Analysis Overview
SHA256
a15e7dd7fe4bff16b526ff446499ee0940cff12e34c1fbecd03efb45c3676b38
Threat Level: Known bad
The file dcrat1.rar was found to be: Known bad.
Malicious Activity Summary
Detect ZGRat V1
Process spawned unexpected child process
ZGRat
Zgrat family
Disables Task Manager via registry modification
Command and Scripting Interpreter: PowerShell
Patched UPX-packed file
Loads dropped DLL
Modifies file permissions
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
UPX packed file
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Opens file in notepad (likely ransom note)
Creates scheduled task(s)
Modifies registry key
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Checks processor information in registry
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-03 11:16
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Zgrat family
Patched UPX-packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-03 11:15
Reported
2024-05-03 11:35
Platform
win10v2004-20240426-en
Max time kernel
1118s
Max time network
1118s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe |
ZGRat
Command and Scripting Interpreter: PowerShell
Disables Task Manager via registry modification
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\System\mbr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\dcrat\php\php.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\dcrat\php\php.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\dcrat\php\php.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\dcrat\php\php.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Reads user/profile data of web browsers
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\System\mbr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\System\mbr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\System\mbr.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dcrat1.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\dcrat1.rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\dcrat1.rar
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.0.2077574709\656660200" -parentBuildID 20230214051806 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47fd2a0f-6a5c-4e81-ae0b-7ade41c75d57} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 1884 26502b0bb58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.1.1441718303\129403050" -parentBuildID 20230214051806 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11971d53-3f04-4481-ab58-f76af7d5d5ec} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 2476 26502fa4e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.2.679939180\1497067682" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 3020 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {358f8dda-fa44-4ce7-948c-ab363aab0a43} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 2868 26505a2cc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.3.1759744464\1753504538" -childID 2 -isForBrowser -prefsHandle 3772 -prefMapHandle 3768 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ed022b2-9af5-413c-bc2d-fb7d207435f4} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 3784 2650705e658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.4.881070990\1014429558" -childID 3 -isForBrowser -prefsHandle 5156 -prefMapHandle 5168 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7527348-6bb8-4637-9bce-51ab45623491} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 5184 26509703258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.5.1917200199\57121633" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 5144 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77842889-ac46-4a06-b52c-5fb8b25b4a31} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 5328 26509705f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.6.306066904\1085570426" -childID 5 -isForBrowser -prefsHandle 5580 -prefMapHandle 5576 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e894d0c-efc8-44df-abe7-5ba2e807221d} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 5496 26509705358 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\dcrat1.rar"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\dcrat.rar"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\dcrat.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\dcrat\123.bat" "
C:\Users\Admin\Desktop\dcrat\DCRat.exe
DCRat.exe
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dprism.dirtyopts=false -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllI.jar;lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllIIilIl.jar;lib\IIlIlIllIIlIIllIIllIIlIIIllIlIlIlIIIIlIlIllIIlIIllIIIIIllIIIIlIIIlIIlIIlIIlIllIIlllIIIllIIIlIIlIllllIllIIIIlIIIlIllllllI.jar;lib\IlIIlIllllIIIIIlIlllIllIlIlIIIIIlIIIlIlIlllIIllIllIIIIIIlIIlllIIIlIIIlllIIIlllllIlIlIlllllIIlIllIIlIIlIIlIIIlllllllIlIII.jar;lib\IlIlIIIIIIIlIlllllllIllIIlIIllIllllIIIlIIIlIlIIlIIlIIlIllIlllIlIlIIllIIlIIIIIIIlIIIIIIIIIlIlllIIllIlIIlIIIlIlIlllIIIIIIl.jar;lib\IlIllIIllllllllIlIIlllllIIIIllIIIlIIlllIIllIIllllIIllIlIIIlIIIIlIIIIIlllllllIllIIlIlIllIIlIlIlIIllIlIllIIIlIIIIlIllIIIIl.jar;lib\IllIIIIllIlIIIIlIlIllIIlIIllIIlIllIIlllllIlllIllIlIIlIIlllIIlIlIlIllIllIIlIIIlIIIllIIIIIllIIlllllIlIIIIIlIIIIIIIIIIIIlII.jar;lib\lIIllIIlIlllIlIlllIlIIlIIIlllllIIlIlIIllIllIlIlllIlIIlIlIlIIllIlIIIIIllIIlIIlIIlIIllIIIlIIllIlIIIIlIlIIlIIlIllIIlIIlIlIl.jar;lib\llIlIIIIlIlIlllllIlIIllllIIIlIlIllllIIllllIlllIIlllllIIlIlllIIIIIIlIIllIIIlIlIlllIlIIIlIIIIIllIlllIlllIIllIIllIlIlIIlllI.jar;lib\llIlIlIIIllllIIIllllllllllIllIlIlllIIlllIIlllIIllIIllllIlllIIIIIllllIIlllIIllIIIIlIlIlIlIIIlIIIlIlIlIlIIlllIIlllIlIlIlII.jar;lib\lllIIlIlIIlIIllllIIllllIIlIllllIIIlIllllIIllIIIlllIIIIIIlIIlllIIllIllIIlllIlIIlIlIlllIIlllIlllIlIIlIIIllIlllIIIlIIIIIlll.jar;lib\lllIlIIIIIlIllIlIlIIllIlIIIlIIllIllllIIIIIllIlllIllIIllIIllIllIllIIlIlllllIIlIllIllIIlIIlIIIllIlIlIIlIIIIIIIllIIlllIllIl.jar;lib\llllIlIIIIIllllIlIIIlIllIlIIIllllIIIllIllllIIlllIlIIIlllIIlIlIlllIIlIIIIlIIIIlllIIlIIlIlIIIIIIIIllllIllIlIIIlIllIlIlIIll.jar;lib\llllIlIIlIllllIlIlIIIlIIIlIllIlIIIIlIlIIlIlIIIIllIIlIIllIIIllllIlIllIlllllIIIIIIIIllIllIlIlllllllIllIIIllllIIllIIlIllIll.jar" org.develnext.jphp.ext.javafx.FXLauncher
C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe
php\DCRatConnectService.exe
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\System\lWwpVq7gHuwgO81vQqwqHneiJIBDuFSKSYTTmU6Tq3dRBEEEDwB9.vbe"
C:\Users\Admin\Desktop\dcrat\php\php.exe
php -S 127.0.0.1:8000 -t ..\server
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\System\unOUSLOLRRxkAR2qU1kiiuwS6WvSqNn.bat" "
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\System\mbr.exe
"C:\System/mbr.exe"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboard get Manufac ��
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboard get Manufac
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c USERPR ��
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboap��3���
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboap��3���
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe CPU get Proc ��8�Y
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe CPU get Proc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where "'Index*'L��] ��\�X[�[X�\\"
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where "'Index*'L��] ��\�X[�[X�\\"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe Path Win32_VideoConp��3�\��]�Y[����\�
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe Path Win32_VideoConp��3�\��]�Y[����\�
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where "'Il*'L����] ��^"
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where "'Il*'L����] ��^"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 5 /tr "'C:\Users\{hck3dbitch}\hck3d\mbr.exe\firefox.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefox" /sc ONLOGON /tr "'C:\Users\{hck3dbitch}\hck3d\mbr.exe\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "firefoxf" /sc MINUTE /mo 12 /tr "'C:\Users\{hck3dbitch}\hck3d\mbr.exe\firefox.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "mbrm" /sc MINUTE /mo 14 /tr "'C:\System\mbr.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "mbr" /sc ONLOGON /tr "'C:\System\mbr.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "mbrm" /sc MINUTE /mo 8 /tr "'C:\System\mbr.exe'" /rl HIGHEST /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/System/'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\{hck3dbitch}\hck3d\mbr.exe\firefox.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command Add-MpPreference -ExclusionPath 'C:\System\mbr.exe'
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\gSUETvPrNl.bat"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
C:\System\mbr.exe
"C:\System\mbr.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://crystalfiles.ru/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd22f46f8,0x7fffd22f4708,0x7fffd22f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,3209738444874384475,6123140677544426955,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,3209738444874384475,6123140677544426955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,3209738444874384475,6123140677544426955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3209738444874384475,6123140677544426955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3209738444874384475,6123140677544426955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3209738444874384475,6123140677544426955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\dcrat.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://crystalfiles.ru/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd22f46f8,0x7fffd22f4708,0x7fffd22f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16374965052160588330,10142033631572339285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffd22f46f8,0x7fffd22f4708,0x7fffd22f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16946038709790212742,4848123171469181190,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,16946038709790212742,4848123171469181190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,16946038709790212742,4848123171469181190,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16946038709790212742,4848123171469181190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16946038709790212742,4848123171469181190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16946038709790212742,4848123171469181190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16946038709790212742,4848123171469181190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\dcrat\123.bat" "
