8ec61fa81e9a6de62fba2cbb68aa9f74aef6d705945f0da21affd437e28a0106

Analysis

max time kernel
1049s
max time network
998s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 06:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcrat.rar
Size

44.1MB
MD5

daaa0c005719dd117b6e3733894d70e8
SHA1

89a49b157ecf9046fc2aeb8075b978873be8ba92
SHA256

8ec61fa81e9a6de62fba2cbb68aa9f74aef6d705945f0da21affd437e28a0106
SHA512

91a98f1beaf2e28fa3aff5f277430f831686483c99e9d1240394f99a170ddd792eea905daad904ae0ab44f521ad1252bd9b36ed6d6df53b2c26894181acd1fbf
SSDEEP

786432:qFbkjBI/lTfcE7WqmtCDLyd4pmj+9cYzsM07w5Dn3xEhaGpztBDCuYjv3WAi:lK76CD+ZS+YzoeL3Ohtqtve

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 5 IoCs

Processes:

DCRat.exeDCRat.exephp.exeDCRat.exephp.exe

pid process

832 DCRat.exe
3920 DCRat.exe
3916 php.exe
4800 DCRat.exe
3912 php.exe
Loads dropped DLL 2 IoCs

Processes:

php.exephp.exe

pid process

3916 php.exe
3912 php.exe
Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4000 icacls.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

66 raw.githubusercontent.com
160 raw.githubusercontent.com
65 raw.githubusercontent.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
832	DCRat.exe
3920	DCRat.exe
3916	php.exe
4800	DCRat.exe
3912	php.exe

pid	process
3916	php.exe
3912	php.exe

pid	process
4000	icacls.exe

flow	ioc
66	raw.githubusercontent.com
160	raw.githubusercontent.com
65	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609187530763957"	chrome.exe

Modifies registry class 64 IoCs

Processes:

chrome.exechrome.exejavaw.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	javaw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	javaw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	javaw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	javaw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	javaw.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	javaw.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	javaw.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	javaw.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4376 chrome.exe
4376 chrome.exe
3952 chrome.exe
3952 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

OpenWith.exe7zFM.exejavaw.exe

pid process

2428 OpenWith.exe
1028 7zFM.exe
2148 javaw.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4376 chrome.exe
4376 chrome.exe
4376 chrome.exe
4376 chrome.exe
4376 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

7zFM.exeWMIC.exeWMIC.exe

description	pid	process
Token: SeRestorePrivilege	1028	7zFM.exe
Token: 35	1028	7zFM.exe
Token: SeSecurityPrivilege	1028	7zFM.exe
Token: SeSecurityPrivilege	1028	7zFM.exe
Token: SeIncreaseQuotaPrivilege	3652	WMIC.exe
Token: SeSecurityPrivilege	3652	WMIC.exe
Token: SeTakeOwnershipPrivilege	3652	WMIC.exe
Token: SeLoadDriverPrivilege	3652	WMIC.exe
Token: SeSystemProfilePrivilege	3652	WMIC.exe
Token: SeSystemtimePrivilege	3652	WMIC.exe
Token: SeProfSingleProcessPrivilege	3652	WMIC.exe
Token: SeIncBasePriorityPrivilege	3652	WMIC.exe
Token: SeCreatePagefilePrivilege	3652	WMIC.exe
Token: SeBackupPrivilege	3652	WMIC.exe
Token: SeRestorePrivilege	3652	WMIC.exe
Token: SeShutdownPrivilege	3652	WMIC.exe
Token: SeDebugPrivilege	3652	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3652	WMIC.exe
Token: SeRemoteShutdownPrivilege	3652	WMIC.exe
Token: SeUndockPrivilege	3652	WMIC.exe
Token: SeManageVolumePrivilege	3652	WMIC.exe
Token: 33	3652	WMIC.exe
Token: 34	3652	WMIC.exe
Token: 35	3652	WMIC.exe
Token: 36	3652	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3652	WMIC.exe
Token: SeSecurityPrivilege	3652	WMIC.exe
Token: SeTakeOwnershipPrivilege	3652	WMIC.exe
Token: SeLoadDriverPrivilege	3652	WMIC.exe
Token: SeSystemProfilePrivilege	3652	WMIC.exe
Token: SeSystemtimePrivilege	3652	WMIC.exe
Token: SeProfSingleProcessPrivilege	3652	WMIC.exe
Token: SeIncBasePriorityPrivilege	3652	WMIC.exe
Token: SeCreatePagefilePrivilege	3652	WMIC.exe
Token: SeBackupPrivilege	3652	WMIC.exe
Token: SeRestorePrivilege	3652	WMIC.exe
Token: SeShutdownPrivilege	3652	WMIC.exe
Token: SeDebugPrivilege	3652	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3652	WMIC.exe
Token: SeRemoteShutdownPrivilege	3652	WMIC.exe
Token: SeUndockPrivilege	3652	WMIC.exe
Token: SeManageVolumePrivilege	3652	WMIC.exe
Token: 33	3652	WMIC.exe
Token: 34	3652	WMIC.exe
Token: 35	3652	WMIC.exe
Token: 36	3652	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1884	WMIC.exe
Token: SeSecurityPrivilege	1884	WMIC.exe
Token: SeTakeOwnershipPrivilege	1884	WMIC.exe
Token: SeLoadDriverPrivilege	1884	WMIC.exe
Token: SeSystemProfilePrivilege	1884	WMIC.exe
Token: SeSystemtimePrivilege	1884	WMIC.exe
Token: SeProfSingleProcessPrivilege	1884	WMIC.exe
Token: SeIncBasePriorityPrivilege	1884	WMIC.exe
Token: SeCreatePagefilePrivilege	1884	WMIC.exe
Token: SeBackupPrivilege	1884	WMIC.exe
Token: SeRestorePrivilege	1884	WMIC.exe
Token: SeShutdownPrivilege	1884	WMIC.exe
Token: SeDebugPrivilege	1884	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1884	WMIC.exe
Token: SeRemoteShutdownPrivilege	1884	WMIC.exe
Token: SeUndockPrivilege	1884	WMIC.exe
Token: SeManageVolumePrivilege	1884	WMIC.exe
Token: 33	1884	WMIC.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

7zFM.exechrome.exe

pid	process
1028	7zFM.exe
1028	7zFM.exe
1028	7zFM.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe
4376	chrome.exe

Suspicious use of SetWindowsHookEx 39 IoCs

Processes:

OpenWith.exejavaw.exejavaw.exechrome.exechrome.exejavaw.exe

pid	process
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2428	OpenWith.exe
2148	javaw.exe
2148	javaw.exe
2024	javaw.exe
2024	javaw.exe
2148	javaw.exe
2468	chrome.exe
1044	chrome.exe
2148	javaw.exe
2148	javaw.exe
2148	javaw.exe
2148	javaw.exe
2148	javaw.exe
2148	javaw.exe
2148	javaw.exe
3516	javaw.exe
3516	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

DCRat.exejavaw.execmd.execmd.execmd.execmd.execmd.execmd.execmd.exeDCRat.exejavaw.execmd.execmd.execmd.execmd.execmd.execmd.exechrome.exe

