hxxps://github[.]com/dersdick/DCRat

Resubmissions

26-07-2024 16:25

240726-twxr9aygrp 5

26-07-2024 16:20

240726-ts4rdsyfkq 6

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26-07-2024 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/dersdick/DCRat

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
58	raw.githubusercontent.com
59	raw.githubusercontent.com
60	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664844527858296"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
3296	7zG.exe
3264	7zG.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2404	2336	chrome.exe	84
PID 2336 wrote to memory of 2404	2336	chrome.exe	84
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 3828	2336	chrome.exe	86
PID 2336 wrote to memory of 4648	2336	chrome.exe	87
PID 2336 wrote to memory of 4648	2336	chrome.exe	87
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88
PID 2336 wrote to memory of 948	2336	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/dersdick/DCRat
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc1611cc40,0x7ffc1611cc4c,0x7ffc1611cc58
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,4581319979866106225,5655324185409298218,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,4581319979866106225,5655324185409298218,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,4581319979866106225,5655324185409298218,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,4581319979866106225,5655324185409298218,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,4581319979866106225,5655324185409298218,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,4581319979866106225,5655324185409298218,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4876,i,4581319979866106225,5655324185409298218,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4964,i,4581319979866106225,5655324185409298218,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4012 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4492,i,4581319979866106225,5655324185409298218,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5392,i,4581319979866106225,5655324185409298218,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5552,i,4581319979866106225,5655324185409298218,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3320,i,4581319979866106225,5655324185409298218,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3280 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1532

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2712

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4460

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4560

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\DCRat\" -spe -an -ai#7zMap9878:72:7zEvent12458
1⤵
- Suspicious use of FindShellTrayWindow
PID:3296

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap19653:778:7zEvent2286 -ad -saa -- "C:\Users\Admin\Downloads\DCRat\DCRat"
1⤵
- Suspicious use of FindShellTrayWindow
PID:3264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\755eaa5d-7f41-4d1d-ad0c-d5cb6548a408.tmp

Filesize
649B

MD5
1c7339cc209f1917c97bd31a6dedf6bb

SHA1
84bba43d4cda00089b2773aad08844d10bf9a8e1

SHA256
7d6032a5940553719596414187fc121a9fea07ac86d6900e86a1ddd8c19f6281

SHA512
04135112147843b7c35073deee508e62b5855ecab001979fe576fcc5a6490f0a33678931e83310cb98ff785048e56b7f6991d2461b5ed1ac014cbcfe141c4038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1e02da5c429ee8cee932ab1e5f05442f

SHA1
88b4ff06019bdd34a715cca82467553d8d7eef6e

SHA256
baf266c19ebe905c45cb6af53825c3a164c5ff1f7e21db4b560313ebbbc98411

SHA512
e7856826b02b44ee6e3a95ac49e05a2b90e5305991de9f1dbd81f3dcf7545f14beea57e32b34c50e23870477312aae598f43d738da9adab5234a11d25d2c1575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
69a2b8846bfca3b50232cf367ffc35e1

SHA1
c74ee2d4ec578f5327847d0474628d3fcac84048

SHA256
0056eaaf33cfe8a8fc4b129cd36cd7ce5a0b08db4bd74997b9f10b592a7f8d97

SHA512
d090c96aa2b8f5e2c2df30d1cb09f0c079838f75a0a83b35b28c428837e84e3ba9958f9e3b8a5033e64c45a4c11a1dd68689bdd5fe678f48fd29439574320cb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
98ef020fc96d6042b76bd0238011ef8d

SHA1
a01fe845987ad67418cca054ea2053e91039a360

SHA256
861657e8ab9764a63e8d11ad435c5b2dce69889c482f9d6630b2022567635133

SHA512
fa9848e8863c08155400485f86f618efa45e571e2fc2ba5bc4a2ca11d3337d58b08a7d33ca318d12707a7228ee5f3009081542bbd3a34d4d20c747b285ff51df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c15273fd6451496ceef8e326be9aad46

SHA1
01c45c7962e5e868ab35f9545153aa5bfb16aa74

SHA256
db3082d891a7b53acf082b93de3b24cd67dd5aaf40e830df35c1721f2d00639e

SHA512
14c5fb3561fa22c4319a3e6efaea507a2f986a8f8113fdcc53c338a1746ed06eec0d7a62996fe4b6a94b12b38ebff854bab21fad7795dce64f23780a6d98d6fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc005e31a7fcc79662953fb0c4987ac0

