FFEF22A3000-0x00007FFEF22A5000-memory.dmp

Filesize
8KB

Download
memory/1796-3751-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/1796-3768-0x000002D17EA30000-0x000002D17EA4C000-memory.dmp

Filesize
112KB

Download
memory/1796-3767-0x000002D17EA00000-0x000002D17EA0C000-memory.dmp

Filesize
48KB

Download
memory/1796-3770-0x000002D17EA80000-0x000002D17EAAC000-memory.dmp

Filesize
176KB

Download
memory/1796-3777-0x000002D17ED20000-0x000002D17EEC6000-memory.dmp

Filesize
1.6MB

Download
memory/1796-4068-0x00007FFEF22A0000-0x00007FFEF2D61000-memory.dmp

Filesize
10.8MB

Download
memory/1796-4290-0x000002D17EB70000-0x000002D17EBA6000-memory.dmp

Filesize
216KB

Download
memory/3968-4379-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/3968-5087-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/3968-5086-0x00007FFEF6BB0000-0x00007FFEF6CFE000-memory.dmp

Filesize
1.3MB

Download
memory/3968-5081-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/3968-5080-0x00007FFEF6BB0000-0x00007FFEF6CFE000-memory.dmp

Filesize
1.3MB

Download
memory/3968-4418-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/3968-4417-0x00007FFEF6BB0000-0x00007FFEF6CFE000-memory.dmp

Filesize
1.3MB

Download
memory/3968-4381-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/3968-4384-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/3968-4382-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download
memory/3968-4385-0x00007FFEF6BB0000-0x00007FFEF6CFE000-memory.dmp

Filesize
1.3MB

Download
memory/3968-4383-0x0000000180000000-0x0000000181D0F000-memory.dmp

Filesize
29.1MB

Download