description	pid	process	target process
PID 832 wrote to memory of 2148	832	DCRat.exe	javaw.exe
PID 832 wrote to memory of 2148	832	DCRat.exe	javaw.exe
PID 2148 wrote to memory of 4000	2148	javaw.exe	icacls.exe
PID 2148 wrote to memory of 4000	2148	javaw.exe	icacls.exe
PID 2148 wrote to memory of 1904	2148	javaw.exe	cmd.exe
PID 2148 wrote to memory of 1904	2148	javaw.exe	cmd.exe
PID 1904 wrote to memory of 3652	1904	cmd.exe	WMIC.exe
PID 1904 wrote to memory of 3652	1904	cmd.exe	WMIC.exe
PID 2148 wrote to memory of 3108	2148	javaw.exe	cmd.exe
PID 2148 wrote to memory of 3108	2148	javaw.exe	cmd.exe
PID 2148 wrote to memory of 4692	2148	javaw.exe	cmd.exe
PID 2148 wrote to memory of 4692	2148	javaw.exe	cmd.exe
PID 4692 wrote to memory of 1884	4692	cmd.exe	WMIC.exe
PID 4692 wrote to memory of 1884	4692	cmd.exe	WMIC.exe
PID 2148 wrote to memory of 4060	2148	javaw.exe	cmd.exe
PID 2148 wrote to memory of 4060	2148	javaw.exe	cmd.exe
PID 4060 wrote to memory of 216	4060	cmd.exe	WMIC.exe
PID 4060 wrote to memory of 216	4060	cmd.exe	WMIC.exe
PID 2148 wrote to memory of 2960	2148	javaw.exe	cmd.exe
PID 2148 wrote to memory of 2960	2148	javaw.exe	cmd.exe
PID 2960 wrote to memory of 1288	2960	cmd.exe	WMIC.exe
PID 2960 wrote to memory of 1288	2960	cmd.exe	WMIC.exe
PID 2148 wrote to memory of 64	2148	javaw.exe	cmd.exe
PID 2148 wrote to memory of 64	2148	javaw.exe	cmd.exe
PID 64 wrote to memory of 2692	64	cmd.exe	WMIC.exe
PID 64 wrote to memory of 2692	64	cmd.exe	WMIC.exe
PID 2148 wrote to memory of 4592	2148	javaw.exe	cmd.exe
PID 2148 wrote to memory of 4592	2148	javaw.exe	cmd.exe
PID 4592 wrote to memory of 4700	4592	cmd.exe	WMIC.exe
PID 4592 wrote to memory of 4700	4592	cmd.exe	WMIC.exe
PID 4524 wrote to memory of 3920	4524	cmd.exe	DCRat.exe
PID 4524 wrote to memory of 3920	4524	cmd.exe	DCRat.exe
PID 4524 wrote to memory of 3920	4524	cmd.exe	DCRat.exe
PID 3920 wrote to memory of 2024	3920	DCRat.exe	javaw.exe
PID 3920 wrote to memory of 2024	3920	DCRat.exe	javaw.exe
PID 4524 wrote to memory of 3916	4524	cmd.exe	php.exe
PID 4524 wrote to memory of 3916	4524	cmd.exe	php.exe
PID 2024 wrote to memory of 2172	2024	javaw.exe	cmd.exe
PID 2024 wrote to memory of 2172	2024	javaw.exe	cmd.exe
PID 2172 wrote to memory of 1028	2172	cmd.exe	WMIC.exe
PID 2172 wrote to memory of 1028	2172	cmd.exe	WMIC.exe
PID 2024 wrote to memory of 3372	2024	javaw.exe	cmd.exe
PID 2024 wrote to memory of 3372	2024	javaw.exe	cmd.exe
PID 2024 wrote to memory of 3488	2024	javaw.exe	cmd.exe
PID 2024 wrote to memory of 3488	2024	javaw.exe	cmd.exe
PID 3488 wrote to memory of 4792	3488	cmd.exe	WMIC.exe
PID 3488 wrote to memory of 4792	3488	cmd.exe	WMIC.exe
PID 2024 wrote to memory of 3684	2024	javaw.exe	cmd.exe
PID 2024 wrote to memory of 3684	2024	javaw.exe	cmd.exe
PID 3684 wrote to memory of 2292	3684	cmd.exe	WMIC.exe
PID 3684 wrote to memory of 2292	3684	cmd.exe	WMIC.exe
PID 2024 wrote to memory of 2724	2024	javaw.exe	cmd.exe
PID 2024 wrote to memory of 2724	2024	javaw.exe	cmd.exe
PID 2724 wrote to memory of 1108	2724	cmd.exe	WMIC.exe
PID 2724 wrote to memory of 1108	2724	cmd.exe	WMIC.exe
PID 2024 wrote to memory of 2396	2024	javaw.exe	cmd.exe
PID 2024 wrote to memory of 2396	2024	javaw.exe	cmd.exe
PID 2396 wrote to memory of 3396	2396	cmd.exe	WMIC.exe
PID 2396 wrote to memory of 3396	2396	cmd.exe	WMIC.exe
PID 2024 wrote to memory of 4064	2024	javaw.exe	cmd.exe
PID 2024 wrote to memory of 4064	2024	javaw.exe	cmd.exe
PID 4064 wrote to memory of 4960	4064	cmd.exe	WMIC.exe
PID 4064 wrote to memory of 4960	4064	cmd.exe	WMIC.exe
PID 4376 wrote to memory of 3532	4376	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dcrat.rar
1⤵
PID:3924

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3688

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\dcrat.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1028

C:\Users\Admin\Desktop\dcrat\DCRat.exe
"C:\Users\Admin\Desktop\dcrat\DCRat.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:832

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dprism.dirtyopts=false -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllI.jar;lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllIIilIl.jar;lib\IIlIlIllIIlIIllIIllIIlIIIllIlIlIlIIIIlIlIllIIlIIllIIIIIllIIIIlIIIlIIlIIlIIlIllIIlllIIIllIIIlIIlIllllIllIIIIlIIIlIllllllI.jar;lib\IlIIlIllllIIIIIlIlllIllIlIlIIIIIlIIIlIlIlllIIllIllIIIIIIlIIlllIIIlIIIlllIIIlllllIlIlIlllllIIlIllIIlIIlIIlIIIlllllllIlIII.jar;lib\IlIlIIIIIIIlIlllllllIllIIlIIllIllllIIIlIIIlIlIIlIIlIIlIllIlllIlIlIIllIIlIIIIIIIlIIIIIIIIIlIlllIIllIlIIlIIIlIlIlllIIIIIIl.jar;lib\IlIllIIllllllllIlIIlllllIIIIllIIIlIIlllIIllIIllllIIllIlIIIlIIIIlIIIIIlllllllIllIIlIlIllIIlIlIlIIllIlIllIIIlIIIIlIllIIIIl.jar;lib\IllIIIIllIlIIIIlIlIllIIlIIllIIlIllIIlllllIlllIllIlIIlIIlllIIlIlIlIllIllIIlIIIlIIIllIIIIIllIIlllllIlIIIIIlIIIIIIIIIIIIlII.jar;lib\lIIllIIlIlllIlIlllIlIIlIIIlllllIIlIlIIllIllIlIlllIlIIlIlIlIIllIlIIIIIllIIlIIlIIlIIllIIIlIIllIlIIIIlIlIIlIIlIllIIlIIlIlIl.jar;lib\llIlIIIIlIlIlllllIlIIllllIIIlIlIllllIIllllIlllIIlllllIIlIlllIIIIIIlIIllIIIlIlIlllIlIIIlIIIIIllIlllIlllIIllIIllIlIlIIlllI.jar;lib\llIlIlIIIllllIIIllllllllllIllIlIlllIIlllIIlllIIllIIllllIlllIIIIIllllIIlllIIllIIIIlIlIlIlIIIlIIIlIlIlIlIIlllIIlllIlIlIlII.jar;lib\lllIIlIlIIlIIllllIIllllIIlIllllIIIlIllllIIllIIIlllIIIIIIlIIlllIIllIllIIlllIlIIlIlIlllIIlllIlllIlIIlIIIllIlllIIIlIIIIIlll.jar;lib\lllIlIIIIIlIllIlIlIIllIlIIIlIIllIllllIIIIIllIlllIllIIllIIllIllIllIIlIlllllIIlIllIllIIlIIlIIIllIlIlIIlIIIIIIIllIIlllIllIl.jar;lib\llllIlIIIIIllllIlIIIlIllIlIIIllllIIIllIllllIIlllIlIIIlllIIlIlIlllIIlIIIIlIIIIlllIIlIIlIlIIIIIIIIllllIllIlIIIlIllIlIlIIll.jar;lib\llllIlIIlIllllIlIlIIIlIIIlIllIlIIIIlIlIIlIlIIIIllIIlIIllIIIllllIlIllIlllllIIIIIIIIllIllIlIlllllllIllIIIllllIIllIIlIllIll.jar" org.develnext.jphp.ext.javafx.FXLauncher
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
3⤵
- Modifies file permissions
PID:4000

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboard get Manufac ��
3⤵
- Suspicious use of WriteProcessMemory
PID:1904

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboard get Manufac
4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3652

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c USERPR ��
3⤵
PID:3108

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboap��3��
3⤵
- Suspicious use of WriteProcessMemory
PID:4692

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboap��3��
4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1884

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe CPU get Proc ��8�Y
3⤵
- Suspicious use of WriteProcessMemory
PID:4060

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe CPU get Proc
4⤵
PID:216

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where "'Index*'L��] ��\�X[�[X�\\"
3⤵
- Suspicious use of WriteProcessMemory
PID:2960

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where "'Index*'L��] ��\�X[�[X�\\"
4⤵
PID:1288

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe Path Win32_VideoConp��3�\��]�Y[��\�
3⤵
- Suspicious use of WriteProcessMemory
PID:64

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe Path Win32_VideoConp��3�\��]�Y[��\�
4⤵
PID:2692

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where "'Il*'L��] ��^"
3⤵
- Suspicious use of WriteProcessMemory
PID:4592

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where "'Il*'L��] ��^"
4⤵
PID:4700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\dcrat\123.bat" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4524

C:\Users\Admin\Desktop\dcrat\DCRat.exe
DCRat.exe
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3920

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dprism.dirtyopts=false -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllI.jar;lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllIIilIl.jar;lib\IIlIlIllIIlIIllIIllIIlIIIllIlIlIlIIIIlIlIllIIlIIllIIIIIllIIIIlIIIlIIlIIlIIlIllIIlllIIIllIIIlIIlIllllIllIIIIlIIIlIllllllI.jar;lib\IlIIlIllllIIIIIlIlllIllIlIlIIIIIlIIIlIlIlllIIllIllIIIIIIlIIlllIIIlIIIlllIIIlllllIlIlIlllllIIlIllIIlIIlIIlIIIlllllllIlIII.jar;lib\IlIlIIIIIIIlIlllllllIllIIlIIllIllllIIIlIIIlIlIIlIIlIIlIllIlllIlIlIIllIIlIIIIIIIlIIIIIIIIIlIlllIIllIlIIlIIIlIlIlllIIIIIIl.jar;lib\IlIllIIllllllllIlIIlllllIIIIllIIIlIIlllIIllIIllllIIllIlIIIlIIIIlIIIIIlllllllIllIIlIlIllIIlIlIlIIllIlIllIIIlIIIIlIllIIIIl.jar;lib\IllIIIIllIlIIIIlIlIllIIlIIllIIlIllIIlllllIlllIllIlIIlIIlllIIlIlIlIllIllIIlIIIlIIIllIIIIIllIIlllllIlIIIIIlIIIIIIIIIIIIlII.jar;lib\lIIllIIlIlllIlIlllIlIIlIIIlllllIIlIlIIllIllIlIlllIlIIlIlIlIIllIlIIIIIllIIlIIlIIlIIllIIIlIIllIlIIIIlIlIIlIIlIllIIlIIlIlIl.jar;lib\llIlIIIIlIlIlllllIlIIllllIIIlIlIllllIIllllIlllIIlllllIIlIlllIIIIIIlIIllIIIlIlIlllIlIIIlIIIIIllIlllIlllIIllIIllIlIlIIlllI.jar;lib\llIlIlIIIllllIIIllllllllllIllIlIlllIIlllIIlllIIllIIllllIlllIIIIIllllIIlllIIllIIIIlIlIlIlIIIlIIIlIlIlIlIIlllIIlllIlIlIlII.jar;lib\lllIIlIlIIlIIllllIIllllIIlIllllIIIlIllllIIllIIIlllIIIIIIlIIlllIIllIllIIlllIlIIlIlIlllIIlllIlllIlIIlIIIllIlllIIIlIIIIIlll.jar;lib\lllIlIIIIIlIllIlIlIIllIlIIIlIIllIllllIIIIIllIlllIllIIllIIllIllIllIIlIlllllIIlIllIllIIlIIlIIIllIlIlIIlIIIIIIIllIIlllIllIl.jar;lib\llllIlIIIIIllllIlIIIlIllIlIIIllllIIIllIllllIIlllIlIIIlllIIlIlIlllIIlIIIIlIIIIlllIIlIIlIlIIIIIIIIllllIllIlIIIlIllIlIlIIll.jar;lib\llllIlIIlIllllIlIlIIIlIIIlIllIlIIIIlIlIIlIlIIIIllIIlIIllIIIllllIlIllIlllllIIIIIIIIllIllIlIlllllllIllIIIllllIIllIIlIllIll.jar" org.develnext.jphp.ext.javafx.FXLauncher
3⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboard get Manufac ��
4⤵
- Suspicious use of WriteProcessMemory
PID:2172