SHA1
6a877840d944046cefa3d9cd77d692b0e94e6583

SHA256
62543626599dbbee85b461f5210dfdf94754d585251d36e27afc1153df21c913

SHA512
4254dc89622278c747fa369672f57c4113b109c0719d8faff5e64c0605a7cd44994953a140279378cda9217d1f6618e7c063bce0e667f3e5f3fda0e6067fcc81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
81fc5a99dbd4e7e7de9e08f8677ddab0

SHA1
73d190b4f0085ad26b105a78bc14e3c66f520305

SHA256
00d74feaa5126b82f92c84cc130e868f6bec2c85597859a930723bcd32de2764

SHA512
fcf5c6aa81add12cccf7bac4b30bc5f451c75f827cf7bf70f33e2a217fd2d93cd8ee7b62e0f10b2228cd0efb10d50a6a054eb22d617ae58561e96d90a22d96fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
545b397670c3424afd873fc34a122772

SHA1
8123abd7c2724c77c0a6275c3eaf3872a78a9574

SHA256
45076d5ee7888d143ea7ea7a0b658f5767f6bd2bcad5bbbeed4641c8d12111a7

SHA512
4e6e49f0adb8bc0a16d4595836d78a110458d8e0448a528850463f4771dae1c80b3a6d278983af4ea234319e5dc8b4969c91a62b8580c0151339544732f86e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b426626a26d1d90c145256c2e75712ea

SHA1
04bd3b41374e1c8c197662a9211c8cb5f8d83f63

SHA256
f3973cb4ba46897ab972a6a0672226b5524040db8ae1fbcb8f91123864d1ab42

SHA512
1a54484de3ad2d09f8b364138ee5a9fda2397ac88e92ad14723dd299a5cb587dfd727bf7ea74a48de7990c5f0d630b2bf35f88e6d4f2039ebd3d228a0fd3df49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8e509c6ee85883343dab40a5e579064

SHA1
104cf7faf69eedd6323ec602267395367453319d

SHA256
4c2191337982f7e033b60ac6a2f1d7e4f625df482e0da3c9d345d4ea3b384636

SHA512
94f85e738ab7a5f377272169cfb7bc3973230c757ffec85216f6dbdeca9ab9efe321809fc93aaf770fe4f47309d866167a0860613a040853a6db4afdf048b648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
61140e11a85be2e21718b5cfb92f91d9

SHA1
b55ad266f07c3cd2d477ceb7991819d79cb204dd

SHA256
db9b0e9f9fdf51b380cd73ae16d90b120add593c5d9d6f8a3a278dd4a8de5759

SHA512
7c32ca317a740f262711cf41ba9f79bd44c103c62c1cd65ca320bd968df5f395931ea3942dd4754f8bd679c250b24671d6b4e9f8f63b33ca9f15192d5376807d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bbca4e4297a40bbe4171770ba2e00a3c

SHA1
f7dcd578bd1995f846e690dd22f5b87b4f8485ef

SHA256
96e0e65253616e0eb5179d0d4582e2ebab8a060333a7b80d70d86f5ad0e14243

SHA512
8407d35bba50f7e9135eae92d6182a882a9b3a3247552f22b63c8932a42329d9dd2b61cdfd02dd05095a1f3f9e73d7d8a626ac30ad4f369fa6b1099dae9dce89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcc2d7aa934f889e3853bde1ef083b99

SHA1
1197e241e7eaf696e4d26de875f7310d20e80b6d

SHA256
7b396a3aa65d1d85a2e3975beb99f87a6fa46e42eb698dbc6b913786eb2d72ff

SHA512
6ee50c8711706eefee0ead9e046a656bbaaf1a700c88d276ac0f083afbcd4a1cb76d13b1be3accb97b0eed4c97ce9c00e69c6d9debbe41d7f2fc3a7d7751c3e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2275f4872c5e9bbc49783258e0ebf74

SHA1
f575a4124f4a8895a0241b6658c35c181bb5aa4c

SHA256
65c47ce7f00fa3315673cc2bd0064b39b3a5405438cbde888bfc5afff34cad61

SHA512
34daf1f3b4d060a9bd4fbd0251472ca8509e9e63dcbfa29d83fe063715e132ba851e1ebacbf40ff5d3f82fc46fea91c15e5de2d8e3db2d7090dd6ad5551fb313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
132c1761b038270dc7da9f3e34c5432f