C:\Users\Admin\Desktop\dcrat\DCRat.exe
DCRat.exe
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dprism.dirtyopts=false -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllI.jar;lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllIIilIl.jar;lib\IIlIlIllIIlIIllIIllIIlIIIllIlIlIlIIIIlIlIllIIlIIllIIIIIllIIIIlIIIlIIlIIlIIlIllIIlllIIIllIIIlIIlIllllIllIIIIlIIIlIllllllI.jar;lib\IlIIlIllllIIIIIlIlllIllIlIlIIIIIlIIIlIlIlllIIllIllIIIIIIlIIlllIIIlIIIlllIIIlllllIlIlIlllllIIlIllIIlIIlIIlIIIlllllllIlIII.jar;lib\IlIlIIIIIIIlIlllllllIllIIlIIllIllllIIIlIIIlIlIIlIIlIIlIllIlllIlIlIIllIIlIIIIIIIlIIIIIIIIIlIlllIIllIlIIlIIIlIlIlllIIIIIIl.jar;lib\IlIllIIllllllllIlIIlllllIIIIllIIIlIIlllIIllIIllllIIllIlIIIlIIIIlIIIIIlllllllIllIIlIlIllIIlIlIlIIllIlIllIIIlIIIIlIllIIIIl.jar;lib\IllIIIIllIlIIIIlIlIllIIlIIllIIlIllIIlllllIlllIllIlIIlIIlllIIlIlIlIllIllIIlIIIlIIIllIIIIIllIIlllllIlIIIIIlIIIIIIIIIIIIlII.jar;lib\lIIllIIlIlllIlIlllIlIIlIIIlllllIIlIlIIllIllIlIlllIlIIlIlIlIIllIlIIIIIllIIlIIlIIlIIllIIIlIIllIlIIIIlIlIIlIIlIllIIlIIlIlIl.jar;lib\llIlIIIIlIlIlllllIlIIllllIIIlIlIllllIIllllIlllIIlllllIIlIlllIIIIIIlIIllIIIlIlIlllIlIIIlIIIIIllIlllIlllIIllIIllIlIlIIlllI.jar;lib\llIlIlIIIllllIIIllllllllllIllIlIlllIIlllIIlllIIllIIllllIlllIIIIIllllIIlllIIllIIIIlIlIlIlIIIlIIIlIlIlIlIIlllIIlllIlIlIlII.jar;lib\lllIIlIlIIlIIllllIIllllIIlIllllIIIlIllllIIllIIIlllIIIIIIlIIlllIIllIllIIlllIlIIlIlIlllIIlllIlllIlIIlIIIllIlllIIIlIIIIIlll.jar;lib\lllIlIIIIIlIllIlIlIIllIlIIIlIIllIllllIIIIIllIlllIllIIllIIllIllIllIIlIlllllIIlIllIllIIlIIlIIIllIlIlIIlIIIIIIIllIIlllIllIl.jar;lib\llllIlIIIIIllllIlIIIlIllIlIIIllllIIIllIllllIIlllIlIIIlllIIlIlIlllIIlIIIIlIIIIlllIIlIIlIlIIIIIIIIllllIllIlIIIlIllIlIlIIll.jar;lib\llllIlIIlIllllIlIlIIIlIIIlIllIlIIIIlIlIIlIlIIIIllIIlIIllIIIllllIlIllIlllllIIIIIIIIllIllIlIlllllllIllIIIllllIIllIIlIllIll.jar" org.develnext.jphp.ext.javafx.FXLauncher
C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe
php\DCRatConnectService.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\System\lWwpVq7gHuwgO81vQqwqHneiJIBDuFSKSYTTmU6Tq3dRBEEEDwB9.vbe"
C:\Users\Admin\Desktop\dcrat\php\php.exe
php -S 127.0.0.1:8000 -t ..\server
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\System\unOUSLOLRRxkAR2qU1kiiuwS6WvSqNn.bat" "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboard get Manufac ��
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboard get Manufac
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\System\mbr.exe
"C:\System/mbr.exe"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c USERPR ��
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboap��3���
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboap��3���
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe CPU get Proc ��8�Y
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe CPU get Proc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where "'Index*'L��] ��\�X[�[X�\\"
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where "'Index*'L��] ��\�X[�[X�\\"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe Path Win32_VideoConp��3�\��]�Y[����\�
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe Path Win32_VideoConp��3�\��]�Y[����\�
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where "'Il*'L����] ��^"
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where "'Il*'L����] ��^"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.7.1463790657\2073717008" -childID 6 -isForBrowser -prefsHandle 3460 -prefMapHandle 2992 -prefsLen 30228 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aebae84a-2a66-4d52-a1ac-83655a987556} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 2820 26507d23c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.8.1911495028\1303287102" -childID 7 -isForBrowser -prefsHandle 4900 -prefMapHandle 5924 -prefsLen 30228 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f832aa2-4175-4198-82f5-22f39e564b4c} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 3524 26507812058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.9.964452059\1891520086" -childID 8 -isForBrowser -prefsHandle 6496 -prefMapHandle 6516 -prefsLen 30228 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4409ce10-a63a-4c3e-be69-fb7be196c460} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 6452 2650c6d1758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.10.1787178413\1463929211" -childID 9 -isForBrowser -prefsHandle 6692 -prefMapHandle 6640 -prefsLen 30228 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cb32d00-7916-4179-ad56-19c0cafa937d} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 6672 2650c6d1a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.11.679104416\401047140" -parentBuildID 20230214051806 -prefsHandle 6868 -prefMapHandle 6708 -prefsLen 30228 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db1c0087-bc16-4293-9c09-f1096f0ce447} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 7040 2650cbbc158 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.12.446546975\1601307747" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6876 -prefMapHandle 6872 -prefsLen 30228 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9febc93-d3fe-4c5a-b41b-ed63356df11c} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 7068 2650cbbdf58 utility
C:\System\mbr.exe
C:\System\mbr.exe
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\dcrat\123.bat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\dcrat\server\getblob.php
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.13.659142707\1682239565" -childID 10 -isForBrowser -prefsHandle 6248 -prefMapHandle 7316 -prefsLen 30772 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9403ac90-f2ac-41e0-bd09-60829ac8c99d} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 6188 2650ccf9b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.14.1662822774\1001820940" -childID 11 -isForBrowser -prefsHandle 6532 -prefMapHandle 3264 -prefsLen 30772 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a75f507d-3c70-45ca-a3f4-49c6c9563ccc} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 6548 26505a1c058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.15.1363833872\1656144404" -childID 12 -isForBrowser -prefsHandle 3280 -prefMapHandle 3244 -prefsLen 30772 -prefMapSize 235121 -jsInitHandle 1280 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1aeecea-246e-46fc-ac9c-d862c20c6cfe} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 2688 265064a8158 tab
C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe
"C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\System\lWwpVq7gHuwgO81vQqwqHneiJIBDuFSKSYTTmU6Tq3dRBEEEDwB9.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\System\unOUSLOLRRxkAR2qU1kiiuwS6WvSqNn.bat" "
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\System\mbr.exe
"C:\System/mbr.exe"
C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe
"C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\System\lWwpVq7gHuwgO81vQqwqHneiJIBDuFSKSYTTmU6Tq3dRBEEEDwB9.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\System\unOUSLOLRRxkAR2qU1kiiuwS6WvSqNn.bat" "
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\System\mbr.exe
"C:\System/mbr.exe"
C:\Users\Admin\Desktop\dcrat\php\php.exe
"C:\Users\Admin\Desktop\dcrat\php\php.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\dcrat\123.bat" "
C:\Users\Admin\Desktop\dcrat\DCRat.exe
DCRat.exe
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dprism.dirtyopts=false -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllI.jar;lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllIIilIl.jar;lib\IIlIlIllIIlIIllIIllIIlIIIllIlIlIlIIIIlIlIllIIlIIllIIIIIllIIIIlIIIlIIlIIlIIlIllIIlllIIIllIIIlIIlIllllIllIIIIlIIIlIllllllI.jar;lib\IlIIlIllllIIIIIlIlllIllIlIlIIIIIlIIIlIlIlllIIllIllIIIIIIlIIlllIIIlIIIlllIIIlllllIlIlIlllllIIlIllIIlIIlIIlIIIlllllllIlIII.jar;lib\IlIlIIIIIIIlIlllllllIllIIlIIllIllllIIIlIIIlIlIIlIIlIIlIllIlllIlIlIIllIIlIIIIIIIlIIIIIIIIIlIlllIIllIlIIlIIIlIlIlllIIIIIIl.jar;lib\IlIllIIllllllllIlIIlllllIIIIllIIIlIIlllIIllIIllllIIllIlIIIlIIIIlIIIIIlllllllIllIIlIlIllIIlIlIlIIllIlIllIIIlIIIIlIllIIIIl.jar;lib\IllIIIIllIlIIIIlIlIllIIlIIllIIlIllIIlllllIlllIllIlIIlIIlllIIlIlIlIllIllIIlIIIlIIIllIIIIIllIIlllllIlIIIIIlIIIIIIIIIIIIlII.jar;lib\lIIllIIlIlllIlIlllIlIIlIIIlllllIIlIlIIllIllIlIlllIlIIlIlIlIIllIlIIIIIllIIlIIlIIlIIllIIIlIIllIlIIIIlIlIIlIIlIllIIlIIlIlIl.jar;lib\llIlIIIIlIlIlllllIlIIllllIIIlIlIllllIIllllIlllIIlllllIIlIlllIIIIIIlIIllIIIlIlIlllIlIIIlIIIIIllIlllIlllIIllIIllIlIlIIlllI.jar;lib\llIlIlIIIllllIIIllllllllllIllIlIlllIIlllIIlllIIllIIllllIlllIIIIIllllIIlllIIllIIIIlIlIlIlIIIlIIIlIlIlIlIIlllIIlllIlIlIlII.jar;lib\lllIIlIlIIlIIllllIIllllIIlIllllIIIlIllllIIllIIIlllIIIIIIlIIlllIIllIllIIlllIlIIlIlIlllIIlllIlllIlIIlIIIllIlllIIIlIIIIIlll.jar;lib\lllIlIIIIIlIllIlIlIIllIlIIIlIIllIllllIIIIIllIlllIllIIllIIllIllIllIIlIlllllIIlIllIllIIlIIlIIIllIlIlIIlIIIIIIIllIIlllIllIl.jar;lib\llllIlIIIIIllllIlIIIlIllIlIIIllllIIIllIllllIIlllIlIIIlllIIlIlIlllIIlIIIIlIIIIlllIIlIIlIlIIIIIIIIllllIllIlIIIlIllIlIlIIll.jar;lib\llllIlIIlIllllIlIlIIIlIIIlIllIlIIIIlIlIIlIlIIIIllIIlIIllIIIllllIlIllIlllllIIIIIIIIllIllIlIlllllllIllIIIllllIIllIIlIllIll.jar" org.develnext.jphp.ext.javafx.FXLauncher
C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe
php\DCRatConnectService.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\System\lWwpVq7gHuwgO81vQqwqHneiJIBDuFSKSYTTmU6Tq3dRBEEEDwB9.vbe"
C:\Users\Admin\Desktop\dcrat\php\php.exe
php -S 127.0.0.1:8000 -t ..\server
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\System\unOUSLOLRRxkAR2qU1kiiuwS6WvSqNn.bat" "
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboard get Manufac ��
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboard get Manufac
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\System\mbr.exe
"C:\System/mbr.exe"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c USERPR ��
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboap��3���
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboap��3���
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe CPU get Proc ��8�Y
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe CPU get Proc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where "'Index*'L��] ��\�X[�[X�\\"
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where "'Index*'L��] ��\�X[�[X�\\"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe Path Win32_VideoConp��3�\��]�Y[����\�
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe Path Win32_VideoConp��3�\��]�Y[����\�
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where "'Il*'L����] ��^"
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where "'Il*'L����] ��^"
C:\Users\{hck3dbitch}\hck3d\mbr.exe\firefox.exe
C:\Users\{hck3dbitch}\hck3d\mbr.exe\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6000.0.580073839\1922281794" -parentBuildID 20230214051806 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 24611 -prefMapSize 235664 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b391c58-495d-4d3d-8346-13f550192704} 6000 "\\.\pipe\gecko-crash-server-pipe.6000" 1852 1dfef42be58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6000.1.1554631358\1468956510" -parentBuildID 20230214051806 -prefsHandle 2300 -prefMapHandle 2288 -prefsLen 24611 -prefMapSize 235664 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {471321e6-d7a8-4887-8e2e-fc241ded06a7} 6000 "\\.\pipe\gecko-crash-server-pipe.6000" 2324 1dfe2889658 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6000.2.1014767531\1141728701" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 3168 -prefsLen 25072 -prefMapSize 235664 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1784c31a-9c50-4892-8a60-fbf4a36ed7a3} 6000 "\\.\pipe\gecko-crash-server-pipe.6000" 3132 1dff3312f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6000.3.1132751540\90595244" -childID 2 -isForBrowser -prefsHandle 1092 -prefMapHandle 1088 -prefsLen 30473 -prefMapSize 235664 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c20bf230-0f5d-4d6e-a032-c3384f62fb22} 6000 "\\.\pipe\gecko-crash-server-pipe.6000" 3700 1dff46a0a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6000.4.1834035860\1037466201" -childID 3 -isForBrowser -prefsHandle 5164 -prefMapHandle 5160 -prefsLen 30473 -prefMapSize 235664 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6891a3f2-df11-4655-a059-6cc3a004c000} 6000 "\\.\pipe\gecko-crash-server-pipe.6000" 5172 1dff6c47158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6000.5.1655777871\22579319" -childID 4 -isForBrowser -prefsHandle 5328 -prefMapHandle 4372 -prefsLen 30473 -prefMapSize 235664 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f81d005a-c898-4d60-a1a8-bc6aeb2cdf5b} 6000 "\\.\pipe\gecko-crash-server-pipe.6000" 5312 1dff6c47758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6000.6.2045132420\1236391054" -childID 5 -isForBrowser -prefsHandle 5568 -prefMapHandle 5564 -prefsLen 30473 -prefMapSize 235664 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d8c986f-951a-4cf1-a9a0-d0d39ec00dd7} 6000 "\\.\pipe\gecko-crash-server-pipe.6000" 5576 1dff6c49b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6000.7.940076685\982985566" -childID 6 -isForBrowser -prefsHandle 5564 -prefMapHandle 5812 -prefsLen 30473 -prefMapSize 235664 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {812d3cb2-298e-4d7d-94eb-c02c06edf778} 6000 "\\.\pipe\gecko-crash-server-pipe.6000" 5180 1dff1ab9a58 tab
C:\System\mbr.exe
C:\System\mbr.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/CrystalSupport_bot
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd22f46f8,0x7fffd22f4708,0x7fffd22f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15116453375366381525,6046511557170996494,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 44.239.14.124:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:52090 | tcp | |
| US | 8.8.8.8:53 | 124.14.239.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:52096 | tcp | |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c3lestial.fun | udp |
| US | 172.67.163.28:443 | c3lestial.fun | tcp |
| US | 8.8.8.8:53 | 28.163.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 882574cm.nyashkoon.top | udp |
| US | 104.21.72.134:80 | 882574cm.nyashkoon.top | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 104.21.72.134:80 | 882574cm.nyashkoon.top | tcp |
| US | 8.8.8.8:53 | 134.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | crystalfiles.ru | udp |
| RU | 37.140.192.211:443 | crystalfiles.ru | tcp |
| US | 8.8.8.8:53 | 211.192.140.37.in-addr.arpa | udp |
| RU | 37.140.192.211:443 | crystalfiles.ru | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 37.140.192.211:443 | crystalfiles.ru | tcp |
| RU | 37.140.192.211:443 | crystalfiles.ru | tcp |
| RU | 37.140.192.211:443 | crystalfiles.ru | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
| US | 172.67.163.28:443 | c3lestial.fun | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | spynote.ru | udp |
| US | 104.21.50.125:80 | spynote.ru | tcp |
| US | 104.21.50.125:80 | spynote.ru | tcp |
| US | 8.8.8.8:53 | spynote.ru | udp |
| US | 8.8.8.8:53 | 125.50.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spynote.ru | udp |
| US | 104.21.50.125:443 | spynote.ru | tcp |
| US | 104.21.50.125:443 | spynote.ru | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.18.125.91:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 91.125.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | udp |
| US | 104.18.125.91:443 | js.hcaptcha.com | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 104.18.124.91:443 | newassets.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 104.18.124.91:443 | newassets.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 104.18.124.91:443 | newassets.hcaptcha.com | udp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 104.18.124.91:443 | api.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 104.18.124.91:443 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 91.124.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| NL | 2.18.121.79:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| US | 8.8.8.8:53 | c3lestial.fun | udp |
| US | 172.67.163.28:443 | c3lestial.fun | tcp |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:8000 | tcp | |
| N/A | 127.0.0.1:55470 | tcp | |
| N/A | 127.0.0.1:55473 | tcp | |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 44.238.144.40:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 40.144.238.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.201.97:443 | googlehosted.l.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.201.97:443 | googlehosted.l.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adservice.google.co.uk | udp |
| GB | 216.58.213.2:443 | adservice.google.co.uk | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | telegram.org | udp |
| US | 8.8.8.8:53 | cdn4.cdn-telegram.org | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 34.111.35.152:443 | cdn4.cdn-telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.35.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | cfaca3aaccd7dfa86f89ffbeb370e254 |
| SHA1 | cf2e2b6b5fab5664cf5309df49919d098dddaba2 |
| SHA256 | 41cd1e58cf2307e71c405558f9333609f647a5c2a16e5771118f7828ed3bdac6 |
| SHA512 | 7e19c113f11a9004c3d78beedbb98c6b56475207015a25fc2ac524f02b9b282cf74da9e9e318c4f98a731a52c7c946f8c988843cb897a8ad91be094486aaf783 |
C:\Users\Admin\Downloads\YUePORsG.rar.part
| MD5 | 43f51a847cecba5e5826b01059ca488a |
| SHA1 | a863d25f1d1de7f1ec1dd98b6471a34f8bb7baae |
| SHA256 | a15e7dd7fe4bff16b526ff446499ee0940cff12e34c1fbecd03efb45c3676b38 |
| SHA512 | 22b77425876bbfb0c6242ab5adb72c90f4f08e54b0840bbf274304cf4e3a76bffece485bc8e1f5cbc72993dc4a07d3b43f78f0dc194d6d35a1eec3f6ac55c5f0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | bd8e6facc9dd52f5aa66795d313db425 |
| SHA1 | b75560a58bcff450e60fec306a47367357beedfa |
| SHA256 | 262a16638f3d6d4e0fc98fb6a6443c4066b2e792ff336d319015be3d747fd281 |
| SHA512 | cec2f29a1870ac94fe7aace57f888aad7dbbe94948501c987f75571c28f6335d3dc7707525fd38de94adb81581d027315eaec4def5d8847dcc5ad81adbe7a5d0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs.js
| MD5 | 5782132a040c0054c17527106038e6f6 |
| SHA1 | 6ff1002c7dc0f56a4ed4d81731f136504def3083 |
| SHA256 | 068148bacd092a24ba3b8b15acc4b15d32d0248021353a451f0f3542543bbc50 |
| SHA512 | 61d802adc1411449a2bb4991c5a969442e5877321a64bee0485e37d8f001ed84291015d3e4c3397e05bf2ef32e97e54b8fd2371bf8397b1ccc4db9a9f9e6bae6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | eebd7ed4fb39e20a691bd0e2fe6f4724 |
| SHA1 | 65127cf0f969fe3da798aeca6b3fd69a4dd345f8 |
| SHA256 | d5310990d92ddc5d87c8715f52a5156fa138c7ee898cc2cbf4f6ff718ca6baa1 |
| SHA512 | d44dcdad9ff4ab58a1ff193a33aea8cae9ddd0b6c9e4c9b84969f1f25cafae33aa4d906eae22b3881debdb7e08ae09cb322146ae43f81f3b7ba986b8501a6b12 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
| MD5 | ad5d25a8a40defcbf561bace37802370 |
| SHA1 | 1354a72e3954994133cb88020018b0e37750b564 |
| SHA256 | 7f5cce31148f1edc42815394d7b039c310b87ccb6f098ac0a73a02e4bb7854de |
| SHA512 | 8e6aedc4ae58e62851dcdc8b5a8adefe3d2c89c4d7a4b2b674997ac7f7276fe4b5670187e245d48ee1773091910b6205c6a73240451bb9b631192a8e42bfa137 |
C:\Users\Admin\Desktop\dcrat.rar
| MD5 | 5c0b3046b1f9f362a28b6595eacf3933 |
| SHA1 | 21a2f82416dd82187ad6928aab3fe0cb493a7c0c |
| SHA256 | a380e2cac04bbf0901219ff35d29c86f93cae9e66c6d075242337bfeae6d3ff6 |
| SHA512 | 46da149c269063a69f59513e09fb3b103d07acd6af22c9c7a88da0d4c156442871c8c797ed58a8d02853cdb80040bfe2f0e89cf0d7a10c69c7a7564f5da423a5 |
C:\Users\Admin\AppData\Local\Temp\7zE41226008\dcrat\plugins\chat_native\fav.png
| MD5 | a8e72c0e27750ce36da3110126c38afe |