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboard get Manufac
5⤵
PID:1028

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c USERPR ��
4⤵
PID:3372

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboap��3��
4⤵
- Suspicious use of WriteProcessMemory
PID:3488

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboap��3��
5⤵
PID:4792

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe CPU get Proc ��8�Y
4⤵
- Suspicious use of WriteProcessMemory
PID:3684

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe CPU get Proc
5⤵
PID:2292

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where "'Index*'L��] ��\�X[�[X�\\"
4⤵
- Suspicious use of WriteProcessMemory
PID:2724

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where "'Index*'L��] ��\�X[�[X�\\"
5⤵
PID:1108

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe Path Win32_VideoConp��3�\��]�Y[��\�
4⤵
- Suspicious use of WriteProcessMemory
PID:2396

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe Path Win32_VideoConp��3�\��]�Y[��\�
5⤵
PID:3396

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where "'Il*'L��] ��^"
4⤵
- Suspicious use of WriteProcessMemory
PID:4064

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where "'Il*'L��] ��^"
5⤵
PID:4960

C:\Users\Admin\Desktop\dcrat\php\php.exe
php -S 127.0.0.1:8000 -t ..\server
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffcb786ab58,0x7ffcb786ab68,0x7ffcb786ab78
2⤵
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=584 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:2
2⤵
PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
PID:3252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:1
2⤵
PID:640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:1
2⤵
PID:2036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3632 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:1
2⤵
PID:4672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
PID:2024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4616 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
PID:2560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
PID:3136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4732 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:1
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2204 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:1
2⤵
PID:4144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
PID:3868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3076 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1904,i,2401755843148254261,10708840739652838160,131072 /prefetch:8
2⤵
PID:5028

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\dcrat\123.bat" "
1⤵
PID:1808

C:\Users\Admin\Desktop\dcrat\DCRat.exe
DCRat.exe
2⤵
- Executes dropped EXE
PID:4800

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dprism.dirtyopts=false -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllI.jar;lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllIIilIl.jar;lib\IIlIlIllIIlIIllIIllIIlIIIllIlIlIlIIIIlIlIllIIlIIllIIIIIllIIIIlIIIlIIlIIlIIlIllIIlllIIIllIIIlIIlIllllIllIIIIlIIIlIllllllI.jar;lib\IlIIlIllllIIIIIlIlllIllIlIlIIIIIlIIIlIlIlllIIllIllIIIIIIlIIlllIIIlIIIlllIIIlllllIlIlIlllllIIlIllIIlIIlIIlIIIlllllllIlIII.jar;lib\IlIlIIIIIIIlIlllllllIllIIlIIllIllllIIIlIIIlIlIIlIIlIIlIllIlllIlIlIIllIIlIIIIIIIlIIIIIIIIIlIlllIIllIlIIlIIIlIlIlllIIIIIIl.jar;lib\IlIllIIllllllllIlIIlllllIIIIllIIIlIIlllIIllIIllllIIllIlIIIlIIIIlIIIIIlllllllIllIIlIlIllIIlIlIlIIllIlIllIIIlIIIIlIllIIIIl.jar;lib\IllIIIIllIlIIIIlIlIllIIlIIllIIlIllIIlllllIlllIllIlIIlIIlllIIlIlIlIllIllIIlIIIlIIIllIIIIIllIIlllllIlIIIIIlIIIIIIIIIIIIlII.jar;lib\lIIllIIlIlllIlIlllIlIIlIIIlllllIIlIlIIllIllIlIlllIlIIlIlIlIIllIlIIIIIllIIlIIlIIlIIllIIIlIIllIlIIIIlIlIIlIIlIllIIlIIlIlIl.jar;lib\llIlIIIIlIlIlllllIlIIllllIIIlIlIllllIIllllIlllIIlllllIIlIlllIIIIIIlIIllIIIlIlIlllIlIIIlIIIIIllIlllIlllIIllIIllIlIlIIlllI.jar;lib\llIlIlIIIllllIIIllllllllllIllIlIlllIIlllIIlllIIllIIllllIlllIIIIIllllIIlllIIllIIIIlIlIlIlIIIlIIIlIlIlIlIIlllIIlllIlIlIlII.jar;lib\lllIIlIlIIlIIllllIIllllIIlIllllIIIlIllllIIllIIIlllIIIIIIlIIlllIIllIllIIlllIlIIlIlIlllIIlllIlllIlIIlIIIllIlllIIIlIIIIIlll.jar;lib\lllIlIIIIIlIllIlIlIIllIlIIIlIIllIllllIIIIIllIlllIllIIllIIllIllIllIIlIlllllIIlIllIllIIlIIlIIIllIlIlIIlIIIIIIIllIIlllIllIl.jar;lib\llllIlIIIIIllllIlIIIlIllIlIIIllllIIIllIllllIIlllIlIIIlllIIlIlIlllIIlIIIIlIIIIlllIIlIIlIlIIIIIIIIllllIllIlIIIlIllIlIlIIll.jar;lib\llllIlIIlIllllIlIlIIIlIIIlIllIlIIIIlIlIIlIlIIIIllIIlIIllIIIllllIlIllIlllllIIIIIIIIllIllIlIlllllllIllIIIllllIIllIIlIllIll.jar" org.develnext.jphp.ext.javafx.FXLauncher
3⤵
- Suspicious use of SetWindowsHookEx
PID:3516

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboard get Manufac ��
4⤵
PID:3244

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboard get Manufac
5⤵
PID:4812

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c USERPR ��
4⤵
PID:3496

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboap��3��
4⤵
PID:2924

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboap��3��
5⤵
PID:1048

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe CPU get Proc ��8�Y
4⤵
PID:5092

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe CPU get Proc
5⤵
PID:2592

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where "'Index*'L��] ��\�X[�[X�\\"
4⤵
PID:224

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where "'Index*'L��] ��\�X[�[X�\\"
5⤵
PID:4500

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe Path Win32_VideoConp��3�\��]�Y[��\�
4⤵
PID:2632

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe Path Win32_VideoConp��3�\��]�Y[��\�
5⤵
PID:3032

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where "'Il*'L��] ��^"
4⤵
PID:4776

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where "'Il*'L��] ��^"
5⤵
PID:4564

C:\Users\Admin\Desktop\dcrat\php\php.exe
php -S 127.0.0.1:8000 -t ..\server
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3912

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
ce4026c5fae44ad280e56c5cc7765e40

SHA1
82a73225004e492bf375bf552af8e3a6507fca47

SHA256
89365689b231ad22f1aeb9ea11a472ba571275184153d781ae5931b021d01218

SHA512
5545fc5a6dfc2de29f2496899286f275ce7e18ca315197061e72483cf64df3ec3353ddf1d201ee1112061d57953463ee8d17e51fb87352845004decd8c19ffc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
Filesize
55KB

MD5
e0684539c2c25df2895664c53a664095

SHA1
addbf3ef23ebcbdaa3eea6ba585d49fe23bdf9b7

SHA256
9dde88381b93f41004cbefc4425fb2bbf48cc85d9fd102ea63d6c45758fc6e22

SHA512
ad003923802795104707f03e01b9f87f8996731afb419204067bad671cd2cb85d8a8b9d616178e6a14cec571e5f0cd2c29eb1dfe9ecb8e52965f9f9e436017ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
d92905951aabe0a00de9f1159a215f2d

SHA1
f585f440a8fb63b7cfb3f838d5c50d2921977c75

SHA256
e9de5112854efac1c25fed0ece5ea157511b9ee1073753c152353a0c437b78e5

SHA512
f86474b3e1730abf5181813c12d465f50017ec9009d4a0400b0acd9ac594275c2dcc787ffd44dfb92f0b63eadbcccf12de207f7d8098d9f4ae8fe9663f17c5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
1a3d5abf0901e546f6581e2ededb22cd

SHA1
02e75269b126a15231bd744a2c275ebaf348b1ea

SHA256
44e72700e5fa6819ee707bface2c4c3b8585f405eef3760feb24221164153670

SHA512
8b0e1e75a788c82d8a83113d050704f79c10930b6274fe807bd5a421c0da49a9409ad5135ebb4e78c903645c26c534cda8511a0455a28a574086c61405327292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
d13c3a7ee642e65ae9f491740b3dbe95

SHA1
cf5ff0d81d3ae408c56c6a81ae627e9f480e1b78

SHA256
289d8f8c9f0ee0bb29afa489c11d64ae9e3f7cb89bb758c8ccd80d51caae19e2

SHA512
ff2f339b340012b4287fbc190d4234d8cb1f9f9fb8938391c862572a99b27feca6c04e1fdf906bb54cb4169e3c3d26ae8c097a9db1d40ad786f37bbbaa1cce6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
744B