SHA1
06223a359391c616692282e7056f20c50536a7f5

SHA256
12feec2dd1ed8c1372a12840d7c0d740a701b76459244dcdd960282d9d8e0f13

SHA512
54940f8523be3c83fb948d9a9fbe34a542202464ae4f721fae05685a7ca506aaf220cea2d1f4eed0816d798dab9991f9af71651677a40eeb63c8aa2bcafedabf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e272bc167987d77d8253f7b78f98bd10

SHA1
3cdb9a047bec5e717c297031430e840125a0b331

SHA256
a10f711c4526f72218284582418240d2ac48eebc4e274bc9c05d5256e5d772eb

SHA512
0b91e282275f1abc9f1f91ef48ad68b3405a7abd47d23c64ca709d28d2668f3e98637152419a6a07b9f524e4689e8a8dacd9214ea63a8a9c468ee1b6a854b157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f0a574b722071341c9372acf749065bc

SHA1
7085f1d0c374512b6c52718aeb5fdbf59b7dbe5c

SHA256
34aa66769411bb29322402f9c8b5e86a50a6ab3c5b63e340b22a2c5db5d323a2

SHA512
107169dc56dc538435f682e35e16ba2dbe765a0bd65fa5d2d4a5a1f183709c63e9cad9f2bd26756d7387b6d6dda32f1e9d3fdabee1b21d15f95b3a2137282d57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ff859c31370c39bee79829fd1a54c43a

SHA1
c46e45e32dcbaa017da3396390a7597daa380cc3

SHA256
5994e57052eff95dbaaa28a1a96776b2f4a6c9cf1b758d2e330e5502a2ec9981

SHA512
987ad041783469138337e2e97f6a1fb13d0512832867e87c6bdbef399a0cde821edc67a18660afcad866673316427e12fd6b8545d1c5fe836ec204c584859005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06c8d3b4d8c4ae811688d8783ac6072a

SHA1
885ed00f290a6befb9c6bed61e6615f3097edc37

SHA256
c17f34113cbf7700fd5b93598c6026b432c03d4590e997390b00baa2d12910fa

SHA512
7644cdb31f877d0ce31e0de0e104bdd8411d231772cb930da92bca56d82f2e79da5acb4cde8070bbb0741b184155c048371c1ff68c45c1696e6e1064d896ca9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4e659963cd227b1bf4f23060c3514ba7

SHA1
7bef7366d986ce8a96bfe42f028ce4aafb4bb2a8

SHA256
b87d1e694618010bd15916bf778e2f9305d5283f8b4321f648398aa5eb974818

SHA512
c10998f34b9c5fe41649e0f107483441cefd7e0e5e3ddb788a410aacb87aa34a8a155734dfbae0d1d07527a778e7afd8990313a0b7ea4baf50017652094a5b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
595fecc001c9b59ec1c3df50d005e0c0

SHA1
b4f5578786777c75ce60a8a5d16f8a77dfb9d059

SHA256
413e77917c0c1fabda4f98597047bae66af41689f04e3fd160c69913f89dd60f

SHA512
466c759285f94ee685be01d26437f342a523feec19eaca2f7c9e1e015c9de3406b6c0a6c1cc983b26bb7feacc704a4b8d887f8b3490bc0018c80f61225827459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
7eea850e1d564a724a40270b44ff7b0b

SHA1
fdfa50c29bc15456521b4dade976d25533789bea

SHA256
b11fb39b8dc8bf3a969f1e2e0c39c2c57e9abb2985667751e68523eda65d4979

SHA512
cd7bde72fcf807483647bd82fa1edb292b4aed76ae07c8edd413b825e239d74e4b8ee6c79b897084c0c265ecc3e5223bc4bdfabdb4f1dcaf142058713a9a0a36

Download Submit
C:\Users\Admin\Downloads\DCRat.rar

Filesize
12.4MB

MD5
c2ace8ac6e4acba9a5a4bf20b11f5c1a

SHA1
57b90e157ef47c3f9bc637e388859d0136f22c1f

SHA256
b6d61b7a6991292dc41fe5e9797f54b3397a2663a154183e9adfeb1999db66b7

SHA512
a0c3fbbc5bc9e2c075181031772550fb062b5e2876ad10d61edd279c74762758f3571ef00996c76f883ef5ac1db325260fa9a96fb21731459489cbaa3955f596