| SHA1 | e96bc3555f8ed8e715af94d492965b4e6597563c |
| SHA256 | a4f7e5adde35c1979fbf2cc44b37e2907ec963468443e34262b207dd3dab81b8 |
| SHA512 | e43e2c6abb6006c783331cb8b0e290560bb65f7cfd0e113bbddb31a6978aee31fb39a2b22b38ef83f27d512152329d066bc270e640e8900b2746a2a4e0b4dd48 |
C:\Users\Admin\Desktop\dcrat.txt
| MD5 | 7af47d5551a73cd32dda688d794eb417 |
| SHA1 | 21a008c826347006d9fbebc218200fee445bd28d |
| SHA256 | 9acc8c42671ff15a99d3de429010491a6b5c99d43beeedd16133c3365c53c976 |
| SHA512 | 507c25ba7e421fd4a18cefe083109fa6773df2404e517ea902bc808d683ae01659b59e6882834954b9395d1a418b809d18c006e4c6c986bb119de4202e4500b2 |
C:\Users\Admin\Desktop\dcrat\123.bat
| MD5 | 3a0623c42428a956527c575727726ef4 |
| SHA1 | e47d046483f538db91fc734930b475b1ed25ab0b |
| SHA256 | c9138c5f875415774dd9d713549ad8957c59f880ba269f3172a215a991fde315 |
| SHA512 | d2f5ef057c2ead1b3439b797c94d22761e029e84b2ee1a53da5876a4beff8e7cdfad9413095de0c6f4d34636b2ddfc2449c147aa6bebfc059001d73b00e6ec2d |
C:\Users\Admin\Desktop\dcrat\DCRat.exe
| MD5 | 2c7d37e90dd8ab57d06dad5bc7956885 |
| SHA1 | da789c107c4c68b8250b6589e45e5a3cf7a9a143 |
| SHA256 | 5ede5d774ab65f25357cf5a1fa5e354f6f2a9868651a0fa717485802b21b1939 |
| SHA512 | e74ae891771bfd9c6fcdfbe8e4f33f0d5f7c3457cd84b257500cdaf8fa8b16fe458a18db9b3a60591465982fc2871f4c3f2e7541c765f00a0516f805e7e9ca0f |
memory/736-743-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\Desktop\dcrat\php\DCRatConnectService.exe
| MD5 | a67b68d097265bbaa42817450bf361cf |
| SHA1 | f231a4223f165e53218df2b95304f5c561a1d110 |
| SHA256 | 9549b4fd2f6e06264e34f66c6f990157af07a068639bc3ae7fb46daeedd7b66a |
| SHA512 | 35b2a4aa72dc3725ab61161270d374d30be8100c86be382afddae41ddb6064d4e6a11ef0cadb1305f3011d205319dacdd17bc5c00c12c4c9b9ef5527060dd039 |
C:\Users\Admin\Desktop\dcrat\lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllI.jar
| MD5 | 6316f84bc78d40b138dab1adc978ca5d |
| SHA1 | b12ea05331ad89a9b09937367ebc20421f17b9ff |
| SHA256 | d637e3326f87a173abd5f51ac98906a3237b9e511d07d31d6aafcf43f33dac17 |
| SHA512 | 1cdca01ed9c2bc607207c8c51f4b532f4153e94b3846308332eccae25f9c5fddf8279e3063f44a75dd43d696eab0f9f340f9bf2f3ec805ab0f2f1de5135a426c |
C:\Users\Admin\Desktop\dcrat\lib\IlIllIIllllllllIlIIlllllIIIIllIIIlIIlllIIllIIllllIIllIlIIIlIIIIlIIIIIlllllllIllIIlIlIllIIlIlIlIIllIlIllIIIlIIIIlIllIIIIl.jar
| MD5 | 6696368a09c7f8fed4ea92c4e5238cee |
| SHA1 | f89c282e557d1207afd7158b82721c3d425736a7 |
| SHA256 | c25d7a7b8f0715729bccb817e345f0fdd668dd4799c8dab1a4db3d6a37e7e3e4 |
| SHA512 | 0ab24f07f956e3cdcd9d09c3aa4677ff60b70d7a48e7179a02e4ff9c0d2c7a1fc51624c3c8a5d892644e9f36f84f7aaf4aa6d2c9e1c291c88b3cff7568d54f76 |
C:\Users\Admin\Desktop\dcrat\lib\lllIlIIIIIlIllIlIlIIllIlIIIlIIllIllllIIIIIllIlllIllIIllIIllIllIllIIlIlllllIIlIllIllIIlIIlIIIllIlIlIIlIIIIIIIllIIlllIllIl.jar
| MD5 | d5ef47c915bef65a63d364f5cf7cd467 |
| SHA1 | f711f3846e144dddbfb31597c0c165ba8adf8d6b |
| SHA256 | 9c287472408857301594f8f7bda108457f6fdae6e25c87ec88dbf3012e5a98b6 |
| SHA512 | 04aeb956bfcd3bd23b540f9ad2d4110bb2ffd25fe899152c4b2e782daa23a676df9507078ecf1bfc409ddfbe2858ab4c4c324f431e45d8234e13905eb192bae8 |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | ec7883f9b8b29d2379e9512f42883cbc |
| SHA1 | a6b98c7aa033bab442ed31ede5b3847759e5d4f3 |
| SHA256 | 6d712914264ccc3554372742d8d49279ec1fc2157db48f1eebfb196a2ce92dde |
| SHA512 | 48d096a06b311415385d096d4957f16911ee9eb18a3f89b5adab342b058318e969136894f6f98a88c38a9c2c718a24e1d7099991512abb31a1d2e601f5838205 |
C:\System\lWwpVq7gHuwgO81vQqwqHneiJIBDuFSKSYTTmU6Tq3dRBEEEDwB9.vbe
| MD5 | 6190514139e0ff67eed7e3baa26692c4 |
| SHA1 | d124c4ddb8eca14dcdb3bc37ff9221665b2eb3cf |
| SHA256 | d7aeb072910b1d9cff72ed30809f60565947a28f02b83b61d5e4cd6efb56a069 |
| SHA512 | 57b2165ce2ad6fd5df121997fb9be28cf7cafee2e2f8abb52c914fc9403d4bf4d5aaadf641ebcee19f1f384662cd24942d937671e6cad0859bd7ded241e1ccb6 |
C:\Users\Admin\Desktop\dcrat\php\php8.dll
| MD5 | dcf320cd3bb8d3dbe64556aa6548aef7 |
| SHA1 | f3108f6bfd28000d935e39708f779dcb94d2b73b |
| SHA256 | fdacdb8d711fd98c5b81871777086d34745c0a81c4aef981bc9914cf8074c24c |
| SHA512 | 5cf36ef4dba25616ed2d2446ea5abc1106302aad61521efca5b1e46ef24a1ad4bcb69718918d0a3cbcfe63a76e5d26f484dd0241c30df022038503051a0f616c |
C:\Users\Admin\Desktop\dcrat\php\php.exe
| MD5 | 21451a478f9c8e12598985e43936f2cd |
| SHA1 | 3cb00cdc97cba0c0de8ac97ab30f8e712f964c0a |
| SHA256 | f8282eea2f2d9ae6130a4a879c3d4487ba8b22134ebfc439fd7d5e4ac1da4e6c |
| SHA512 | 1c036d454565569c14c928d550a6380a993a7415e6e6a9b41c415e8736cc040b63cd52a6ef40eb3783d7a7fa484cc317d264e7be13711459c80c1868e0b1b2e8 |
C:\Users\Admin\Desktop\dcrat\lib\llIlIlIIIllllIIIllllllllllIllIlIlllIIlllIIlllIIllIIllllIlllIIIIIllllIIlllIIllIIIIlIlIlIlIIIlIIIlIlIlIlIIlllIIlllIlIlIlII.jar
| MD5 | 0c8768cdeb3e894798f80465e0219c05 |
| SHA1 | c4da07ac93e4e547748ecc26b633d3db5b81ce47 |
| SHA256 | 15f36830124fc7389e312cf228b952024a8ce8601bf5c4df806bc395d47db669 |
| SHA512 | 35db507a3918093b529547e991ab6c1643a96258fc95ba1ea7665ff762b0b8abb1ef732b3854663a947effe505be667bd2609ffcccb6409a66df605f971da106 |
C:\Users\Admin\Desktop\dcrat\lib\lllIIlIlIIlIIllllIIllllIIlIllllIIIlIllllIIllIIIlllIIIIIIlIIlllIIllIllIIlllIlIIlIlIlllIIlllIlllIlIIlIIIllIlllIIIlIIIIIlll.jar
| MD5 | 3e5e8cccff7ff343cbfe22588e569256 |
| SHA1 | 66756daa182672bff27e453eed585325d8cc2a7a |
| SHA256 | 0f26584763ef1c5ec07d1f310f0b6504bc17732f04e37f4eb101338803be0dc4 |
| SHA512 | 8ea5f31e25c3c48ee21c51abe9146ee2a270d603788ec47176c16acac15dad608eef4fa8ca0f34a1bbc6475c29e348bd62b0328e73d2e1071aaa745818867522 |
C:\Users\Admin\Desktop\dcrat\lib\llIlIIIIlIlIlllllIlIIllllIIIlIlIllllIIllllIlllIIlllllIIlIlllIIIIIIlIIllIIIlIlIlllIlIIIlIIIIIllIlllIlllIIllIIllIlIlIIlllI.jar
| MD5 | fde38932b12fc063451af6613d4470cc |
| SHA1 | bc08c114681a3afc05fb8c0470776c3eae2eefeb |
| SHA256 | 9967ea3c3d1aee8db5a723f714fba38d2fc26d8553435ab0e1d4e123cd211830 |
| SHA512 | 0f211f81101ced5fff466f2aab0e6c807bb18b23bc4928fe664c60653c99fa81b34edf5835fcc3affb34b0df1fa61c73a621df41355e4d82131f94fcc0b0e839 |
C:\Users\Admin\Desktop\dcrat\lib\lIIllIIlIlllIlIlllIlIIlIIIlllllIIlIlIIllIllIlIlllIlIIlIlIlIIllIlIIIIIllIIlIIlIIlIIllIIIlIIllIlIIIIlIlIIlIIlIllIIlIIlIlIl.jar
| MD5 | d093f94c050d5900795de8149cb84817 |
| SHA1 | 54058dda5c9e66a22074590072c8a48559bba1fb |
| SHA256 | 4bec0794a0d69debe2f955bf495ea7c0858ad84cb0d2d549cacb82e70c060cba |
| SHA512 | 3faaa415fba5745298981014d0042e8e01850fccaac22f92469765fd8c56b920da877ff3138a629242d9c52e270e7e2ce89e7c69f6902859f48ea0359842e2fb |
C:\Users\Admin\Desktop\dcrat\lib\IllIIIIllIlIIIIlIlIllIIlIIllIIlIllIIlllllIlllIllIlIIlIIlllIIlIlIlIllIllIIlIIIlIIIllIIIIIllIIlllllIlIIIIIlIIIIIIIIIIIIlII.jar
| MD5 | 5134a2350f58890ffb9db0b40047195d |
| SHA1 | 751f548c85fa49f330cecbb1875893f971b33c4e |
| SHA256 | 2d43eb5ea9e133d2ee2405cc14f5ee08951b8361302fdd93494a3a997b508d32 |
| SHA512 | c3cdaf66a99e6336abc80ff23374f6b62ac95ab2ae874c9075805e91d849b18e3f620cc202b4978fc92b73d98de96089c8714b1dd096b2ae1958cfa085715f7a |
memory/1368-782-0x0000016CDDA40000-0x0000016CDDA41000-memory.dmp
C:\Users\Admin\Desktop\dcrat\lib\IIlIlIllIIlIIllIIllIIlIIIllIlIlIlIIIIlIlIllIIlIIllIIIIIllIIIIlIIIlIIlIIlIIlIllIIlllIIIllIIIlIIlIllllIllIIIIlIIIlIllllllI.jar
| MD5 | 7e5e3d6d352025bd7f093c2d7f9b21ab |
| SHA1 | ad9bfc2c3d70c574d34a752c5d0ebcc43a046c57 |
| SHA256 | 5b37e8ff2850a4cbb02f9f02391e9f07285b4e0667f7e4b2d4515b78e699735a |
| SHA512 | c19c29f8ad8b6beb3eed40ab7dc343468a4ca75d49f1d0d4ea0b4a5cee33f745893fba764d35c8bd157f7842268e0716b1eb4b8b26dcf888fb3b3f4314844aad |
C:\Users\Admin\Desktop\dcrat\lib\IlIlIIIIIIIlIlllllllIllIIlIIllIllllIIIlIIIlIlIIlIIlIIlIllIlllIlIlIIllIIlIIIIIIIlIIIIIIIIIlIlllIIllIlIIlIIIlIlIlllIIIIIIl.jar
| MD5 | fe734f7ab030363362fe3d3ba5e8f913 |
| SHA1 | 2e9d54e3b410557c51c3ea101d66efbb5266b80a |
| SHA256 | 03ead999502aefbf1380bd2e9c4a407acb7a92a7b2fe61f6995aba3fca85efd4 |
| SHA512 | 303ecea5f3f1130f473cde0d78270090290b6f13311bf7459282257ac3097b2b6086db461183f2d8c97a9101372155bf59bbfa12a74925136d0a2a615b648b2a |
C:\Users\Admin\Desktop\dcrat\lib\IlIIlIllllIIIIIlIlllIllIlIlIIIIIlIIIlIlIlllIIllIllIIIIIIlIIlllIIIlIIIlllIIIlllllIlIlIlllllIIlIllIIlIIlIIlIIIlllllllIlIII.jar
| MD5 | 0a79304556a1289aa9e6213f574f3b08 |
| SHA1 | 7ee3bde3b1777bf65d4f62ce33295556223a26cd |
| SHA256 | 434e57fffc7df0b725c1d95cabafdcdb83858ccb3e5e728a74d3cf33a0ca9c79 |
| SHA512 | 1560703d0c162d73c99cef9e8ddc050362e45209cc8dea6a34a49e2b6f99aae462eae27ba026bdb29433952b6696896bb96998a0f6ac0a3c1dbbb2f6ebc26a7e |
C:\Users\Admin\Desktop\dcrat\lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllIIilIl.jar
| MD5 | f323bd3b1e342a856bf3036453cd01b2 |
| SHA1 | a8c48a731c350d1514ddcc6a99738cb93277fe14 |
| SHA256 | 64bc153889ab341d4ec8e693fafe117651d3b627d1a608dad951f5b030aab26f |
| SHA512 | 764e1643f2f0b2a5c64e2fd52b2ed8cb3597469ec7ea2c28c2009c0d0b1f5e1dbbcc12b6cf36e94ae7db53bb9d118cd3d33ad92de0c3e256b751c5085e3489a4 |
C:\Users\Admin\Desktop\dcrat\lib\llllIlIIIIIllllIlIIIlIllIlIIIllllIIIllIllllIIlllIlIIIlllIIlIlIlllIIlIIIIlIIIIlllIIlIIlIlIIIIIIIIllllIllIlIIIlIllIlIlIIll.jar
| MD5 | b50e2c75f5f0e1094e997de8a2a2d0ca |
| SHA1 | d789eb689c091536ea6a01764bada387841264cb |
| SHA256 | cf4068ebb5ecd47adec92afba943aea4eb2fee40871330d064b69770cccb9e23 |
| SHA512 | 57d8ac613805edada6aeba7b55417fd7d41c93913c56c4c2c1a8e8a28bbb7a05aade6e02b70a798a078dc3c747967da242c6922b342209874f3caf7312670cb0 |
C:\Users\Admin\Desktop\dcrat\lib\llllIlIIlIllllIlIlIIIlIIIlIllIlIIIIlIlIIlIlIIIIllIIlIIllIIIllllIlIllIlllllIIIIIIIIllIllIlIlllllllIllIIIllllIIllIIlIllIll.jar
| MD5 | 4bc2aea7281e27bc91566377d0ed1897 |
| SHA1 | d02d897e8a8aca58e3635c009a16d595a5649d44 |
| SHA256 | 4aef566bbf3f0b56769a0c45275ebbf7894e9ddb54430c9db2874124b7cea288 |
| SHA512 | da35bb2f67bca7527dc94e5a99a162180b2701ddca2c688d9e0be69876aca7c48f192d0f03d431ccd2d8eec55e0e681322b4f15eba4db29ef5557316e8e51e10 |
C:\System\unOUSLOLRRxkAR2qU1kiiuwS6WvSqNn.bat
| MD5 | 0dc10382817fd7714772876a2040642a |
| SHA1 | d0107ec12cba720b9013eccde880edeac7f4ccc1 |
| SHA256 | 532fd4ba7a8f2dd08bdbdc35f157ac18276724ecb0fa2c30d975825609f16a5a |