MD5
9315813f9ffd8066812ba027fec041dc

SHA1
f248f11041fdf805d8d092dc92111cfc6b07d89f

SHA256
adf4ba9a486f2b0dc7f603c9e872f15deea4f16e4c43ff0131581e8b20579597

SHA512
40060d58ab7c1b04ef2e10be1abb2bd1f7a3795511c348ee2d3163664e8bc1af38fbac19b0396cb3de68b29cab3551708ebb6ef26c5a6ca01f07663d838debdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
9d3f5642023d89b68168d091c194d255

SHA1
0f48573de580e325ab2a15a69ffaff0ea22b8744

SHA256
87370698f540e35150573ef3c9670aa93ab50d319c15f2e6d560fcd6f7424f14

SHA512
6227b5a947ab163ba12cfcc047b6176766eb57b0e1f4bd306def99f4cc46e2e9243933c13922f881f3746b196477ab926af43b000771fc57be9e24bcc46873bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
59ecf798d9b0baa2c4c057b65bb6e0c5

SHA1
1e1a0a44d8dbb93c42670026c19392bb1e34f36a

SHA256
9312e0704ce3d0f21deb68584f16bb6bce20bf4647f7442cda81c40403e341bd

SHA512
176d7a2c1dbdff74b004c02506f14d007e48b40de4d68dd06b5292ad6be544d97aa955c575dcd17f02ce3b5f88fde2bd968bbfca49b1b4e8209027b16c0e6a1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
7653f96da450fd1650152e39971a2dfa

SHA1
2771c4c5a0811a83946afd7615ca0da92a0610d6

SHA256
17dd4cff7bcf0b0bb2656cceda4f611c540ab4e6c6ea361ce7523378f2e6ff20

SHA512
7f13958ed03a4eb9bde726dfb6137ab42b038b26bd80e41905f529e006cb153b3e431583a38d0a2af5367a2b5343e759305f6baf80bd14640bda2a8eb0db1f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
8643aaff04adb4bfa4c81ae54aaf300c

SHA1
5c09a9153d0383afe7c9f279288d145704266838

SHA256
b775b84000ee26d97751c76ccefd62c2c3b9c712d2a198ecff679c099427080f

SHA512
d02f087fc1803c9ce84efd0f7c54ca2d26ebade833cc5186c27ebaccc4544f72dc8823d5a7f920914dd521462e2f6e967d59257337c6761242d515c597106817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
ccc827994a6f3db89ea381d368ed1155

SHA1
1b02a60f78464a65f62f596261f16c97ccf10d0d

SHA256
d8390ffdabd4c1480baf6eef8584776a50fd263b744c4ae14b159d40eb225782

SHA512
7eb469e07a84f1f58b8f822f478c9385be0907c38786cdad1309da8fe1b7fe03312430c318ab55cb0ea56e3d515f0fbfa3b3b69d866ff332a5fcec0ddc7ffce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
d31f34cd24d8759423da08f1a64b7caa

SHA1
e27d0a6a3ee6351614522d85734cb70ac369491f

SHA256
6610c5ed8f2e5cbdd1562c91182ed6bdbf1cd6482de8578c6e9118a256fa2d86

SHA512
67cc37d52a571052cda814c08e5c92e6667b24bf184ca12d77686cd7fada087cd37bf47143116d9e3c2925958dcbfd7535767f7f61901d9d2d5796bbf79f2c93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
f9ba8ed17190001e1eafc14eeb5c9600

SHA1
319b43fa0c6391c5db4d1feeb9ded4906b0cabe6

SHA256
d5febc2c1f55fb9808c4d349d9f4b46980bf828d5ecd0149b34fabe32cd29eec

SHA512
ff2a2f1e26ce42c0c893dd652edd545173f6e922ddfb32b216090e1186fe7adfc0e156363bd97f533a9391c7b3ffaeaa54a3385f033b908993ae174e2a61f792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
691B

MD5
b050daef653e44d9f037a491b60b12b5

SHA1
5b5a345e1063cf95f60edb9446b1cd2f6ebb3f8f

SHA256
535ce78d485dbaa8e9a2336517d450aa17d67ee95633ccd42be95da54cdce32f

SHA512
9dd426c57dea3ba7c02e8bd184c18d9863ec755d4ab7713dcba5c7cbafd1f3c8e20adfbb299e54382bc739483d5439234e245ac135b4270c9ce7058f6712b6bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
e2940a7a7e109b78c24ec7588041d145

SHA1
9ed12eaa97b83e7a9d59015b2f501bfabcbcb2dc

SHA256
29cc87ce0ace59c013fd8d81fd7a187329ed9cba71c3e3d5edb98786bf0aa77e

SHA512
d5f6dcbe81bb696849047d063f4075996bca27ad027d21b927b2c6fef23c73701de5a2f00927d459b8a08bff8ce61812b9557cdcadeec46d175a52349bfdb4d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6bbb230765a8921cbc88ab9e356a25b7

SHA1
3b8102b9f9c5f8e31e9011065f5401b908b6d027

SHA256
7140d0a8390e23c56191db5f258732122670e2bb9f2a349352c3b2d62db8e1cd

SHA512
81f68031150313dc7d3b92a6344d642f735ab745b39a315bb493543e21992fafa10b6b29ded0f9f38710b38d69b34b032bf1e3a4098e5d0503ddcc6aeaca9801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
53609064bca6760b2a6a730f49305939

SHA1
7f69e128cd8d4a600725bbf97d14ec0a71ee3872

SHA256
ddaf2f73cf2cad191cc047f7042b94c7e36aa0fd371b3b2951ba763cb14ffa57

SHA512
40ddf6d4488daeb263afcf5985ae1253cb215c64648bb32db4527e6763a99f790d6cf65f0b7151752291323b8cce53f29e163578b1636f579a7e4346638711b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
de3c43cee74489834afdbf3c139b7cea

SHA1
67b1f548c9dba9bfca99aa792f2308c215671fec

SHA256
60e47c54209a5cd7a46eea7e81d8d99b660f12db84a53f8a4cc5b2a1f8fa080f

SHA512
000fd80f878b9424a83ecaf52e329e43fafbc9591ecc7a6289f9fe0babc100b42583201e8e873f32fd98b311a99917ab91e763f4cfca3836c0ee1edc946eb29b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
877941ec51913859496a33576ff672bb

SHA1
52a9f6a8e9e542921772adf29f519da1fd11f2fb

SHA256
e6a7f93e2ab20061c17b307a43d7f5ed8b6a50c9f3a82edf5b6492b08c40b33a

SHA512
b9bb237c976f623060a5f0cb2ddcf1a9a7ecddc2e08dfa00879e6eb713c4f2b8a7eb65a2804ba497af21e12923ea8b2ffa7cb5b69d6cd009c2a50189d810f93d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
006d5811d68228289feac5a1bbd9cd29

SHA1
67e8a194899ea77dfb7db2171aeae9935298812e

SHA256
6bf49e051e8413cb8e2cb3ca7f8f9cf3cbfc6779b18b5a0fae11c97a899bc905

SHA512
f9080b720d5b8c8eadb430e677cd0b46aaecf764448c985d68be27145d31d4c17ad6fb0446904c08871ce8691f6b21f57a7eb4ce97d9a0f7d57144d1816a1672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ae76d707a88c1b9b219a97102f73e7c1

SHA1
6dcb23b0a91a387f084d36f103fe3d884f452e24

SHA256
f4354c240df0dc14f32aaf909c1e0a595e13fb07ba87c1d9a04f1ee3f7191fc6

SHA512
78975f5fa6c0ccff87dcad2abc77510fed0cd6bdd88b56cc634b9a1435d6746cbbab6083a049277aa2cafab71f06ed5a4008d7e0801eab7f1756612cc626ef0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6e63b1f3edc591ff5a6d33903ca061b9

SHA1
7ab206bf25fbbe473a432e4e42cd3c544df99f4c

SHA256
599cb9ff664ee9f747a699edadd1975e368afbe2a937d554d69a34342ca1cc8f

SHA512
54b1571a5bed0d3292e8b77459d12cb0da4a6d3f6f6bad6a32139e75afe5fe427b69c95682ca86ac459efc0d17872a52b2a4b9d49e29f9f9539ca4abe3eb9a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
75b76eb411082d5625ff8c4f7a3c23f5

SHA1
f414b251b56e5dbcea2330ff13bb5a3ed1fdfd41

SHA256
75e9fa10bc6c53096b3e5a19419b6a6c7e1403a53015832519ce23a86df655a5

SHA512
e761aa4f2ae79f5cc470eea01c4beee7242d28dc07419bb7321c852a80dbaca232335548b748c68c37ff211316a103e4e1a1b5ccfd82dab403a3e807a1ca0416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
ae1e408152c040f1992ddae6e18c8927

SHA1
c73c31299de427efa062bc15d76cb1581d570e65

SHA256
66d7f9db2df04b3e0da39b1995beeb3bf8adb6c551b9358248ddcd5a0edf343b

SHA512
49e59f3225dbd6c13fa914cf0486a3ecb878733897e50e32fa0a857d21f8c7a949ceba37454c476877c74e73d7f1d9fe805ec97232a57dec98b473a069e7dbc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
41d5faafc1981e845230338453c26167

SHA1
f6d26d4737988a17e337e43cbf2ea402e4b6ef3c

SHA256
f7defd3cfb7ff85575694091ba146ade19fb528b2e07cc702167cde398e2e016

SHA512
0d8cf4db4b0d8019ced41a849e15f0a02115e3fc3a2d378facfe49af97cff02a70f7f859cb9ecbea75871dbaffe9774cc3fd1a7b4bac72d79301b6229c33e114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
d43a7bbe03c2840357fdc9d40f1c6287