Download Submit
C:\Users\Admin\Downloads\DCRat\Bypass_license.bat

Filesize
15B

MD5
09b6a88df7acf3abf502d14080b19cbe

SHA1
aa4f2abafeed57902c79567d01b0ec1a2de61838

SHA256
3b5a5f8cbbab77312ce55d1dd8599b24ea660fcec42c4af8760987ae1ecddfe5

SHA512
fe17f417b7c727b0bf16d4eed3a47229dd01961948ef11322669f64f8c43fb35601752269bbad961de8e29fd2b9f6134ba7f1ddf3e4262b9320f56805ef6a692

Download Submit
C:\Users\Admin\Downloads\DCRat\DCRat.7z

Filesize
11.7MB

MD5
9829ea42783b6b5007b64cecc814d1b3

SHA1
00c2376887769078657060aa602c7663472ec096

SHA256
c3633cc10dabcbe103aeb146a580aaf2ba750bd2a4a2ebb033f6d2effb446eea

SHA512
0f594e6113971ceac9eccdda63f98107c6d8dbb61dedd5607c7c29e62c7c724d268f4c47064a1a52eeea5bdc2b3e0935712e0694f448c217d662c51d1b41dc02

Download Submit
C:\Users\Admin\Downloads\DCRat\DCRat.exe

Filesize
10.1MB

MD5
7044c6ebff03d70a3caf0d07b66a6fd0

SHA1
5ba520de22cc71b4d260c63724ec9786005a2c75

SHA256
181fdc378c5f5af1b1741e92d27a596bbca97cc99c08d0c4b17dfdb0067e0787

SHA512
fa8856f7d4a34271ff82b268404310dc23ae84db09e178210fc08e5927a413d1fa0c31cbe3b9a3c2fe69413f8299ac06d56979f183edbb69af7eea9700033b0c

Download Submit
C:\Users\Admin\Downloads\DCRat\Notify.wav

Filesize
938KB

MD5
821ecb39fdcdda2c09ace1cf0ff19030

SHA1
7702857ee1ff9a85b1a6f5fb8166d37374ee2937

SHA256
fe881435f7cb3d6c9b3ab37476a11f8e5ac05b44a6d3acb07e9783e741a1b827

SHA512
6cf91aca96a3e717652a27b923dcc61b28e378bc05d2c2cadb68ec5f7ab9616829624db1c6e53d595007b421ada7d9c4993ee7de5174dc814a7b922718fc2fd2

Download Submit
C:\Users\Admin\Downloads\DCRat\dcrat_updservice.exe

Filesize
3.6MB

MD5
2ebba84c4bbe13fdc53c9082918d5969

SHA1
fc95a94f45468593d1d85544e1928401484256cf

SHA256
1a232abb03338036811688110b5a6d85b4a7c3fbf83a059db8aa8ed7d6d57e70

SHA512
29b248bf1b88e0798669fa9aa3bfbe37479a7d5f63c0c70a5d732cf20490c9ab69b811a56a802e223ff769f419f8accb01d7e50b728913e171efd8ea7fcc69b6

Download Submit
C:\Users\Admin\Downloads\DCRat\design\DeleteAll_legacy.json

Filesize
505B

MD5
9f362df9eae724c6fa1206150fa64a08

SHA1
9ea82022a572b6453867cb5614cb1b4cf1a91a04

SHA256
4ba6475a0a4c6c5066edf7e6804b3aea7f068158a5d4f6338cd588aabfb5761b

SHA512
508fe38aa5745b1252784d95b6b0ca2dfcd3d7c9f42498693bc2eb5d651eed720abf518e21a943f6a6a4a0f0a15b2d5cab1a6ede11a11349e6b42a8ba269f013

Download Submit
C:\Users\Admin\Downloads\DCRat\design\PluginsLoader_legacy.json

Filesize
1KB

MD5
15e744ff14fe333ad149748633e54edb

SHA1
6c94af99df97edee89584befceef7471f0da51a5

SHA256
b6bb085530253fdb495e19ed433223fca65a6fc176835120c6f117d7fafd9297

SHA512
56cefc2b1f112f83950948a0b6db63af832d4f619a10db5b55332f4b69d4378ef5c86698ebb00af58cb7190e4db307b0df7a78b806f20b221f26f37f0fc2dc1a

Download Submit
C:\Users\Admin\Downloads\DCRat\plugins\TestDCLIB.plg

Filesize
177B

MD5
c5ccea2e6be411cafaa9d5bfa80a1cb2

SHA1
895a83bfb5c1e1865686bc708459e31a3ac3cdac

SHA256
574300f76ff109754beb97961ef765db02a8afaa1516fc909e52df6bc0ac6f3d

SHA512
833faf6879f749c4769d3abd8c790fc74d4db018b8299080a257a2b6a5e263af7339816307e04478543bf81ca141921e2800c348004df55eec99db7b57d834e3