| SHA512 | 170ba33d4a8ce719e280ac90ddb35260bdf2795a32a838ad3132286e1aecb90ede20d6c522854f43c7df4657ad80003588bcedd02a8456b095b74ffa83b10192 |
C:\System\mbr.exe
| MD5 | fe71f78544334096af8e326d4b95838f |
| SHA1 | b13e77260da09654ddc7ebf1aabc344366455aaa |
| SHA256 | a7837617e99630f2c8068f0bdfffbb005950fbfdd5e60dde2eebc45bcc8c09dd |
| SHA512 | 5f077c87497227905e4dee1a96a04ddde5364c041ecb58aeb7cb2563cbd2743a21f47cd9fe042042c8d106647471e0a50ba040f3c14abc5653b8c296be57ea16 |
memory/2636-821-0x0000000000DB0000-0x000000000113E000-memory.dmp
memory/1368-836-0x0000016CDDA40000-0x0000016CDDA41000-memory.dmp
memory/2636-851-0x000000001BC60000-0x000000001BC86000-memory.dmp
memory/2636-854-0x0000000003210000-0x000000000321E000-memory.dmp
memory/2636-857-0x000000001C290000-0x000000001C2E0000-memory.dmp
memory/2636-859-0x0000000003220000-0x0000000003230000-memory.dmp
memory/2636-856-0x000000001BC90000-0x000000001BCAC000-memory.dmp
memory/2636-866-0x000000001BDF0000-0x000000001BE08000-memory.dmp
memory/2636-868-0x0000000003230000-0x0000000003240000-memory.dmp
memory/2636-870-0x000000001BCB0000-0x000000001BCC0000-memory.dmp
memory/1368-871-0x0000016CDDA40000-0x0000016CDDA41000-memory.dmp
memory/2636-874-0x000000001BCC0000-0x000000001BCCE000-memory.dmp
memory/1368-877-0x0000016CDDA40000-0x0000016CDDA41000-memory.dmp
memory/2636-882-0x000000001BE30000-0x000000001BE42000-memory.dmp
memory/2636-884-0x000000001BCD0000-0x000000001BCE0000-memory.dmp
memory/2636-886-0x000000001BE50000-0x000000001BE66000-memory.dmp
memory/2636-888-0x000000001C2E0000-0x000000001C2F2000-memory.dmp
memory/2636-894-0x000000001BE10000-0x000000001BE1E000-memory.dmp
memory/2636-891-0x000000001C830000-0x000000001CD58000-memory.dmp
memory/2636-896-0x000000001BE20000-0x000000001BE30000-memory.dmp
memory/2636-898-0x000000001BE70000-0x000000001BE80000-memory.dmp
memory/2636-900-0x000000001C360000-0x000000001C3BA000-memory.dmp
memory/2636-904-0x000000001C300000-0x000000001C30E000-memory.dmp
memory/2636-908-0x000000001C310000-0x000000001C320000-memory.dmp
memory/2636-922-0x000000001C3C0000-0x000000001C3D8000-memory.dmp
memory/2636-925-0x000000001C330000-0x000000001C33C000-memory.dmp
memory/2636-931-0x000000001C430000-0x000000001C47E000-memory.dmp
memory/2636-918-0x000000001C320000-0x000000001C32E000-memory.dmp
memory/1368-999-0x0000016CDDA40000-0x0000016CDDA41000-memory.dmp
memory/2636-1000-0x000000001C780000-0x000000001C829000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_anutbiw4.zh5.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4988-1021-0x00000237626C0000-0x00000237626E2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gSUETvPrNl.bat
| MD5 | b26b24653d136346e68c23c7af74d718 |
| SHA1 | 2e01191f093798e073ac60385b1210d9465a56bb |
| SHA256 | 60f311802e7a6c6c975c3454fd1878d145cbc7b23939f47d13507cb8e228c37d |
| SHA512 | 017b4d93825c595b8449a7454b756d8fbbb7c7e44eace5cabb173a827444274beaa407da93529b9cd66937f3c580887e03763d26010e1d3459952f0ae1e4f43c |
memory/1368-1217-0x0000016CDDA40000-0x0000016CDDA41000-memory.dmp
memory/1368-1275-0x0000016CDF320000-0x0000016CE0320000-memory.dmp
memory/1368-1274-0x0000016CDF320000-0x0000016CE0320000-memory.dmp
memory/1368-1282-0x0000016CDF320000-0x0000016CE0320000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
| MD5 | 13796d0b0b0380ba80096b6b679547e7 |
| SHA1 | 5f513a80549f963be8c5ab864812a41162ece4df |
| SHA256 | 61d5122213b6eca8b00ce3ba7b25de543f1717851dd08661c6abfebcb09baf46 |
| SHA512 | a7e892d3343eca2bc23b4ea16aabcc7967014e6708e648a07715938804cd847f1cc4091e8313cc5d94676bb30dcac792e76a7535601336909d6bb0ba2a1e8b9b |
memory/1368-1273-0x0000016CDF320000-0x0000016CE0320000-memory.dmp
memory/1368-1272-0x0000016CDF320000-0x0000016CE0320000-memory.dmp
C:\Users\Admin\Desktop\dcrat\back.o
| MD5 | aef4b8423ae335762bbae012e2fc49d6 |
| SHA1 | 87e31aa55052205cba347c62c595cd054b5a1585 |
| SHA256 | 1dad158eebe2b6437b0ed6089495158be9e6ed7e31725894536888ab3f1a8b5f |
| SHA512 | 2aff6a5254e65d7b3d8d102cf5d28949d0de735f88a0e17d5a57c78cb3f54955622ff0e0dcf9389305bba31fa835fb706bd4c84a6400a84511f394582bdf8c3a |
C:\Users\Admin\Desktop\dcrat\plugins\ActiveWindowNotifier\configuration.json
| MD5 | 7274b40806ddc9b05aaf679efd9ed503 |
| SHA1 | 06a0ed8394004318859859c50dcb412153e65453 |
| SHA256 | 720b6c93d9bed8c9bf8a745762883256c9d9fc4bd3c1d282dced559742165163 |
| SHA512 | e2eeca868aef81e67d09af46525e98fcc6af3d17fdef321a5a97d5a85c8bbd34206f19f4fdaef9481985075f15d0acb1efb6e80671317d6080cc06bcc85e8dfd |
C:\Users\Admin\Desktop\dcrat\plugins\FakeSteamWindows\configuration.json
| MD5 | 5d9116cbd984428cccfa8c6e20d6f0f1 |
| SHA1 | 3cced48d366ff4088a4299c4bc18925090a4ed38 |
| SHA256 | b4bc6ab3ba0db5f3984278fd8d651396636812adf0125a501079d0e2b9b2317e |
| SHA512 | 66beb3ac519219ce469ea7e115c687940913214fd37ba4b9f4197a069d10fe0a07c9e7cc33d6702aa5adf8d865919f269925fe2e6813cdf9d71c077e9b99f3a7 |
C:\Users\Admin\Desktop\dcrat\plugins\FakeSteamWindows.plg
| MD5 | da61683b55b7e89cf5ae23960320980a |
| SHA1 | caff3d5419b6486ae4e89bb800c681aa303f39d0 |
| SHA256 | 2b0d91b02e0249e0f2a19b0ec154c849d08611aa6e8c731317ef6155108ce7ec |
| SHA512 | f00437c80e8658a4b0ff3c8a2a8014eeeb4d38cc4785d83595e712d61160700a6edc05667c3467b871ab640ee3d80f35cfd24ae2eee17e4d6b48191c4e76d9d5 |
C:\Users\Admin\Desktop\dcrat\plugins\DisableUAC\configuration.json
| MD5 | 2b2a2dbd6ae8af2a46fcb420ca4eebc6 |
| SHA1 | 4ece6dfd41a3a3a374982b77096fa756413f0403 |
| SHA256 | ba65b7b97a8d118c10c1fb839646d0512af0501e20aa00cc7f27b25fd564b9f3 |
| SHA512 | 85ec63ff01c45eda1efaa591c1fb53e3e12d000f441c26fc13bb46b380e0f2efe472f9f9944b15ad67b126f85ea7aad2db637184b91d3213bfedef68d7e79107 |
C:\Users\Admin\Desktop\dcrat\plugins\DisableUAC.plg
| MD5 | 6e676e43b744fd7d4e52d1ba98675514 |
| SHA1 | e32f3e1317d3be97b36a2ce82da912081a37fe51 |
| SHA256 | ad6955b9032ab30f648c3c9de6b13b944ea9e11735d6e5e569f94e25c5a69f6d |
| SHA512 | 2755225499cb506890e56b38efe4e0de9f00b41684db40595a0f26101b6a6b54dabb2c8f9c4b5539173865e654f4d69fcdb7f9927cc3d084b878a22ea891d110 |
C:\Users\Admin\Desktop\dcrat\plugins\CryptoStealer\configuration.json
| MD5 | 5e2149e2a884141db7aeb1486516126c |
| SHA1 | b992417484ad0f38150de4f3d02d1771037454ef |
| SHA256 | 4d51e75e2d7ebda91ba80e14462bb0482d4fd950f755c9255da86c5da7774632 |
| SHA512 | 3b453bf7ff5d6b7debdb174516b303a67f3232c284bef4206c49f8d7751818df86a6bf2de88cfe7bf5650ce97195553ed90852fd783950131ddb5f3f1950f43f |
C:\Users\Admin\Desktop\dcrat\plugins\CryptoStealer.plg
| MD5 | 7d0e8191fcb1475a4b5fb85c29345363 |
| SHA1 | a590571d720d6d6a468f6fd0a250a55a12399f24 |
| SHA256 | 0221a13049e8f79f3499939eb75c6ceaf0be835418e92578ba3a7abd649f7310 |
| SHA512 | 8584e3072e75b75675f557e69c17f60c981606e6ea006e630e5551f647c604cba5ee35f6fb3c620705ea87787c8485853ca729069de5b2e5ca74dd6720717a6a |
C:\Users\Admin\Desktop\dcrat\plugins\CrashLogger\configuration.json
| MD5 | 0a127fa54f700f8684c050a55a808cd0 |
| SHA1 | 91099fe6e3effcb4a4698c5a285ed71cf4fb288b |
| SHA256 | 23c26b3316cb33cbaf01d46e02063203f3b5f57a9a20cdd9c85fc9873ea6a828 |
| SHA512 | 41eb2ca6d669cb1784a3a7a49235ce3060c6c64a6b09aaf8efbd9ddc7081c192ede27ae6ad8cd96bdf8bd28d9243989fc40abb2e1cfa6895daec1620fe632535 |
C:\Users\Admin\Desktop\dcrat\plugins\CrashLogger.plg
| MD5 | bb1bb69674cc872f932498e7e4713dfd |
| SHA1 | e877f196c43f8ebbef1e37375dccc34ceb5742b0 |
| SHA256 | 67312c6ca5890d398663b8c0fc704128f9cedb03cbca6750b646edc8107abed2 |
| SHA512 | b1219b0bf6692fcf86fb3091fedca2606466b04ebe15a3ee7916262ec17cdee724c0f0541e80c9c37fbee66a095edbd0c646994d728ddd5a4173c1433aab8042 |
C:\Users\Admin\Desktop\dcrat\plugins\CountryBlackList\configuration.json
| MD5 | 8b9be085529d1d126811f78aa34656ae |
| SHA1 | 796a5a39e8cc496a3a7ea2066a4831c614c4a325 |
| SHA256 | 8fc9fb90aa56ee75b6d021f178baa9dba961905e772c5cd16da36221cea61d12 |
| SHA512 | daf243f71d256c377956957314e035ab193e37875c388ee664113ec7ba8a381402b9ceecfab838b5d0edc5431065e78f79b7e39b010fcd2b4b75711d3a6109d3 |
C:\Users\Admin\Desktop\dcrat\plugins\CountryBlackList.plg
| MD5 | c0494389ad56345479427327f3a105ab |
| SHA1 | dae7cfe32343c0eca4f4045324bb5ba898e87bee |
| SHA256 | d5bb7934e66b18abaa7bf5c385923142721a515919c17a855e69bf89f7cc511a |
| SHA512 | ab1e1d4f4f6a6de5cb70a617caf9146f34a7d854a637a41887c452ceab0e3f20464f22d0fae936dc2db049aacbf09e9102e46075089b1aa7d7b69b851b0bb2dc |
C:\Users\Admin\Desktop\dcrat\plugins\Clipper\configuration.json
| MD5 | e4c48f85060b023b74d50199870e526c |
| SHA1 | 0dbe75f1ea0e354fc98f56d4e4fa66cb57765298 |
| SHA256 | aa8f6257110045d5df7e79224bf32a0a3f6eb59743553871f2a7c1480beb7bea |
| SHA512 | ee6b913023473aad5347b4a7f2e8325c1443d1591c79a4cb7ad6d845cd7ee3b08dcfd902d75538253504eb23fa71cb3e082cbfe7ce7719fa38b1db98804bac7e |
C:\Users\Admin\Desktop\dcrat\plugins\Clipper.plg
| MD5 | f8b2b7f806e58527549377fa6154d993 |
| SHA1 | c75a9895a5ec2fc4670d1a5a13b7264e4707db4d |
| SHA256 | d99a640efb37a5da0c89f270cadb7cfe2a7f8d9d22c63a0ed2b463bdcd202ec3 |
| SHA512 | fc5c349c995dc1c3d6e46d40b65a3d111c72ec71b064ec4297b41f3176097311d0bf10f7b4d07e3cfccfca46f2407974d6e01db8d601892b1977c6fcb66d3da1 |
C:\Users\Admin\Desktop\dcrat\plugins\ClipboardLogger\configuration.json
| MD5 | 9c4f8ac6df6dacc347e2671c8f6b4a62 |
| SHA1 | 4436b88aa68303cd8a48402667d11802aa39937b |
| SHA256 | 143bbc799092c79f0230b2b990e8f2485836bd9cc682d2ac8f92262ccce0c58e |
| SHA512 | 3b53a7c9ccae040171033c66a98009c017c4df54baba008af76ef5b92e098c954c4dfb9ae971112d3536a1dbd9435830171fa748274ac43eb04a70f3c2a27d24 |
C:\Users\Admin\Desktop\dcrat\plugins\ClipboardLogger.plg
| MD5 | 2aea94cd3a00ade5aeb6daf5ecee4ddb |
| SHA1 | d4c6ad77d134f5951fbd9aabe7705b78b20c2207 |
| SHA256 | 1026aa2bf76235de24e90ba49e661a6170364de8b675b650cd67b28e9c64be1b |
| SHA512 | a042b99aa6e3f5bd3e58df3ccb7b251d93c7ed87f1dbd5cf2d508a0fc9267877c80bffa69bd533fb79ef062077e2c640e9a909862618b157d7a75bde3f13f987 |
C:\Users\Admin\Desktop\dcrat\plugins\ClientsStealer_native\configuration.json
| MD5 | a447c276d835363fb44ed5c27e716b02 |
| SHA1 | de1c9b06cb257bad1aeb97718e3837bcee36e993 |
| SHA256 | 9bd962e5d852e0a0c8fb72606bfb0a21ec35e07a0fe34a6ddb22ac7be07fe401 |
| SHA512 | f26f169300f142c58bfa0ec27329bc8690141e960280e001e51a248cf86ad75af6029513aa8651e2f640cd2736982662be3742c597467fe199b5fb5e8cb1779e |