SHA1
bfcd7a070dd40e46270953950a555a3d0e6f7e32

SHA256
0283937f2f3d27e703e17dbe30742b2ce765100cac461419352825822e9069e6

SHA512
f524372bcda34861190f7c3555c66f38142d2e55be1a5c9942a8d72c4a69f2c6165c018abd6f16ba407533971e6847ce95e97060ea3c54cf55d360c7417ad44a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c49c2.TMP
Filesize
89KB

MD5
f7cddc558c88dbf4997a7166077f3bce

SHA1
0fd9e3680ce09a19f1e4847b90c27063797c7b78

SHA256
8b0fe3ea40183058940f7bdedf4ceb10adb01f54f94080c5e4fe310e212de68c

SHA512
c0fc578291f6425195c90aae01c89a580c9e82d498207d56fe620f3039221d42ecd541f25c2bdd1fb186f2c1be37ea86fe4585f5d505902781815bface715cf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE40456B78\dcrat\plugins\chat_native\fav.png
Filesize
2KB

MD5
a8e72c0e27750ce36da3110126c38afe

SHA1
e96bc3555f8ed8e715af94d492965b4e6597563c

SHA256
a4f7e5adde35c1979fbf2cc44b37e2907ec963468443e34262b207dd3dab81b8

SHA512
e43e2c6abb6006c783331cb8b0e290560bb65f7cfd0e113bbddb31a6978aee31fb39a2b22b38ef83f27d512152329d066bc270e640e8900b2746a2a4e0b4dd48

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2804150937-2146708401-419095071-1000\83aa4cc77f591dfc2374580bbd95f6ba_5a32ead2-14a8-4b34-b6a3-85cfb28e2fbd
Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\Desktop\dcrat
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\Desktop\dcrat\123.bat
Filesize
66B

MD5
572472c7cc450eedfcd8061e7f64eb96

SHA1
6d315e5521592f668dc2899eaa83f2ac9cbe99c4

SHA256
b449f5170c97f7328ce8ff6f2d741c489de4fc9640dcd1a4781349c60f25d934

SHA512
f89b64c7300aa52b1bba95f1a45fb1dcc1ef13ed81bb0e671159120f909bba94a9762de9c78056f1f535e2797efffa689e6e10b73ca3a0997b307361619883b6

Download Submit
C:\Users\Admin\Desktop\dcrat\DCRat.exe
Filesize
72KB

MD5
2c7d37e90dd8ab57d06dad5bc7956885

SHA1
da789c107c4c68b8250b6589e45e5a3cf7a9a143

SHA256
5ede5d774ab65f25357cf5a1fa5e354f6f2a9868651a0fa717485802b21b1939

SHA512
e74ae891771bfd9c6fcdfbe8e4f33f0d5f7c3457cd84b257500cdaf8fa8b16fe458a18db9b3a60591465982fc2871f4c3f2e7541c765f00a0516f805e7e9ca0f

Download Submit
C:\Users\Admin\Desktop\dcrat\back.o
Filesize
664KB

MD5
aef4b8423ae335762bbae012e2fc49d6

SHA1
87e31aa55052205cba347c62c595cd054b5a1585

SHA256
1dad158eebe2b6437b0ed6089495158be9e6ed7e31725894536888ab3f1a8b5f

SHA512
2aff6a5254e65d7b3d8d102cf5d28949d0de735f88a0e17d5a57c78cb3f54955622ff0e0dcf9389305bba31fa835fb706bd4c84a6400a84511f394582bdf8c3a

Download Submit
C:\Users\Admin\Desktop\dcrat\config.cson
Filesize
128B

MD5
abad3aaf668fa447d2a82ca6aa1d96d8

SHA1
e96bf53b6e819c8d1841c056ce05656fe3f544dd

SHA256
421c444a495ca95c91ccfb2f49bed456119841f5d70caf96588d9404f93828bc

SHA512
cda7f019fa630c4b095d16a7aa7072573e6d8514107b020e78a3dfdde5390b9a1941b878328163bfc6d7e3b0e1c672e58ac39829c0e2aff1551bb633810e4708

Download Submit
C:\Users\Admin\Desktop\dcrat\config.cson
Filesize
128B

MD5
89d45f6561ec090998f3c2d57fdb1a17

SHA1
a9d6cdacff8d921bc85332d10d110a8464643ed0

SHA256
4f4020d2d3b6fefba3dadae16681a7bc7f0c75d707d48ecbbcd5bf1a696f7857

SHA512
41eb86b8e0eecdea6a6e41de7e5ea2acc2e45eadfbfeaff23b918f068feb845787b3a918a66109c1de6df9b5515c1fc0229ba58a70a9fa86500b2dd4abcd9bca

Download Submit
C:\Users\Admin\Desktop\dcrat\history.cson
Filesize
428B

MD5
b0793c415db6944bfe0442fd5102cbad

SHA1
efeaed75daa2a2d8149110e1f6b5ab16bcbfa553

SHA256
a4f1391b33300ae12e69149a295dd761028d20d87e02caac1a6d8d9e114f3e32

SHA512
30e32f6e2ea9b5179a61447420030f7ddaa7de104dabefa23c61e16ea3093d61e379dc0ad6ea517948cbd49d43b779e1fac28d41af2d89a2b8f4b80589e06173

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllI.jar
Filesize
2.3MB

MD5
6316f84bc78d40b138dab1adc978ca5d

SHA1
b12ea05331ad89a9b09937367ebc20421f17b9ff

SHA256
d637e3326f87a173abd5f51ac98906a3237b9e511d07d31d6aafcf43f33dac17

SHA512
1cdca01ed9c2bc607207c8c51f4b532f4153e94b3846308332eccae25f9c5fddf8279e3063f44a75dd43d696eab0f9f340f9bf2f3ec805ab0f2f1de5135a426c

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\IIIllllIlIlllIlIIIIlllIlIlIlllllIIIlIIllllIIIlIllIIlIIllllIIllllllIIlIIIIIIlllIIIlIllllllIIllIlIllIlllIllIlIIIIIIIIllllIIilIl.jar
Filesize
5.5MB

MD5
f323bd3b1e342a856bf3036453cd01b2

SHA1
a8c48a731c350d1514ddcc6a99738cb93277fe14

SHA256
64bc153889ab341d4ec8e693fafe117651d3b627d1a608dad951f5b030aab26f

SHA512
764e1643f2f0b2a5c64e2fd52b2ed8cb3597469ec7ea2c28c2009c0d0b1f5e1dbbcc12b6cf36e94ae7db53bb9d118cd3d33ad92de0c3e256b751c5085e3489a4

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\IIlIlIllIIlIIllIIllIIlIIIllIlIlIlIIIIlIlIllIIlIIllIIIIIllIIIIlIIIlIIlIIlIIlIllIIlllIIIllIIIlIIlIllllIllIIIIlIIIlIllllllI.jar
Filesize
464KB

MD5
7e5e3d6d352025bd7f093c2d7f9b21ab

SHA1
ad9bfc2c3d70c574d34a752c5d0ebcc43a046c57

SHA256
5b37e8ff2850a4cbb02f9f02391e9f07285b4e0667f7e4b2d4515b78e699735a

SHA512
c19c29f8ad8b6beb3eed40ab7dc343468a4ca75d49f1d0d4ea0b4a5cee33f745893fba764d35c8bd157f7842268e0716b1eb4b8b26dcf888fb3b3f4314844aad

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\IlIIlIllllIIIIIlIlllIllIlIlIIIIIlIIIlIlIlllIIllIllIIIIIIlIIlllIIIlIIIlllIIIlllllIlIlIlllllIIlIllIIlIIlIIlIIIlllllllIlIII.jar
Filesize
19KB

MD5
0a79304556a1289aa9e6213f574f3b08

SHA1
7ee3bde3b1777bf65d4f62ce33295556223a26cd

SHA256
434e57fffc7df0b725c1d95cabafdcdb83858ccb3e5e728a74d3cf33a0ca9c79

SHA512
1560703d0c162d73c99cef9e8ddc050362e45209cc8dea6a34a49e2b6f99aae462eae27ba026bdb29433952b6696896bb96998a0f6ac0a3c1dbbb2f6ebc26a7e

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\IlIlIIIIIIIlIlllllllIllIIlIIllIllllIIIlIIIlIlIIlIIlIIlIllIlllIlIlIIllIIlIIIIIIIlIIIIIIIIIlIlllIIllIlIIlIIIlIlIlllIIIIIIl.jar
Filesize
250KB

MD5
fe734f7ab030363362fe3d3ba5e8f913

SHA1
2e9d54e3b410557c51c3ea101d66efbb5266b80a

SHA256
03ead999502aefbf1380bd2e9c4a407acb7a92a7b2fe61f6995aba3fca85efd4

SHA512
303ecea5f3f1130f473cde0d78270090290b6f13311bf7459282257ac3097b2b6086db461183f2d8c97a9101372155bf59bbfa12a74925136d0a2a615b648b2a

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\IlIllIIllllllllIlIIlllllIIIIllIIIlIIlllIIllIIllllIIllIlIIIlIIIIlIIIIIlllllllIllIIlIlIllIIlIlIlIIllIlIllIIIlIIIIlIllIIIIl.jar
Filesize
688KB

MD5
6696368a09c7f8fed4ea92c4e5238cee

SHA1
f89c282e557d1207afd7158b82721c3d425736a7

SHA256
c25d7a7b8f0715729bccb817e345f0fdd668dd4799c8dab1a4db3d6a37e7e3e4

SHA512
0ab24f07f956e3cdcd9d09c3aa4677ff60b70d7a48e7179a02e4ff9c0d2c7a1fc51624c3c8a5d892644e9f36f84f7aaf4aa6d2c9e1c291c88b3cff7568d54f76