Download Submit
C:\Users\Admin\Downloads\DCRat\plugins\TestDCLIB\configuration.json

Filesize
160B

MD5
a7d67e5d1a52306aafb8fd2066f16fa9

SHA1
59f48db369abc889ed3f4c776ba307c905b1e252

SHA256
ed93ce904b309e3f07d346f7c15002a1afa9b49d6de8d6504322a28239fd14bc

SHA512
c56ae1f17aea7b1f982c41dcf1845f53789ccf5c59ecf883b0695b74c0f2a80d4f64210fa288f61817e142aa4db9319990ce51f0e02ccbad443702a53b0a9991

Download Submit
C:\Users\Admin\Downloads\DCRat\plugins\TestDCLIB\file.dclib

Filesize
6KB

MD5
0b25452a0707f1091bfbd0eee2092b04

SHA1
c457658c6c49523b9095dabcc11fc426cf99cf36

SHA256
297f15033b833bb4f41c7933d171561c4b4c278a2253c5d6bcb21a6e3d45a3f5

SHA512
5f3120280962bdc2c3b4ad932684f4f71e017e6bc92a8a106eea716d0c9b900e3bb492cfbf94657162b79c0928cf1380a0e6765dd20330168e837a95d9d8a8c2

Download Submit
C:\Users\Admin\Downloads\DCRat\plugins\TestDefault.plg

Filesize
185B

MD5
3db3b39c5e518f9ac2f955d78293f4ca

SHA1
368c340ae78c22fcd5b438ce54408a35a5fb1c3f

SHA256
f29b623704fd3548a8a3fe6a278b1d79c6931941cd20b120ccb0d4fe0170b83f

SHA512
8d6b26236a18b688b304bcdd696675a3827cca6b06c605a5b47b68f286365914481bac81c54f1d0f52f193f837511ebf8ff38ea4a0b0dea732957e3d1d07280a

Download Submit
C:\Users\Admin\Downloads\DCRat\plugins\TestDefault\configuration.json

Filesize
209B

MD5
181135cc2d202d29a621cd4230398999

SHA1
0cbccde840854e6f9b26c16b4870bf5bfbe440fd

SHA256
46292318deb3bac6cc23c7b66941a50253533377d7abeb8b1030b5b63ecd89e6

SHA512
2520c279c070f986f47602bec4a0d0188ffe51a034991d1fe47ac672f1813e9b30efdd5e9f6448546dba947566e828ce27d49108e51fc9b44ffeb77327ef9388

Download Submit
C:\Users\Admin\Downloads\DCRat\plugins\TestDefault\fav.png

Filesize
190KB

MD5
15b0643e3cdedf71d8e70828b16456e8

SHA1
82a26510adbcf1d9da12aea4e46f171bcc7df95c

SHA256
2c12959328ef8d84aeffea2cf08053b594b65183d4bc6a8b48c994eb1de8f4dc

SHA512
480ee6f1404bc26f0ada77d46aa72ecea11602cb7380a42ed8ec2656d7b67047b537e625043c8275ad336b411bcd103042721ab840ef9ec259af0ec8671aaaa1

Download Submit
C:\Users\Admin\Downloads\DCRat\plugins\TestDefault\file.vbs

Filesize
34B

MD5
677cc4360477c72cb0ce00406a949c61

SHA1
b679e8c3427f6c5fc47c8ac46cd0e56c9424de05

SHA256
f1cccb5ae4aa51d293bd3c7d2a1a04cb7847d22c5db8e05ac64e9a6d7455aa0b

SHA512
7cfe2cc92f9e659f0a15a295624d611b3363bd01eb5bcf9bc7681ea9b70b0564d192d570d294657c8dc2c93497fa3b4526c975a9bf35d69617c31d9936573c6a

Download Submit
C:\Users\Admin\Downloads\DCRat\updatelauncher.bat

Filesize
89B

MD5
1a6fbac1fe1c64769c3023fcf63ec7c0

SHA1
7de57187d96221c83af29b50bb5cfed7ff8aca4a

SHA256
f80ea6a1125249adc6307291c4a1488e40da39ec9cc0b657abb3d1b7b1e8a02b

SHA512
4287ec23984c198c19b07ff250f237ed15e204c2d77cc025e04fde61e4771f038a4c40f01d944c59d512e60fe17b00df86fd0d36a7a8a4ad70d26fd16648d970

Download Submit