C:\Users\Admin\Desktop\dcrat\plugins\ClientsStealer_native.plg
| MD5 | 77090d6218e6a2f0f6f846f26545ed14 |
| SHA1 | ff0ce654d3d5383e3684de07a882178a5483a92f |
| SHA256 | 0d93e907d03a8a161deaf26d83221d8159e03768e47c67fac3aedf85d7733210 |
| SHA512 | e7953f96233d1d47540b9acc288ae85acc724777998e991d8129a7fd842a5dcf64083f7dc57a220f26826f3fe09fd47df6cb08434a21e519f748d06a6187084d |
C:\Users\Admin\Desktop\dcrat\plugins\chat_native\configuration.json
| MD5 | 5d4b4f6d829676eace149f4c50003829 |
| SHA1 | 18379611c88af3c7e0ebf3ccf1ec4edbd04ce83e |
| SHA256 | 5905a40b34bfbca66378e60dac23ef06bdf8392f1126f72509368e3f683cb100 |
| SHA512 | a36774efa7f9352ff517935f12b97e5b19494563ac38e5623c24a4f7753378337165608be24848767b5fa954652cbe0bbb6c5c443d5caf4b2bb61a0051a55b5e |
C:\Users\Admin\Desktop\dcrat\plugins\chat_native.plg
| MD5 | 7293ef71d2371dd20997ff0d99a1edd3 |
| SHA1 | f380ec631fa6b6ed4f13ed497988bc638eef850b |
| SHA256 | 6e6ad73d10b50a48e2b314bd665e87c0c7f15c84f561be55bc44445021c6f103 |
| SHA512 | 8a35244016543dc1a835a069ca287b97678cbc426108a964024775dcd0934edadd3f22c731707e8624d2d1c59ae6b68d1f42eee3a87d1647d5806d0129c3c438 |
C:\Users\Admin\Desktop\dcrat\plugins\BuildInstallationTweaksPlugin\configuration.json
| MD5 | 8de11d5b207e7c70c515a192dd2661ef |
| SHA1 | 9f3a1da6e0ec83c599c4f0f542de04789afecfe0 |
| SHA256 | 5ff8575dd71be41c39869c1a6f451ba30190b6fa6546da39b0644bb98f27d19d |
| SHA512 | 6440d1561add2e02f3bd6608c9611b75fe26656ad1fe27ab12231baca2d8752c4f62fbe138398457f41b8bb7ec3152809175e4a0663c712249925ab074561f72 |
C:\Users\Admin\Desktop\dcrat\plugins\BuildInstallationTweaksPlugin.plg
| MD5 | d2296986b47083fdc965d3bcccc8cce8 |
| SHA1 | 6bedc82418395705201c17a86a80619815833fd5 |
| SHA256 | 2d66eb6ac35a4cebe4df0dd9efff13e662ff4e3d71a47f4314eac7ae167d1f67 |
| SHA512 | 01bc9f996c2ec55a90179365d4d6ad6a4d70901f2f8532ac5b723fd48f1950f6d0a2ce4ed101ec8a22e0bfb25aeec37c64facc46dcb6128e0afe32b57fc518fa |
C:\Users\Admin\Desktop\dcrat\plugins\BSoDProtection\configuration.json
| MD5 | 192d9ad2141908acde6d3e67d469274e |
| SHA1 | 2c23154ff73e202167b58593b1306311fd39e59c |
| SHA256 | 954c72fefc76cadb975b81e4ffa8a651e91229f98179e945da0a248b22fe2d54 |
| SHA512 | 820e0875fbbc5a098c36c35d82fcb6dc739b2175c82fdc00c15fe7bc0a03a76ee7f3b2cb3867dcaf38b3084a399cd66ee70238bd10cac45801c31d3a6d92d9fa |
C:\Users\Admin\Desktop\dcrat\plugins\BSoDProtection.plg
| MD5 | 88584f350c58c51eb2ae11a96dc62391 |
| SHA1 | b56aba2558e2386b1803f34fefa62029d5c94417 |
| SHA256 | dd760670b178a06aab1a1a0dbe78a9f6d36cc82cb538705e50bb13dbdacd8e42 |
| SHA512 | 2290ebfad38de62f6fd61ded0becca29e9498bd0ddc29f27fc76b6f842955d012dc1c8d5b956c339ff857bfedce39308c326094389c4cf3112b7c0a402524966 |
C:\Users\Admin\Desktop\dcrat\plugins\BrowsersStealer_native\configuration.json
| MD5 | 7fee909db2d84b923b5b1a557d980def |
| SHA1 | 487cabe13d30e4d9841ddabc4a2c5aab8971316d |
| SHA256 | d5b69f3ce285b018f0cd1c4b93f4eacdbd02853f7c17c4c26e65f9665e59de84 |
| SHA512 | b8bf4e9c24555d6421dd54b3c138813da8c6ec5f8e0c34f03e64ec686f6c8ca984a34eff361e6ff4e5a2476b47c36b534252b85c2fc0dfa7983dea51825c5cca |
C:\Users\Admin\Desktop\dcrat\plugins\BrowsersStealer_native.plg
| MD5 | 6f572698625a63133bb2084d9bb71d94 |
| SHA1 | c8a328c8d7377ddf189410be32a2e10f1fd74f50 |
| SHA256 | d02d6b6f1e2e7291e41d0d076d45322f9d34ba23c9b35be843cf43afffbc06b8 |
| SHA512 | 898c17d4001aef45eb8585b0601c18899010717f2d867c7d3a5a947b4fdd57ffe5cec900732267eee798e559c452156dd94b826e76239020eb1b9ea9e6f7e05e |
C:\Users\Admin\Desktop\dcrat\plugins\BlockInputPlugin\configuration.json
| MD5 | afb18e21483320c671fbf3fc0e8852bf |
| SHA1 | 492d35550208e62ac013822b92379850fc76e877 |
| SHA256 | 53e5c864b7b35564c6c7b5d263b6f625c755127dab893ed6db3fba767fa1a180 |
| SHA512 | 5bffc0b2cf7479f231993c4aace989bafeed798855a18c5f14f97a54065861eceffe3ef44cd24c77d9ee872188f34311f4b0544db20b809808108516fd9ae535 |
C:\Users\Admin\Desktop\dcrat\plugins\BlockInputPlugin.plg
| MD5 | b6d792cf92aaab098bd20c610a32dc7d |
| SHA1 | 938bd54611ec0769fd6c868280d0e1a27f517bce |
| SHA256 | ad04867256b8adec506febb62980c0a516c05fbad7a4aaafaf86d72c42d9d5c0 |
| SHA512 | f9919c05330f98c566f9fff9012bbae5fb54923a1f96110df5ad7505edc9530beb988c0ea58aaf9dcbf69dd57856f77a80f5cd49358be15065fcc9eca1afa5d4 |
C:\Users\Admin\Desktop\dcrat\plugins\Audio_native\configuration.json
| MD5 | 4829fde8c25c2763214293eb37e50500 |
| SHA1 | 1949db855ffdde8c96a7ff370e08abbaab459fbf |
| SHA256 | 96184ab6b632d6715d7b9f22de206319c44e3b268db4ac7b85acf4cfd17f6902 |
| SHA512 | b4dcfb999ae54d111e80fc4e2f0f4241699e15e4c3045648f9c2470414e88eee21d6ae8f2921fbc937e13caf00fb677c655cd08d541c549b84e7d6719432cb4e |
C:\Users\Admin\Desktop\dcrat\plugins\Audio_native.plg
| MD5 | 630f22251fedbe30e968432d68ae8543 |
| SHA1 | 6d25f9813b0995a3d032482abb7844cf4646b66f |
| SHA256 | 822869646486a798dc943c015e1bca6ac19b440652f8c93ddec4373c76846bef |
| SHA512 | acc1b2ca19c4d30202423ecfd94c32420ea11171d72ac309d6849a31b67ca9832903987cffd807cfaf36a6760dcc60d45fdd9aafffb25669f40d864c4fdf545d |
C:\Users\Admin\Desktop\dcrat\plugins\AntiAnalysisPlugin\configuration.json
| MD5 | 3575f0e3dd5316c2122c8723b80a53f3 |
| SHA1 | feb80619c8ea7f43322e02ab99cb69135d83cd29 |
| SHA256 | 524cca97e3d0be041b4c52a20f83ccb5555c8e2abc23a69c434433cc8ce66113 |
| SHA512 | 78bd14afe21e7a0516dd4880ec76a1b22d5ba8f9b3323eca0f867f2315566c46008147f9652d9a7aeba11ed11f98c80a1622ca6380c18f130ec8670fda647c4e |
C:\Users\Admin\Desktop\dcrat\plugins\AntiAnalysisPlugin.plg
| MD5 | 745952c4ce75067e520be681d9c2112b |
| SHA1 | a442210c6b9c519faf04d38889ec6c459934bced |
| SHA256 | 07b57c642aad49c6cee7c9707906c65f2d76bca587427709261190a8a6c2887f |
| SHA512 | ce42290e5a0c558af5d72604447e18bc8cfeaa703809d7b7cd49af339dc067563b9f418266b53c1f126f16cfedb8f5aa1ec747b88a9f5e5566a7c111e713a3b2 |
C:\Users\Admin\Desktop\dcrat\plugins\ActiveWindowNotifier.plg
| MD5 | 9d79462a38f05c98f8af9ce194086de3 |
| SHA1 | 2a1fbacc08c1b6f69bf285a2efa181ce0e14bb89 |
| SHA256 | 759adec692b3fc93e3a13c817536f70b80ca77f1c47f0998bab55d258dfd2173 |
| SHA512 | b54509ef21eb1e0df66f52d44dde3026c18b35d67c73dc8d2a15d434dbf297377a906c8d92e47ba2a5c85aa09227432c8643e21e61354009856970a1ff185e66 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3a6bad9528f8e23fb5c77fbd81fa28e8 |
| SHA1 | f127317c3bc6407f536c0f0600dcbcf1aabfba36 |
| SHA256 | 986366767de5873f1b170a63f2a33ce05132d1afd90c8f5017afbca8ef1beb05 |
| SHA512 | 846002154a0ece6f3e9feda6f115d3161dc21b3789525dd62ae1d9188495171293efdbe7be4710666dd8a15e66b557315b5a02918a741ed1d5f3ff0c515b98e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3310906d01fdb701828c7d82b9d402bd |
| SHA1 | 745b1aa0976b0d4b34b441ad9b14e732ed55aab6 |
| SHA256 | 2da6a3a44f482b31994ae5b6166324ec396700c1f21860001bfd1406473ac181 |
| SHA512 | ef6a28bf2eb54c6ae17dfeef8e8a1ce3e42c730b43dcd3c25654fc70d342adb7616502fd0c6907ae4f228d2db225e840ba8f60ebbdab54b0fff0c6f0ed048ac5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 04adea013c671191258e68834943976c |
| SHA1 | c9abe18ae17438e39e823de405e20b2b859afe64 |
| SHA256 | f37210513efb2ee21d0cbdd49969958e18094e74300d18a04b5a08b3966400f4 |
| SHA512 | 7ac68fa540b1183b3c6436e0ee4d4ba2b7399228d7d1e31f1e292d3cc8b556a08c6c46d1d3d6a7102e8efea8247bcf30385a86bfe879ad1c6c3b0fca5f929695 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b463b37d0b581da72ccb02e07645e4cd |
| SHA1 | 17f9261137976546201e66d3ee8964a03c097187 |
| SHA256 | bd9e4a641a2c6c983d0cc79cc62c53c4323d78007eec58e7cf40ea6af371ec8c |
| SHA512 | 6fc1b08419a2dcd69cfbf466310aecc9f42b5e7fd3812842f4c05fef5a97bd4893cf2d18a193e4d5909b55b8318049636276be28aa46192829baad809d9aed00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6851efd0ce47b1e4ce08be1a812ea51c |
| SHA1 | 904c955516eaf96701f674c1f3c986d64247b78b |
| SHA256 | 7f6977f8802e4f1750ae9e732785ac2fd56d0c8289b7ae9a11dca39c00c70d0f |
| SHA512 | c7b56aefed6b54eaffb718d7c25ceda04f119e044639dfac988f296d307d45cd0bebd4c90c9a3218842c509bdf59602d269e191f631292d33a1c9a1eb1bea132 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1b2db0fe4b5e89e8fe07a8945d8e54fd |
| SHA1 | 67539a70771319cb0159ba5c885188532e77c3de |
| SHA256 | a897be522be42489430065f5d2cf498a4867401aec5ee0ca6fc0f2622cc01b3b |
| SHA512 | ad8736ede3b1dc7b28349360c95778619a9588802c8d7cb69a3551fb1869791da49c209253026f570d09f403452d07886300a51b2bd314e13734b44e3c174c38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 752ee939fc60729c1db16ebccccc3992 |
| SHA1 | 1245fcf9cc3abb18cd6f4e238b1ddf62d394ba2c |
| SHA256 | b7b69066e93294b5bcb5dd3c543e438c402a71a0ba2304a55948283215475e61 |
| SHA512 | 21837254bb4de1ac82c881caa6973d7bc9b9d922824d8bea73463c01ead7a454488d0e42cf11670a880f02fc748e20060484d2f8904b57126fb0c2ff8ddc2de6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 712b04f9700e80156b40cd772070907c |
| SHA1 | 51c0dd757e912d183b1b5f2546940a734e2200b3 |
| SHA256 | 9155c3ce47304d598ee4ce9105e39c773f742fc9d6b222707271cfbf015ca00c |
| SHA512 | a78de53c27fe9288156383eadfef26d8ec7b6e1558e6c08cb0e5b8bee66cb8a6e3406aa1e2a07c7924a759049b074d58e616a0f2f352257bbf4cadbcd6ecab2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 603601c1e029fe4a145b355ca87c7607 |
| SHA1 | 94433c1533e1cddc03c297a7cde59ad8b82d394b |
| SHA256 | 834bc522e1073da7a89bece4046a3505455f6e5b7a521bd1c66b1c7edf8cfe0a |
| SHA512 | 7c172944ccf2a2286df0054bac2f7e63f259a69fb97319d05c84a2ea08ca7e6bb52f515a797e5cff374d2cc954ee15968f63d53967f48e2fda769b15531284b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db89e44d29d1c989d9c395d70d8b1cfc |
| SHA1 | 385b7bc5e4207aabe246dd2e16d4fe2b2802560f |
| SHA256 | c3bd895228b9a583de04ffe1a85254845bd98cfefc0fc61a32c9cfc3642a13dc |
| SHA512 | ae6d88abdfaa65e1cf96ff4856cb3249721ddac7fdee922bc5b4bf97d321a2508a1221c1bb229fc1c7e0b5a88be33e6af3e3634e6db481520485a9073091b58a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d0870e93271e1939fb1861c730186ccc |
| SHA1 | 9133f0c65d3fdd855fedac2c568324d887d88839 |
| SHA256 | 92dfeb44bb8592b9962b7408d844f62d588d07041a068af526fe52b5155e438f |
| SHA512 | b542ae4268a57233aafe6548b4a432ba29927c8a891c4afea58b7bcdeaa7fa8cb274f4797a6a1dee1770bb842218aaa7c6419052f375b272a570964c428df42b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ceda2063ea295c8f78ad8e146dcc2374 |