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\IllIIIIllIlIIIIlIlIllIIlIIllIIlIllIIlllllIlllIllIlIIlIIlllIIlIlIlIllIllIIlIIIlIIIllIIIIIllIIlllllIlIIIIIlIIIIIIIIIIIIlII.jar
Filesize
226KB

MD5
5134a2350f58890ffb9db0b40047195d

SHA1
751f548c85fa49f330cecbb1875893f971b33c4e

SHA256
2d43eb5ea9e133d2ee2405cc14f5ee08951b8361302fdd93494a3a997b508d32

SHA512
c3cdaf66a99e6336abc80ff23374f6b62ac95ab2ae874c9075805e91d849b18e3f620cc202b4978fc92b73d98de96089c8714b1dd096b2ae1958cfa085715f7a

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\lIIllIIlIlllIlIlllIlIIlIIIlllllIIlIlIIllIllIlIlllIlIIlIlIlIIllIlIIIIIllIIlIIlIIlIIllIIIlIIllIlIIIIlIlIIlIIlIllIIlIIlIlIl.jar
Filesize
50KB

MD5
d093f94c050d5900795de8149cb84817

SHA1
54058dda5c9e66a22074590072c8a48559bba1fb

SHA256
4bec0794a0d69debe2f955bf495ea7c0858ad84cb0d2d549cacb82e70c060cba

SHA512
3faaa415fba5745298981014d0042e8e01850fccaac22f92469765fd8c56b920da877ff3138a629242d9c52e270e7e2ce89e7c69f6902859f48ea0359842e2fb

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\llIlIIIIlIlIlllllIlIIllllIIIlIlIllllIIllllIlllIIlllllIIlIlllIIIIIIlIIllIIIlIlIlllIlIIIlIIIIIllIlllIlllIIllIIllIlIlIIlllI.jar
Filesize
16KB

MD5
fde38932b12fc063451af6613d4470cc

SHA1
bc08c114681a3afc05fb8c0470776c3eae2eefeb

SHA256
9967ea3c3d1aee8db5a723f714fba38d2fc26d8553435ab0e1d4e123cd211830

SHA512
0f211f81101ced5fff466f2aab0e6c807bb18b23bc4928fe664c60653c99fa81b34edf5835fcc3affb34b0df1fa61c73a621df41355e4d82131f94fcc0b0e839

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\llIlIlIIIllllIIIllllllllllIllIlIlllIIlllIIlllIIllIIllllIlllIIIIIllllIIlllIIllIIIIlIlIlIlIIIlIIIlIlIlIlIIlllIIlllIlIlIlII.jar
Filesize
103KB

MD5
0c8768cdeb3e894798f80465e0219c05

SHA1
c4da07ac93e4e547748ecc26b633d3db5b81ce47

SHA256
15f36830124fc7389e312cf228b952024a8ce8601bf5c4df806bc395d47db669

SHA512
35db507a3918093b529547e991ab6c1643a96258fc95ba1ea7665ff762b0b8abb1ef732b3854663a947effe505be667bd2609ffcccb6409a66df605f971da106

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\lllIIlIlIIlIIllllIIllllIIlIllllIIIlIllllIIllIIIlllIIIIIIlIIlllIIllIllIIlllIlIIlIlIlllIIlllIlllIlIIlIIIllIlllIIIlIIIIIlll.jar
Filesize
12KB

MD5
3e5e8cccff7ff343cbfe22588e569256

SHA1
66756daa182672bff27e453eed585325d8cc2a7a

SHA256
0f26584763ef1c5ec07d1f310f0b6504bc17732f04e37f4eb101338803be0dc4

SHA512
8ea5f31e25c3c48ee21c51abe9146ee2a270d603788ec47176c16acac15dad608eef4fa8ca0f34a1bbc6475c29e348bd62b0328e73d2e1071aaa745818867522

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\lllIlIIIIIlIllIlIlIIllIlIIIlIIllIllllIIIIIllIlllIllIIllIIllIllIllIIlIlllllIIlIllIllIIlIIlIIIllIlIlIIlIIIIIIIllIIlllIllIl.jar
Filesize
1.1MB

MD5
d5ef47c915bef65a63d364f5cf7cd467

SHA1
f711f3846e144dddbfb31597c0c165ba8adf8d6b

SHA256
9c287472408857301594f8f7bda108457f6fdae6e25c87ec88dbf3012e5a98b6

SHA512
04aeb956bfcd3bd23b540f9ad2d4110bb2ffd25fe899152c4b2e782daa23a676df9507078ecf1bfc409ddfbe2858ab4c4c324f431e45d8234e13905eb192bae8

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\llllIlIIIIIllllIlIIIlIllIlIIIllllIIIllIllllIIlllIlIIIlllIIlIlIlllIIlIIIIlIIIIlllIIlIIlIlIIIIIIIIllllIllIlIIIlIllIlIlIIll.jar
Filesize
16KB

MD5
b50e2c75f5f0e1094e997de8a2a2d0ca

SHA1
d789eb689c091536ea6a01764bada387841264cb

SHA256
cf4068ebb5ecd47adec92afba943aea4eb2fee40871330d064b69770cccb9e23

SHA512
57d8ac613805edada6aeba7b55417fd7d41c93913c56c4c2c1a8e8a28bbb7a05aade6e02b70a798a078dc3c747967da242c6922b342209874f3caf7312670cb0

Download Submit
C:\Users\Admin\Desktop\dcrat\lib\llllIlIIlIllllIlIlIIIlIIIlIllIlIIIIlIlIIlIlIIIIllIIlIIllIIIllllIlIllIlllllIIIIIIIIllIllIlIlllllllIllIIIllllIIllIIlIllIll.jar
Filesize
95KB

MD5
4bc2aea7281e27bc91566377d0ed1897

SHA1
d02d897e8a8aca58e3635c009a16d595a5649d44

SHA256
4aef566bbf3f0b56769a0c45275ebbf7894e9ddb54430c9db2874124b7cea288

SHA512
da35bb2f67bca7527dc94e5a99a162180b2701ddca2c688d9e0be69876aca7c48f192d0f03d431ccd2d8eec55e0e681322b4f15eba4db29ef5557316e8e51e10

Download Submit
C:\Users\Admin\Desktop\dcrat\php\php.exe
Filesize
140KB

MD5
21451a478f9c8e12598985e43936f2cd

SHA1
3cb00cdc97cba0c0de8ac97ab30f8e712f964c0a

SHA256
f8282eea2f2d9ae6130a4a879c3d4487ba8b22134ebfc439fd7d5e4ac1da4e6c

SHA512
1c036d454565569c14c928d550a6380a993a7415e6e6a9b41c415e8736cc040b63cd52a6ef40eb3783d7a7fa484cc317d264e7be13711459c80c1868e0b1b2e8

Download Submit
C:\Users\Admin\Desktop\dcrat\php\php8.dll
Filesize
8.5MB

MD5
dcf320cd3bb8d3dbe64556aa6548aef7

SHA1
f3108f6bfd28000d935e39708f779dcb94d2b73b

SHA256
fdacdb8d711fd98c5b81871777086d34745c0a81c4aef981bc9914cf8074c24c

SHA512
5cf36ef4dba25616ed2d2446ea5abc1106302aad61521efca5b1e46ef24a1ad4bcb69718918d0a3cbcfe63a76e5d26f484dd0241c30df022038503051a0f616c

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\ActiveWindowNotifier.plg
Filesize
233B

MD5
9d79462a38f05c98f8af9ce194086de3

SHA1
2a1fbacc08c1b6f69bf285a2efa181ce0e14bb89

SHA256
759adec692b3fc93e3a13c817536f70b80ca77f1c47f0998bab55d258dfd2173

SHA512
b54509ef21eb1e0df66f52d44dde3026c18b35d67c73dc8d2a15d434dbf297377a906c8d92e47ba2a5c85aa09227432c8643e21e61354009856970a1ff185e66

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\ActiveWindowNotifier\configuration.json
Filesize
112B

MD5
7274b40806ddc9b05aaf679efd9ed503

SHA1
06a0ed8394004318859859c50dcb412153e65453

SHA256
720b6c93d9bed8c9bf8a745762883256c9d9fc4bd3c1d282dced559742165163

SHA512
e2eeca868aef81e67d09af46525e98fcc6af3d17fdef321a5a97d5a85c8bbd34206f19f4fdaef9481985075f15d0acb1efb6e80671317d6080cc06bcc85e8dfd

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\AntiAnalysisPlugin.plg
Filesize
222B

MD5
745952c4ce75067e520be681d9c2112b

SHA1
a442210c6b9c519faf04d38889ec6c459934bced

SHA256
07b57c642aad49c6cee7c9707906c65f2d76bca587427709261190a8a6c2887f

SHA512
ce42290e5a0c558af5d72604447e18bc8cfeaa703809d7b7cd49af339dc067563b9f418266b53c1f126f16cfedb8f5aa1ec747b88a9f5e5566a7c111e713a3b2

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\AntiAnalysisPlugin\configuration.json
Filesize
96B

MD5
3575f0e3dd5316c2122c8723b80a53f3

SHA1
feb80619c8ea7f43322e02ab99cb69135d83cd29

SHA256
524cca97e3d0be041b4c52a20f83ccb5555c8e2abc23a69c434433cc8ce66113

SHA512
78bd14afe21e7a0516dd4880ec76a1b22d5ba8f9b3323eca0f867f2315566c46008147f9652d9a7aeba11ed11f98c80a1622ca6380c18f130ec8670fda647c4e

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\Audio_native.plg
Filesize
168B