| SHA1 | 72e21d71b4d2a93d0a906d80e59a77593c868f9a |
| SHA256 | 9f623f8b1e1197df1e265c2cd40bc517accdc54cdf875084ad45e5b6f9fa8513 |
| SHA512 | f0d7b017e3a81c179ad664a77f1f82c616dbe1efc63abd0ac37b5d8b3fbe454136dbffba140fac9d2fb0571762491dd52c0b5daa0c5530fb46a9c9869784a558 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | f6daffd2db48a954fd9df58bd6bf2091 |
| SHA1 | 57ea6dc0704ca9c4b3b7f5973632907b377b8837 |
| SHA256 | ee19bb7f11941aa9831abc4322346b45d60f90634501e09e1f1e1a5ac5d4320e |
| SHA512 | 62715826dfc643bcc4775e3e7c49a35dc5e7a399d4517a70080394ac0663c158dd688e1e4210aa3248b1a420387f341d8acac556efce6c27e930ccdc1c6ff3f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\92fd59c5-80fb-4231-865b-a897f40ecfd3.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee3e957ab0f4d76b0c7d72c18d4736b6 |
| SHA1 | 7bf5b13ababcbcd5318267bce7c2930fffe00ce7 |
| SHA256 | de490294e3abb90937d8f0fb197d2044f9e4068f674ac83a19fc45edf0459d4f |
| SHA512 | 3931b592e02376b8a64c24a22ead066e099306f8977ee797770271b51eb050e569f8fa87b53e7b6225a1c33e7585e369bd916b7f9f5c899f01a092ba3a5297ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 261fb86db92eaa9551c868657b0fcdb7 |
| SHA1 | 1c2efcd7e5e40b6ec32d7442ef0c33c28ef5171c |
| SHA256 | 4b1659014f89859ce9ce146e0a1eaa7b81e2a53bd5b48d7fbdd876558cc4abb2 |
| SHA512 | 2af74c19686349211399b10f5c78f31f950b2031f86a0926926671c2fa76d162de6a0526ecddc31dc86204f7e160ef3152d69d8b410bb5d60119052ebb43b9a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a6fabe2fffd009e65247322dc934d16c |
| SHA1 | 5c2c50ab476a67cda394555a513f0a6267d9b72d |
| SHA256 | 89de9971101e696f66b64ce280044bb4eafbff4e2cc4dfea19f8d23091edf86a |
| SHA512 | 8f08769bf977d2057b6cf4ab172a1825b97b12eab207f8b9eaf2e222eaf480ff3df0dcaf287fe85b81a3ffbd46bbb0c17cb611fcb31b41ebb1f83c41b55c640c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c23da20d891bd8af8562b7433909cc69 |
| SHA1 | ab1859771788d473a6b084036ed34b1be152e9ee |
| SHA256 | 98112d27bddd2232382d1e8d8ab957a3c609d801387b6b7ef36c406cc2b39c1d |
| SHA512 | 1b987b9c0482db72c2f30eb67512d49b86989f98d39f43745d56c3ff90c1dfabedcc1164748c36b45b35006e7dcd4ccd3cd79fb7de24a026619bff3e5a203548 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
| MD5 | 34c74071305ddaa453f24cffb9b7649a |
| SHA1 | d9678ed33f9f13eb20e041eae43b6d8b12d00f8b |
| SHA256 | d47ddabfabe87d0e467bf17bf6da2df4a65019547d9a44cd8e4e89e9bf9286d8 |
| SHA512 | 2e1cc1acf24e7adad8f0fe2a77f604f6dd3d12773aa9cbc8174040001c881b89f13b4f2148c855bdb082674eccea651f897457145b43003e1a060005ff761f3c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
| MD5 | bc3ddaee0b039d489a2ab4d123c75da4 |
| SHA1 | 37b5aa48c1bd304c360b38c86097c9584a3f3997 |
| SHA256 | fbfaee7e792d54a16ac23b897228180d6da284731be0fca7ab568a88df4c64a3 |
| SHA512 | b3d21d5ae7f0fce50ded81f8987561d499262d2d0351888f88bdb145901ff0d9d1f714ba0dca00c9683a79f006ae03b7eba0975f84e8e0b128e4d1cbcc6be646 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
| MD5 | 6f0d0d5e42f2924dd022813f1971e36d |
| SHA1 | c7fe20cbec7798ff275c82dedfceb8f45bfebb05 |
| SHA256 | afbdd8b295e7711b291826ef1e1b7ed9a86be96a00fb5a815c4403e55dec3e17 |
| SHA512 | a6b613bb3aa78992b659d676ad23c3ab826664416e0c7760647b436cb30ed72f256be19766ea61fd50f7c26200ce95a7bbf909e5d88d9b937463b2250e8532d9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dcafb7e8e52777f8144c4f9c13941f51 |
| SHA1 | b36c8a0ebae4f78005f7b0034cc225d9b469bf5e |
| SHA256 | a43c762cd4ad7aab6d2b2e88cf8b6c27b0d666f30c4f23894ccfb3a799511007 |
| SHA512 | 1c204eee2f3d65edc8b54615b393c92b2e8aa61903cf7069dfed129edf5499083a45dc5c91c54a129d02efbf0c31e17733979bddbac4cade9d38cf387ec11b10 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 58683e2d3a64f3145e3a88607ca802ad |
| SHA1 | d78bfceaa36889fdde7b2b37d73189004bfe5bf5 |
| SHA256 | ae271bae8c28a640ecd17c841d8a58707dc17c49b9c52be4ccf043e87a3296d9 |
| SHA512 | 1f6204c1f1cb2a82424132cdea049afd8b8192e5ef72966ee477df44d1f32857abb14712fc4fb64684c384f98c4451dd707092eed0ac5fd6ecc5a4152aacffd0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6fd6671e7f0acc922173fbffd8ab4872 |
| SHA1 | f05b7b8c6713dd9e080d503be03b874d5168d5fc |
| SHA256 | ade4c9a712dff915cfe61d403a51cb5035efef2d5dd4cbc7a626e88629c2bd39 |
| SHA512 | ba32d0312f03ae33d50c1982f5e3bb8dd913dc82ef2b6b5fd05b69ea6d993d0ff9879299ad79e10b3b113d246e867a0d0f579014c3ac4872b62f399fb5e4bf50 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f5c59962a3995e8284306524fd4636a7 |
| SHA1 | ea763039a4a135f6a8ee90bf00bd2eb942a46821 |
| SHA256 | b5772efd6b7a302cd1f7b99cc79033fa412a59cca7232deb3d07f0bd4cf0fe38 |
| SHA512 | ef9cd9ed1038c9be2d92e738cbfcb49609f2fdaf12858297949bdd6fa013837da2a1c3dabd73b3ea044370faad65ec1fab0a45a90b89a96bc0c7d1ce316e19dc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 5f911e85ae8b754bd4ecdec7e5cc3cd3 |
| SHA1 | 1b091379f3c4f498063139013e82f948f0483719 |
| SHA256 | ce2835e57ead7b09c45bee5dc0da6b07b196b57675da26521c0d4ea07137fb14 |
| SHA512 | 2197a932ff11b2bba7e3700713b96c4afd8b3f0d2742022d873cc6c6584b67fb4289a30136b25e29850f07c4005cbdf69c0551c35997468dde75a9770798bad0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
| MD5 | 22608b3f9078401c98f7197197603659 |
| SHA1 | bb768cd94fb9a62893847bc7a513fcfc015486b0 |
| SHA256 | 35fcae3015f98efac3e1e293af3134c1991e1e0ff71b71ccec8f650321c9cb17 |
| SHA512 | 13a540853875a7acab483b3862131f2ad4f484ae8d68eb0888d28f818d9d7d491928f32ea04e2a6f3514cadf02d33cfb54151df70c86d4119bcb4e1b3ec0338a |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 03d43ffc0e42cf63b90521631585547c |
| SHA1 | 539963fd46430ef99883858a6436d3f0637a9a39 |
| SHA256 | c5f079498c40f74aca7d562d5e1464d49308b15f7c6885c043ecca9f1754a0fa |
| SHA512 | 18e7a99c2ccb09a7168cc34340ca8d24036ae1381abd304c8ef75b6b006ad7bd3c05dbe8c5c39a21105f228dd957bc48701d640677b7fe7744fb2247d1d5467f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5e32772ef155a655ea47977d2056831d |
| SHA1 | 47318b16625fdae847a5fc20d1b6348a486e3373 |
| SHA256 | 7eb4f390431a6e9fefbab5392a192977d97dafae4bed0e56c26f276659bbfea5 |
| SHA512 | 6fb19a619e540d92b6842497bc398265d516903afb33004e9ca893fbae8a1df9f494b0d9f1078162da0ccb546394c4e7503ff89b567e8668de1d90828b28f805 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 4c185af08e1b6274dca5e4c5e59b0371 |
| SHA1 | f7eb0d3a1c34d340e09358579ca111738fe17e15 |
| SHA256 | c48e95f35762fccb8954ee94cc07068a5604fa54803078d9d2a622fb5b2a81e6 |
| SHA512 | 3562d9862edcd114a9e89c488ef534da6c87618568d0d3cad013d330aa25fbfe6c2dbcaf629690f2fbad33321842a0483974759e8f60c1f1d28ad6771b7a9714 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e2a0d529cc03d1d938bb27fe815d0213 |
| SHA1 | 96771a79960eab32db19584d6c05a3b1aa61f032 |
| SHA256 | e7939cd02a5a800b24c4a8d9b0ecf73adcbaba602996108e45639e2b9f702867 |
| SHA512 | 44a8a00489d29bebfff9fdab5e52a55a190269c0186081576dd70aad304898ba1bdfc7a2721f12e9439a97abd289c22edce8c138f788472fc43c2cf5abf70de4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a0e4d762e58514ea7af01ec64aa4bb77 |
| SHA1 | f23bf988eaec2440b768803f1b265ad238231b3d |
| SHA256 | b110b63d9230e394eae23e5dd09b22a5d673927390a1c949c00c74d42a1ee854 |
| SHA512 | c1c6e23e99acaa9eff153684ee8383077dff16b9349b8279a76b76d5fa471a2f3c4409ee676186951b544a6c643b1563e39ea9a444fc5ab2f063a8245c9a5f90 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 014f9e6c53a45be98b509f2641efa9e1 |
| SHA1 | 7c97cef45582bef77416827a324cef95f94e224e |
| SHA256 | b3213131fddd9688384e5b85792d785ab9bc7dfae85a69940fb6c6f82f928e03 |
| SHA512 | 624c5fb5ce30b30a7e2b1dc478b1dc48128b423c4a67656040509191fb2ce1bc1de2a96df85fdd1a89c3d732ab032f8b2396fcc232f88d488b7a64ecb0e72b02 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b9a2dd33839ae2338e548af3f7d26a59 |
| SHA1 | 089417d919dc79646fdeb0881df0eceb663a526d |
| SHA256 | b7ca8b868a1bc9f9a5300367c533ad9129f09f3bbdb18d03cfa0e01bbee879ee |
| SHA512 | 1b64e8468dd1dd48df4dc99d432a35ae4daa52440d5719a8e5954c22bd3488d3e71f2265349294191ecb3f0d4ac07edeffec8da50bb4b70fd7fad1b060a4b5fe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore.jsonlz4
| MD5 | 5fb8ce6e87896dbe40e75f2b4fd3bdad |
| SHA1 | c6e34916e29d90ba2bdd022580976d3dbedc3301 |
| SHA256 | 0caef32b68ed033887ac9fa6094aaeab2b8e7f0f48a9fca29f2c502cc01aab55 |
| SHA512 | 06b42e0a32c19759f6f8e04e1656fbcfc76b290be0df5a82a3b7878015fe6b40b05a7a86e9439ec82ba635282685716b29089690449aa2c36dc3dea0d8007c51 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
| MD5 | 8e3be2715cfe0d8945ad54b3a6ec185b |
| SHA1 | 0a0e1b9fb4b9d3f7574a1070977be3d875d06c6d |
| SHA256 | ee2196fc2fd840aa102be18c44572c225cbebabad1b9ad8015e89d7f7e75a7d3 |
| SHA512 | 0a8d8bdaf4183f5d533bbf6509cbd66dcfe94cc5f11a6932c9b330877e58e2420609fb3fcac8fe95fa45ef6b6699fbbab8ec42e516eab5c94dab629f0aba3d5f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\datareporting\glean\db\data.safe.bin
| MD5 | b1c8aa9861b461806c9e738511edd6ae |
| SHA1 | fe13c1bbc7e323845cbe6a1bb89259cbd05595f8 |
| SHA256 | 7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70 |
| SHA512 | 841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 1c3c58f7838dde7f753614d170f110fc |
| SHA1 | c17e5a486cecaddd6ced7217d298306850a87f48 |
| SHA256 | 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d |
| SHA512 | 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
| MD5 | e6bc4a231f31292e163edcf78bbefa64 |
| SHA1 | b856762695f4c3c3188bf45b831c5176a97ff1cb |
| SHA256 | 44cdf96447147f0878c9d4c5380a3a5fd0ee0d1bb6ba5baca75717d21f81c8c0 |
| SHA512 | 0ef0c09ee341542ddeb3091a24773289fc58f187f99a5b543c26efacdbc851ea66ede556c9f63c86fe0ee18bee1506e77fa7d20be5435706017a4a91788332c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c06cbe9bfbc2e8e625871071fa0e6618 |
| SHA1 | 5859cb572b7bab4cef2591a393ac408c7e84b834 |
| SHA256 | 2e22f934d9aa5fc73b7009890c039a11baea4651007723f860d326d59ac7ed43 |
| SHA512 | cae0b3a86fce69a9a8d091ce3080257fe9330c8dfe7d3731476768a626a184184c5f47acd93e393218eec26920eccdd92118e845d99e01e5142abe2ca7023408 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7a664458f626c817efa2e25eca77cbaf |