MD5
630f22251fedbe30e968432d68ae8543

SHA1
6d25f9813b0995a3d032482abb7844cf4646b66f

SHA256
822869646486a798dc943c015e1bca6ac19b440652f8c93ddec4373c76846bef

SHA512
acc1b2ca19c4d30202423ecfd94c32420ea11171d72ac309d6849a31b67ca9832903987cffd807cfaf36a6760dcc60d45fdd9aafffb25669f40d864c4fdf545d

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\Audio_native\configuration.json
Filesize
102B

MD5
4829fde8c25c2763214293eb37e50500

SHA1
1949db855ffdde8c96a7ff370e08abbaab459fbf

SHA256
96184ab6b632d6715d7b9f22de206319c44e3b268db4ac7b85acf4cfd17f6902

SHA512
b4dcfb999ae54d111e80fc4e2f0f4241699e15e4c3045648f9c2470414e88eee21d6ae8f2921fbc937e13caf00fb677c655cd08d541c549b84e7d6719432cb4e

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\BSoDProtection.plg
Filesize
285B

MD5
88584f350c58c51eb2ae11a96dc62391

SHA1
b56aba2558e2386b1803f34fefa62029d5c94417

SHA256
dd760670b178a06aab1a1a0dbe78a9f6d36cc82cb538705e50bb13dbdacd8e42

SHA512
2290ebfad38de62f6fd61ded0becca29e9498bd0ddc29f27fc76b6f842955d012dc1c8d5b956c339ff857bfedce39308c326094389c4cf3112b7c0a402524966

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\BSoDProtection\configuration.json
Filesize
104B

MD5
192d9ad2141908acde6d3e67d469274e

SHA1
2c23154ff73e202167b58593b1306311fd39e59c

SHA256
954c72fefc76cadb975b81e4ffa8a651e91229f98179e945da0a248b22fe2d54

SHA512
820e0875fbbc5a098c36c35d82fcb6dc739b2175c82fdc00c15fe7bc0a03a76ee7f3b2cb3867dcaf38b3084a399cd66ee70238bd10cac45801c31d3a6d92d9fa

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\BlockInputPlugin.plg
Filesize
229B

MD5
b6d792cf92aaab098bd20c610a32dc7d

SHA1
938bd54611ec0769fd6c868280d0e1a27f517bce

SHA256
ad04867256b8adec506febb62980c0a516c05fbad7a4aaafaf86d72c42d9d5c0

SHA512
f9919c05330f98c566f9fff9012bbae5fb54923a1f96110df5ad7505edc9530beb988c0ea58aaf9dcbf69dd57856f77a80f5cd49358be15065fcc9eca1afa5d4

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\BlockInputPlugin\configuration.json
Filesize
106B

MD5
afb18e21483320c671fbf3fc0e8852bf

SHA1
492d35550208e62ac013822b92379850fc76e877

SHA256
53e5c864b7b35564c6c7b5d263b6f625c755127dab893ed6db3fba767fa1a180

SHA512
5bffc0b2cf7479f231993c4aace989bafeed798855a18c5f14f97a54065861eceffe3ef44cd24c77d9ee872188f34311f4b0544db20b809808108516fd9ae535

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\BrowsersStealer_native.plg
Filesize
200B

MD5
6f572698625a63133bb2084d9bb71d94

SHA1
c8a328c8d7377ddf189410be32a2e10f1fd74f50

SHA256
d02d6b6f1e2e7291e41d0d076d45322f9d34ba23c9b35be843cf43afffbc06b8

SHA512
898c17d4001aef45eb8585b0601c18899010717f2d867c7d3a5a947b4fdd57ffe5cec900732267eee798e559c452156dd94b826e76239020eb1b9ea9e6f7e05e

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\BrowsersStealer_native\configuration.json
Filesize
112B

MD5
7fee909db2d84b923b5b1a557d980def

SHA1
487cabe13d30e4d9841ddabc4a2c5aab8971316d

SHA256
d5b69f3ce285b018f0cd1c4b93f4eacdbd02853f7c17c4c26e65f9665e59de84

SHA512
b8bf4e9c24555d6421dd54b3c138813da8c6ec5f8e0c34f03e64ec686f6c8ca984a34eff361e6ff4e5a2476b47c36b534252b85c2fc0dfa7983dea51825c5cca

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\BuildInstallationTweaksPlugin.plg
Filesize
302B

MD5
d2296986b47083fdc965d3bcccc8cce8

SHA1
6bedc82418395705201c17a86a80619815833fd5

SHA256
2d66eb6ac35a4cebe4df0dd9efff13e662ff4e3d71a47f4314eac7ae167d1f67

SHA512
01bc9f996c2ec55a90179365d4d6ad6a4d70901f2f8532ac5b723fd48f1950f6d0a2ce4ed101ec8a22e0bfb25aeec37c64facc46dcb6128e0afe32b57fc518fa

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\BuildInstallationTweaksPlugin\configuration.json
Filesize
124B

MD5
8de11d5b207e7c70c515a192dd2661ef

SHA1
9f3a1da6e0ec83c599c4f0f542de04789afecfe0

SHA256
5ff8575dd71be41c39869c1a6f451ba30190b6fa6546da39b0644bb98f27d19d

SHA512
6440d1561add2e02f3bd6608c9611b75fe26656ad1fe27ab12231baca2d8752c4f62fbe138398457f41b8bb7ec3152809175e4a0663c712249925ab074561f72

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\ClientsStealer_native.plg
Filesize
197B

MD5
77090d6218e6a2f0f6f846f26545ed14

SHA1
ff0ce654d3d5383e3684de07a882178a5483a92f

SHA256
0d93e907d03a8a161deaf26d83221d8159e03768e47c67fac3aedf85d7733210

SHA512
e7953f96233d1d47540b9acc288ae85acc724777998e991d8129a7fd842a5dcf64083f7dc57a220f26826f3fe09fd47df6cb08434a21e519f748d06a6187084d

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\ClientsStealer_native\configuration.json
Filesize
111B

MD5
a447c276d835363fb44ed5c27e716b02

SHA1
de1c9b06cb257bad1aeb97718e3837bcee36e993

SHA256
9bd962e5d852e0a0c8fb72606bfb0a21ec35e07a0fe34a6ddb22ac7be07fe401

SHA512
f26f169300f142c58bfa0ec27329bc8690141e960280e001e51a248cf86ad75af6029513aa8651e2f640cd2736982662be3742c597467fe199b5fb5e8cb1779e

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\ClipboardLogger.plg
Filesize
238B

MD5
2aea94cd3a00ade5aeb6daf5ecee4ddb

SHA1
d4c6ad77d134f5951fbd9aabe7705b78b20c2207

SHA256
1026aa2bf76235de24e90ba49e661a6170364de8b675b650cd67b28e9c64be1b

SHA512
a042b99aa6e3f5bd3e58df3ccb7b251d93c7ed87f1dbd5cf2d508a0fc9267877c80bffa69bd533fb79ef062077e2c640e9a909862618b157d7a75bde3f13f987

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\ClipboardLogger\configuration.json
Filesize
105B

MD5
9c4f8ac6df6dacc347e2671c8f6b4a62

SHA1
4436b88aa68303cd8a48402667d11802aa39937b

SHA256
143bbc799092c79f0230b2b990e8f2485836bd9cc682d2ac8f92262ccce0c58e

SHA512
3b53a7c9ccae040171033c66a98009c017c4df54baba008af76ef5b92e098c954c4dfb9ae971112d3536a1dbd9435830171fa748274ac43eb04a70f3c2a27d24

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\Clipper.plg
Filesize
192B

MD5
f8b2b7f806e58527549377fa6154d993

SHA1
c75a9895a5ec2fc4670d1a5a13b7264e4707db4d

SHA256
d99a640efb37a5da0c89f270cadb7cfe2a7f8d9d22c63a0ed2b463bdcd202ec3

SHA512
fc5c349c995dc1c3d6e46d40b65a3d111c72ec71b064ec4297b41f3176097311d0bf10f7b4d07e3cfccfca46f2407974d6e01db8d601892b1977c6fcb66d3da1

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\Clipper\configuration.json
Filesize
86B

MD5
e4c48f85060b023b74d50199870e526c

SHA1
0dbe75f1ea0e354fc98f56d4e4fa66cb57765298

SHA256
aa8f6257110045d5df7e79224bf32a0a3f6eb59743553871f2a7c1480beb7bea

SHA512
ee6b913023473aad5347b4a7f2e8325c1443d1591c79a4cb7ad6d845cd7ee3b08dcfd902d75538253504eb23fa71cb3e082cbfe7ce7719fa38b1db98804bac7e

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\CountryBlackList.plg
Filesize
214B

MD5
c0494389ad56345479427327f3a105ab

SHA1
dae7cfe32343c0eca4f4045324bb5ba898e87bee

SHA256
d5bb7934e66b18abaa7bf5c385923142721a515919c17a855e69bf89f7cc511a

SHA512
ab1e1d4f4f6a6de5cb70a617caf9146f34a7d854a637a41887c452ceab0e3f20464f22d0fae936dc2db049aacbf09e9102e46075089b1aa7d7b69b851b0bb2dc

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\CountryBlackList\configuration.json
Filesize
104B

MD5
8b9be085529d1d126811f78aa34656ae

SHA1
796a5a39e8cc496a3a7ea2066a4831c614c4a325

SHA256
8fc9fb90aa56ee75b6d021f178baa9dba961905e772c5cd16da36221cea61d12

SHA512
daf243f71d256c377956957314e035ab193e37875c388ee664113ec7ba8a381402b9ceecfab838b5d0edc5431065e78f79b7e39b010fcd2b4b75711d3a6109d3

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\CrashLogger.plg
Filesize
181B

MD5
bb1bb69674cc872f932498e7e4713dfd

SHA1
e877f196c43f8ebbef1e37375dccc34ceb5742b0

SHA256
67312c6ca5890d398663b8c0fc704128f9cedb03cbca6750b646edc8107abed2

SHA512
b1219b0bf6692fcf86fb3091fedca2606466b04ebe15a3ee7916262ec17cdee724c0f0541e80c9c37fbee66a095edbd0c646994d728ddd5a4173c1433aab8042

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\CrashLogger\configuration.json
Filesize
101B

MD5
0a127fa54f700f8684c050a55a808cd0

SHA1
91099fe6e3effcb4a4698c5a285ed71cf4fb288b

SHA256
23c26b3316cb33cbaf01d46e02063203f3b5f57a9a20cdd9c85fc9873ea6a828

SHA512
41eb2ca6d669cb1784a3a7a49235ce3060c6c64a6b09aaf8efbd9ddc7081c192ede27ae6ad8cd96bdf8bd28d9243989fc40abb2e1cfa6895daec1620fe632535

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\CryptoStealer.plg
Filesize
365B

MD5
7d0e8191fcb1475a4b5fb85c29345363

SHA1
a590571d720d6d6a468f6fd0a250a55a12399f24

SHA256
0221a13049e8f79f3499939eb75c6ceaf0be835418e92578ba3a7abd649f7310

SHA512
8584e3072e75b75675f557e69c17f60c981606e6ea006e630e5551f647c604cba5ee35f6fb3c620705ea87787c8485853ca729069de5b2e5ca74dd6720717a6a

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\CryptoStealer\configuration.json
Filesize
98B

MD5
5e2149e2a884141db7aeb1486516126c

SHA1
b992417484ad0f38150de4f3d02d1771037454ef

SHA256
4d51e75e2d7ebda91ba80e14462bb0482d4fd950f755c9255da86c5da7774632

SHA512
3b453bf7ff5d6b7debdb174516b303a67f3232c284bef4206c49f8d7751818df86a6bf2de88cfe7bf5650ce97195553ed90852fd783950131ddb5f3f1950f43f

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\DisableUAC.plg
Filesize
207B

MD5
6e676e43b744fd7d4e52d1ba98675514

SHA1
e32f3e1317d3be97b36a2ce82da912081a37fe51

SHA256
ad6955b9032ab30f648c3c9de6b13b944ea9e11735d6e5e569f94e25c5a69f6d

SHA512
2755225499cb506890e56b38efe4e0de9f00b41684db40595a0f26101b6a6b54dabb2c8f9c4b5539173865e654f4d69fcdb7f9927cc3d084b878a22ea891d110

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\DisableUAC\configuration.json
Filesize
100B

MD5
2b2a2dbd6ae8af2a46fcb420ca4eebc6

SHA1
4ece6dfd41a3a3a374982b77096fa756413f0403

SHA256
ba65b7b97a8d118c10c1fb839646d0512af0501e20aa00cc7f27b25fd564b9f3

SHA512
85ec63ff01c45eda1efaa591c1fb53e3e12d000f441c26fc13bb46b380e0f2efe472f9f9944b15ad67b126f85ea7aad2db637184b91d3213bfedef68d7e79107

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\FakeSteamWindows.plg
Filesize
210B

MD5
da61683b55b7e89cf5ae23960320980a

SHA1
caff3d5419b6486ae4e89bb800c681aa303f39d0

SHA256
2b0d91b02e0249e0f2a19b0ec154c849d08611aa6e8c731317ef6155108ce7ec

SHA512
f00437c80e8658a4b0ff3c8a2a8014eeeb4d38cc4785d83595e712d61160700a6edc05667c3467b871ab640ee3d80f35cfd24ae2eee17e4d6b48191c4e76d9d5

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\FakeSteamWindows\configuration.json
Filesize
106B

MD5
5d9116cbd984428cccfa8c6e20d6f0f1

SHA1
3cced48d366ff4088a4299c4bc18925090a4ed38

SHA256
b4bc6ab3ba0db5f3984278fd8d651396636812adf0125a501079d0e2b9b2317e

SHA512
66beb3ac519219ce469ea7e115c687940913214fd37ba4b9f4197a069d10fe0a07c9e7cc33d6702aa5adf8d865919f269925fe2e6813cdf9d71c077e9b99f3a7

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\FileGrabberPlugin.plg
Filesize
231B

MD5
216ebf1bdbc0de1f212832987f8bbe47

SHA1
9787abc1f775be1a971ac670150e3229b5961e0b

SHA256
f6944fc54b9611c9dd7050235a928aebce4158eebec2f9184d445c4435495c21

SHA512
0bc7c96f0ab833da5efcfe8e61db9434e8f00aea14965739853ee871689678e262d4a79010ee581767ba42260250ea146e4717e346ce07b823e969b49ff8124d

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\FileGrabberPlugin\configuration.json
Filesize
94B

MD5
4d2c47275bfa55c305257974b3b02cbb

SHA1
7d02d9784a080fe804175dedf51cbd6c7bfa345d

SHA256
de8696cb1d37c484482993b4af3264ca5d427d0ade923237e4040752cc73c051

SHA512
fcb04a7efa58f8228738aa244f7e6438c7d059b09f1439afd6f2bc86e69ea6d0d20e3136c537a3574f2ec5d1312fcde5279cc85892ce4436114a2add7d9b69cd

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\FileSearcher.plg
Filesize
268B

MD5
76f8b470737338310491265025e0c71c

SHA1
d500ec75aec69dbeef62d79273696f7eb2543b8b

SHA256
4ce3a1379cb93cb25fbefb15994af4b064e582578a101186b38d7b403a638847

SHA512
d84a1d49f7d50317449ce96a39102d3e39525098f5195d55e48e49cf3ec154e0119e4218e27f1dd36832abeae4889886247cb2e47b3a9b2ab0e427da301823b8

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\FileSearcher\configuration.json
Filesize
102B

MD5
4b13366c8bc0890db6cf99cea80423ec

SHA1
7820a2c397fcf7eb9979da57ed4dea864836eb38

SHA256
b2e8c48fe7f87445fff8370e02803b71c06dfb7c3674ad83592c0186ba583f8c

SHA512
a76204eaaa0114a4112a3ccebf4b469f4eddd26951ba4337a49f5fcb695e41c01e9cbea34912e92821265f920fc31f7b6a06c41675fe3255f19ca5bfe7a0301d

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\ForceAdmin.plg
Filesize
238B

MD5
9d34cdbe36c7c1d9635255000995efad

SHA1
87f3cc2914cd04e20246e3cc8296c347c85d91d1

SHA256
4d45530a98ab32ff2bc6a3fd1d91fea4b5f6d7ce7aca17553b50fca9d78d2d13

SHA512
3fcd3d659b72cf9f5baa00c1108bb3e6ef26cb7fd700d77e217ddb5b1134564a70730075d263e330558bc628ed5fca34454eeb830f44e0403a02377fec40e75d

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\chat_native.plg
Filesize
164B

MD5
7293ef71d2371dd20997ff0d99a1edd3

SHA1
f380ec631fa6b6ed4f13ed497988bc638eef850b

SHA256
6e6ad73d10b50a48e2b314bd665e87c0c7f15c84f561be55bc44445021c6f103

SHA512
8a35244016543dc1a835a069ca287b97678cbc426108a964024775dcd0934edadd3f22c731707e8624d2d1c59ae6b68d1f42eee3a87d1647d5806d0129c3c438

Download Submit
C:\Users\Admin\Desktop\dcrat\plugins\chat_native\configuration.json
Filesize
101B

MD5
5d4b4f6d829676eace149f4c50003829

SHA1
18379611c88af3c7e0ebf3ccf1ec4edbd04ce83e

SHA256
5905a40b34bfbca66378e60dac23ef06bdf8392f1126f72509368e3f683cb100

SHA512
a36774efa7f9352ff517935f12b97e5b19494563ac38e5623c24a4f7753378337165608be24848767b5fa954652cbe0bbb6c5c443d5caf4b2bb61a0051a55b5e

Download Submit
C:\Users\Admin\Downloads\24c64644-68fa-4c39-a4eb-7505bcb37070.tmp
Filesize
924KB

MD5
fdca70f1c85821d920a46a30ce5e2b9b

SHA1
8e3f08f942bd3c4845f26ac516497c4f0525c6b7

SHA256
118b65ddfde3f5c174d124b876565afa6639ed145855ff428be341237ad7e03a

SHA512
4baa5546548ccd1c044a165fe99c1a206e61c25f49c33da96f313120508c8b3ce6be283b25ace67a669b354faa64ff934bda19ca70fcc3de9b48ffb6f6124c10

Download Submit
memory/832-637-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2024-936-0x0000013BAC610000-0x0000013BAC611000-memory.dmp

Filesize
4KB

Download
memory/2148-968-0x000001B960920000-0x000001B961920000-memory.dmp

Filesize
16.0MB

Download
memory/2148-819-0x000001B960900000-0x000001B960901000-memory.dmp

Filesize
4KB

Download
memory/2148-816-0x000001B960900000-0x000001B960901000-memory.dmp

Filesize
4KB

Download
memory/2148-971-0x000001B960920000-0x000001B961920000-memory.dmp

Filesize
16.0MB

Download
memory/2148-734-0x000001B960900000-0x000001B960901000-memory.dmp

Filesize
4KB

Download
memory/2148-723-0x000001B960900000-0x000001B960901000-memory.dmp

Filesize
4KB

Download
memory/2148-710-0x000001B960900000-0x000001B960901000-memory.dmp

Filesize
4KB

Download
memory/2148-661-0x000001B960900000-0x000001B960901000-memory.dmp

Filesize
4KB

Download
memory/2148-970-0x000001B960920000-0x000001B961920000-memory.dmp

Filesize
16.0MB

Download
memory/3920-913-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download