| SHA1 | 07220322c6b64a4d3baa0e2b6b4fa0d9c76fba3e |
| SHA256 | 7a7a7df1f09f63b9b3618fb5e79f9317ff4202755f6f87b1c8a53564d495046b |
| SHA512 | df15501e9cde9c8d85e4e68904c244fee8317b68d2f6fbfc7690e45dbd36d0dfb0085b2df9dea8240cce33e1414143045d555046ffbf2f3582b6575169f6d995 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
| MD5 | bdd88b4321cb0cc47fd03632f15a9a95 |
| SHA1 | a7ec5a99796bc80d08427498627d337d4605a2b7 |
| SHA256 | 8439fffa912fee1667d3b629a3505a735e2b124de86ad59cabc05a76399586f6 |
| SHA512 | c799c7e17075eeee520b3c0e0defbaf290e61e1eddf019d44a66ce4f2f28b1232aaa5bc40defdc66601a3ae54ea53c80b1aa1c97d5988c34adce52096864deac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 012b9be5f2611f8b7106ba6ea06d83fe |
| SHA1 | 6f1d6cc36c79ec52aaacf52b7921a9fbc9097da7 |
| SHA256 | 8bee68a1658a64b3083e5e8eaf6f03517681167a2a6b56a5c32f99ded657d620 |
| SHA512 | 79ccd60cd966dadc7d6c5109bcb40a8bc2fbf14671233cdce14de2d1af163af4fa55f0931c0f9a5d3be63c2e4b85ef56d17e9c71b2c875b19cea887b7cc392b4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\1214
| MD5 | efb256ccaf5e5bef94f7ed31732b316e |
| SHA1 | ea4d06a01e48bf63ae053d4702f25c1ded466c1e |
| SHA256 | 588146fcf0ff7c319b513be0bd3ffe40bce8f15497a9f7c6f610036c488f5219 |
| SHA512 | fc9c5abe29f8dbb950d9ea26a11889e76218e8c364cda63ced5fbe2181f774b7e144def7ccb6327c448e332c00d1eefd2b364a9766cf8b058dce7a5b16a3ce91 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\11011
| MD5 | 014dc82bd38596c598c1e0a16ecbdc06 |
| SHA1 | 85bb320696b1798060f8ec2fcbae9af8751fa1c2 |
| SHA256 | 4b4b0497cb335f56dd7e9416c0a5c19d775caf610ac5ecf08c1cee683579c174 |
| SHA512 | b3ec7aaa10bd4b57473e1c7de59d5358abaf00745bce2e1c1d98ffb6bbe12503d1b4b185d21cb4d70f44a71ec38bac4a61a1e8c7d82a4a7cf12eff6e0a28bfed |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\5311
| MD5 | 91b72c1c916fc329ee95e2375a1ff1f8 |
| SHA1 | d315c46269a6bce48f2311009a285e8859303d7b |
| SHA256 | fc3827c9f85153a70fac72cce456f8d8df1a6e429f7840cc888fcb071de180aa |
| SHA512 | 21a6ddc339f8c8117422d0f5e5dfc0492e5c9f4820d7ae039e90dfddbe342f26a2d3c6f6641caeae47fd13053fcb8b0da8f919fb45a12381599e85673420af3f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\18374
| MD5 | 23ed38f9b4d017f027ffd88397706ba7 |
| SHA1 | 13d72b16e80502f2488a34cd7f7466fdf76bb5a2 |
| SHA256 | 0a87f5376a6c6c75edffb4d7eff4fa42bb0f1c4d566647f46a5c68580734db44 |
| SHA512 | dcc266a6d5ea67b7e1dc8f9fbbbf0975c59525b47ebc57be613de96137d56a13ebd3b8618c90e0526bcadc7f0aa276d020fd53e82bfabec584af9f6766e05489 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\crashes\store.json.mozlz4.tmp
| MD5 | a6338865eb252d0ef8fcf11fa9af3f0d |
| SHA1 | cecdd4c4dcae10c2ffc8eb938121b6231de48cd3 |
| SHA256 | 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965 |
| SHA512 | d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b525e570047764ab1053f5d3e7b201d6 |
| SHA1 | 679e0da1d9ae83a7782caf3fc1525a5724d82af3 |
| SHA256 | f7680354e7fb496e586af737466335b7106fea5b8eff5c457c1bdd0479e40b9a |
| SHA512 | 00c0684ae121a599cf5362eb95005ee9c85ed0b00fbabb2eaaf89c3ce926a608c647d61bc11a34853422282017a7bac2e2095a2dff0a4110e8ff7e2da1319901 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3e926f008d39cc6cf6aa9f06495be839 |
| SHA1 | c5ae38d9f302e604856a3160bb4d0e649a5c248e |
| SHA256 | 8c27140676be2d0155b562fbc998af2585bbd4c4a57c4e9db9a1b82d6f26fe53 |
| SHA512 | 444221f419cc39d6832b1650ad82f6c43d3bc992af58358b74222d595037ba96688091a8038940dabf505286d23000fc0a1be88a7e7c00f3bb4098c419df3f0b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\04D78A37F890F76BE84C93ED8B68114A1E4FB96D
| MD5 | 9581d2ff75c2d1409cb07ffef7551dbb |
| SHA1 | 7e692c008859d4eb79dddebcd8a980d6250187b9 |
| SHA256 | f98d9a6e5efaae9769deee99c950794ca0154225fbc7037eae940593c1b47c8b |
| SHA512 | dbeecdb95df54aa6055a101bc9157aa8e358a19dac9c6bda8ce5883d9d503204eb1154f53c6eb7d0dcf14353a96f78a3a05ac6a44f63b744829e78899f98c2ba |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\18521
| MD5 | 7b312fe0789eb9e61ecac2a012a1f2ae |
| SHA1 | 21bb695ec2a0f9e6b65ba88ebd947bd3acd8ed5b |
| SHA256 | 351fcc169ad1146163e714ec9f78146e16412e5ab926f29bec95df26203efb28 |
| SHA512 | f0d46b02cfa448df766b884c0b625f427fe6bba2585be493574e7162ad92257b1408250fb35d9fdfe7788183a57cf75c3e3e6cc134a4996dfefeb9f6ec0b92b6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\5841
| MD5 | 0f28c0b07dae6622ed3847483ca6c274 |
| SHA1 | 181954e2aaa6e9f7ef675c3d31581f5430db481e |
| SHA256 | 96952a15176e79719e4cb50150fcbdea9f638c6f787cb8df1463a812b9a1d396 |
| SHA512 | 7ffdcc8b24c679e741852364a2c460e4d5af979cb002b1a7b8f2a3bc2210a435f23fde73e766494f9fed00f3a4dc880dfda6f3e2e03f68d573f1eb34505e7181 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\25435
| MD5 | 51cf6f9efe8ab414a9e45a4555eeabe3 |
| SHA1 | d8cef8b699229916f0b1dbae38f9eff62e94474d |
| SHA256 | 77088da138a025dc5c1831d9507a0e01b63e3306f746bdd2e2257877a495ff47 |
| SHA512 | bfb671a8a14c8e7e6d463aeaf01092879612bccbcb5860698e9c549999aca668c469a5f1cac3ef551539ddf2c77ab72da77afa29a5b71e7054b1c1423f9099d0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\19399
| MD5 | 1db1d4cb4923650c8a174b703840cbe8 |
| SHA1 | d38679ee18f25bc10c2f9c2cda1ac3bc0854feab |
| SHA256 | 85231635f14a9f706ea3e30255bdffc30f44b13b8440cbf7b52f5b8fe364bdc2 |
| SHA512 | 751cc33bb3e0ef0108ef1ebe6eb9ffa1387f1fac8f1aedda54c0d68abb23b56d1f5c2a4e184de6a2e4d57ed3367ba7fa4f48207051cfc095c0451d72e7db90fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\doomed\29196
| MD5 | a1826f4eec62200e0bf6a989c241c0c3 |
| SHA1 | ee1bb8f3fe0e043444655efac672fcdd152cb79b |
| SHA256 | 99de2df2af0f60e8dc40b8784fcdfe8360007afbf1e822b771364be0ed620467 |
| SHA512 | c90fd345653654d1460a42579b781f8727b7874f66049dc2aa726d8fc968934e826d51795fb0f48a029be44a11a67752212d3d986664e323c82eceae75c262b3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 99af09718cc0c7afef2124bccf492d8c |
| SHA1 | d4f8c2ad9acdc4ea049188911a8a56ae2d45e7b9 |
| SHA256 | 400b79b3d6abfe99ba6f0e9fb26f6e4625f8a00def5645042cf10e9cf82ff159 |
| SHA512 | f107da8ed1cce2384c843f1d3d814b1928108233cbc75022e0b20b936b5a5811091ee69d2387f1c8c84cf00aac08f41b9b18cba444f9e97dcb4aca096e0e2f29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 108474d1a76a9ca16e988c0ca59ae099 |
| SHA1 | bce09ec7f7e2e7683ba1e9958c6860a6b209afce |
| SHA256 | 017f9c67c4817fd3bc069654513c402bef9082ac457790bcd57066eb62106f61 |
| SHA512 | 4d3a34d7583bd4871a40c0dfb6bd22c919831fff4a3f6042951f63ba03e8be5f60e07640916754364005c1cb5b2bb95f960d876a91a5f4f77c8f81d32b1249ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1dccf49a18e63ec71427ff3a8ed84c9e |
| SHA1 | 88ffe694f6e1536bf78de461f505506e015ffa03 |
| SHA256 | 9b25061e8f0ddf9dabb2ac884bfd0661c0dcb7156f81eb26b96a07f1925c21f6 |
| SHA512 | f1c11865b04106bcabffd367a1615f7fcfef56c85ec3273ff1d9d342974e00b952687ba5337f3c663236d4763b05fe9106cf23c2e3af64fae7f0907c0cade1db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25dbdd6142c284bb94a97e2eb2542161 |
| SHA1 | 4d1b48616f8c98f6dda93a7c4d90cfdc0ab9c2b4 |
| SHA256 | d2dcdb0faaa6d06bf971fa9b32b0dbb4a14ab22754a72a4743b5648bc452e9cc |
| SHA512 | 01ac48b4e9e7b820164a32518bf1e2ccee6e90c8a4656934941a508a74e862deaf65bea958fdee00e97395485738b4be95fa72f076f72933b40c461c933da92c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4a48e7c122b8639d242dfa0da783eca7 |
| SHA1 | ddc5457143354d58acc80324ea9dccaaf78a7cf8 |
| SHA256 | d1e187e621c80aed648b7152d01661b7ee4095d7782ad3a40b064fdc38c8911c |
| SHA512 | 1f9b1ebf0bddf1d2a67b1665e6f009cc1a0bd7b51888841ed764df205afe3a8df20b843a319dfc8764aa3993e0273478e48db14c072f87b303f700a90d7685c9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d69f39f138a08a1aba665d8fd88b3ff7 |
| SHA1 | 9e64a5e48bb1b721da8311dc9dceb90504f06fc2 |
| SHA256 | 36edc33e185ebbbf16ee37697207ed85895b4023678e08c1f990aa98104afa8a |
| SHA512 | bf52c16609bc79bc683bf63118af2983362feb01161eb5c08139482f0c42084598fdb6e1740d5c96e35b1223bb70a20029379ad906743c232a39528fceddfc7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0ed77487008f6813a5de987cb133b86b |
| SHA1 | 404d737ead42c49a2c25a6ec2153d5f7fac0a0b6 |
| SHA256 | a86095f948d6fcba694e6feb46ee14af752362d215f28a0f55799d9f9b5b6895 |
| SHA512 | 046b2cb01ec33eba846faefadcd386f83f8b7ce9098d5fc16ca207f883d8905e7c2dda5bf728dde6232a9573f436ff13fdabccf254a99734990809c91f5054c1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms
| MD5 | d6f0e3f1403506ca12d7aac58f9690b7 |
| SHA1 | e96023a50f4fd9ed31f6f9959d4160384b759502 |
| SHA256 | b593151d9c406f5346775e7cf0232185600f622ce64848ff5e22396b8ec27aad |
| SHA512 | 6a79d1aaafdec37986113e95a83fa9f47b3c1d4ba0b5651e3d44d49959dc90a554fe5531ca3b8298bea12aea60610b78f031000c86c25563e4ae2fa5bb7b6fc7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 942744c083eceadb663755624cceec5a |
| SHA1 | 175ff52234763ca205174db953a56ca6fb97e0d4 |
| SHA256 | b35c75a0a84979d6a5ede6c2a598ff018760bd6e4e0f12e1adc062905930f916 |
| SHA512 | 0655e010bc6199ef6d9df1cf082239804bf341d616c6120256d04cde32333390b26450dd9a2293b0c7d3d4a39585081ae7d456c25b3c821c29ec805ba970d24e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2e5673bc8ce7e5186abdcf55a5fb8e64 |
| SHA1 | d3204298dcd6364b950258e88d734c298b89d60b |
| SHA256 | ca7458b15a256d08afcb3ac88d359c3b19df659fa1ee20d64ab0e30e01b0464d |
| SHA512 | 8ee54ba07508c9e4adf840bd9e91842d7c501a7ed6f5f30386b424f1b21ae85494d974d2582643ffebf67215979a8baed33ff450c33ecb52cd38ed21299057ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6e94c8df4eaf34295030ab65d72c2f0d |
| SHA1 | 314443de95dfe5d55994560902b67324fa59d153 |
| SHA256 | 4cd9d17659c8f46eaf1234494953cca427eb62a76b0b684fdb0823d22a61f1bf |
| SHA512 | 9d605970be5b01aac7a31c893b3a91d5d69aa27459d9c0a53c4bb5caabf3d45eb38e6d85649fd7458f502e9106d8faf54c152afa4abc7bf44c4c9af31707acd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d77ea0bbc723391960907af5e3c5f6a1 |
| SHA1 | 76b64183d3ca5f78bb3aed6a91f771ae57823e9a |
| SHA256 | 22ddf34256b9915696d25ca6f8b7d2a63e15d928b9f4245dfd754464f94ab4dc |
| SHA512 | a0034fbe056f9848498ac6777f4d8d57b9a1a512d8ce550b6a1ff402ddd86df8f5bb313ff81ccbed932345a93bad3dcddaac7c8dc16abde4f76081a8b92b62b4 |