asyncrat | hxxps://github[.]com/qwqdanchun/DcRat

Analysis

max time kernel
322s
max time network
312s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
24-11-2024 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/qwqdanchun/DcRat

Score

10^/10

asyncrat default discovery ransomware rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

127.0.0.1:8848

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/files/0x0028000000045238-510.dat	disable_win_def

Async RAT payload 2 IoCs

rat

resource	yara_rule
behavioral1/files/0x002800000004524a-470.dat	family_asyncrat
behavioral1/files/0x002900000004525b-502.dat	family_asyncrat

Renames multiple (3945) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
5836	DcRat.exe
3244	Client.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
95	camo.githubusercontent.com
96	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\PREVIEW.GIF	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\mfc140u.dll	Client.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll	Client.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	Client.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll	Client.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md	Client.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\PREVIEW.GIF	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-conio-l1-1-0.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.boot.tree.dat	Client.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll	Client.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll	Client.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md	Client.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\IMCONTACT.DLL	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll	Client.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ucrtbase.dll	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll	Client.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h	Client.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\THMBNAIL.PNG	Client.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll	Client.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.AnalysisServices.Excel.BackEnd.dll	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\VVIEWER.DLL	Client.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXEV.DLL	Client.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll	Client.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml	Client.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	Client.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll	Client.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md	Client.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 59 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	DcRat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	DcRat.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0 = 5600310000000000785999b4100052656c6561736500400009000400efbe785991b478599ab42e0000009e500400000029000000000000000000000000000000283a4000520065006c006500610073006500000016000000	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000009bd8c5405b25db01d9d72b4dc13edb01d9d72b4dc13edb0114000000	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\MRUListEx = 00000000ffffffff	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\MRUListEx = ffffffff	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	DcRat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	DcRat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "5"	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1 = 7e00310000000000785991b411004465736b746f7000680009000400efbe5759a076785991b42e000000060904000000020000000000000000003e000000000058a203014400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0\NodeSlot = "4"	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 0100000000000000ffffffff	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	DcRat.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	DcRat.exe
Key created	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	DcRat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	DcRat.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	DcRat.exe

Suspicious behavior: EnumeratesProcesses 50 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
3040	msedge.exe
3040	msedge.exe
60	identity_helper.exe
60	identity_helper.exe
2624	msedge.exe
2624	msedge.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
5836	DcRat.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
3244	Client.exe
3244	Client.exe
3244	Client.exe
3244	Client.exe
3244	Client.exe
3244	Client.exe
3244	Client.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5836	DcRat.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	5308	7zG.exe
Token: 35	5308	7zG.exe
Token: SeSecurityPrivilege	5308	7zG.exe
Token: SeSecurityPrivilege	5308	7zG.exe
Token: SeDebugPrivilege	5836	DcRat.exe
Token: SeDebugPrivilege	3244	Client.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
5308	7zG.exe
5836	DcRat.exe
5836	DcRat.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3244	Client.exe
3244	Client.exe
3244	Client.exe
3244	Client.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
5836	DcRat.exe
5836	DcRat.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5836	DcRat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 4012	3040	msedge.exe	80
PID 3040 wrote to memory of 4012	3040	msedge.exe	80
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 3576	3040	msedge.exe	81
PID 3040 wrote to memory of 380	3040	msedge.exe	82
PID 3040 wrote to memory of 380	3040	msedge.exe	82
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83
PID 3040 wrote to memory of 2220	3040	msedge.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/qwqdanchun/DcRat
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffc578a46f8,0x7ffc578a4708,0x7ffc578a4718
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  PID:3944
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x108,0x254,0x7ff78f725460,0x7ff78f725470,0x7ff78f725480
    3⤵
    PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12262624168832146642,4129302976341131870,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3296

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3552

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap15623:66:7zEvent3723
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5308

C:\Users\Admin\Desktop\Release\DcRat.exe
"C:\Users\Admin\Desktop\Release\DcRat.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5836

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1720

C:\Users\Admin\Desktop\Client.exe
"C:\Users\Admin\Desktop\Client.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll

Filesize
558KB

MD5
0cb391d3e3828644ce050cbb97afd0c3

SHA1
832845ef165cd417165cb13fbee8a033c5f83a24

SHA256
1ce97838e23934d29774f9c4bd27b1c4e50f2e3c71d97a64dd7c5b5fbf44ac66

SHA512
76f17ff47496b6d39dc88a7c2e7e4a296ce4d4490b178bde7059fd1cd1d44855c93fe1cf9574b4d3cca520f66b605da1a7efedbf33ca8d7289854ff6b9afb7bc

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll

Filesize
95KB

MD5
228da33fec1b4948fe2883bf878df99f

SHA1
92dc0ebd078883466b30e8afbc2f52600abe28d3

SHA256
8645fd261f046f3facfb553018e70f9e9c0eac1244671c8b20ed838f443c695d

SHA512
e3b96e00c9784f120931204e5eec3166ff5b4b52f116e53b60b23adc94d8fc0af14fa6821e1a28595e288f2b1b5a6cfa0c6a0c66e26b1d821d171a5187841bbc

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll

Filesize
36KB

MD5
bde409c7e3c7d2f939a64a7e55ec000d

SHA1
e7b965f7d9ec70b0431a538656fc4232d40a7948

SHA256
8a91e18f05108eb6aea8bbdfcbd9e3c478c632f4762ea23330c00f68bf546e1c

SHA512
83719155f21c9170e40fec9ef171355facbc224850833e57521230dce10466ab0412015f7117ac4baab1c3152ac08cff5692337cea48b5523adf9385a3b376f5

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
bc5a57f5f10cbef1f4f5dbad13a56de2

SHA1
7fdb92af4f65466dfb4acb69032e9b5ca10d18b5

SHA256
6ddd7daacd20c8de1b3fd180600a09f2735738b5ebab9374cbf7b1dd6312b693

SHA512
44474dc838ce9abd6a156cebf47af7800af4e719b2aa90938dc4f003c05e930a30772216ac80fc10eed21c41f5d1dfa0cff7dc2a399316f40f6a19c17a942e99

Download Submit
C:\Program Files\Java\jre-1.8\COPYRIGHT

Filesize
3KB

MD5
e7d4e0d6694cc7327d2c48e7947a7c06

SHA1
8079b814d3eb90c5ed10e299a5a66378b9dd9099

SHA256
2dde3dcd605626bb0698e7728c5fb0c9b7e957452df1d1ad0fd27af14e54c220

SHA512
57d828917552b7e06a790196e7ef5ac5904c5232559111476c6fca4ae699023c6d5e662f53514150505785ea69c46063b27705da906d7f7b59651c96680d02fa

Download Submit
C:\Program Files\Java\jre-1.8\LICENSE

Filesize
48B

MD5
e6c4f3823bac3ffcfffeb2c9eec5c4d3

SHA1
307d5db3cecc826bb7bb548e70be19c7c93950d0

SHA256
db91660f96edf5c6e1f8084a809c4207e9f99d105be0e333f02e59b6d916dc6d

SHA512
fca11b24b3e77f47eae3e5d9a44c35060590714db6a5e5ca1134fa3b7da17899b53a65268d2953f3ed5efd265a1d806e40f8d149b27b3e2c67e27d48315de496

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
c55001c70ae4e9d5eefe1b69f41669e7

SHA1
c2378bcdf2434999d2c1f1b4b149fe9ae4700032

SHA256
726a47aed05bce744fc721fb4ec29b7f029427c9e5338f00c445ef8ee5e683d8

SHA512
4a985adb1bd7178c38667fedb4db86eedebce7bc798a0bf25bb67cd54bfb1c31f7ea7f59bc5672dcca98d283ff10772764bc31f2ace3443342a6968fab837e2a

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
9d1135756ceb1e4b810d56e2137f8fd9

SHA1
57010fba11a580f708d7d98407f49261112e3453

SHA256
94a4cd958c92cc2efff749e289e6bdf55f25a2070d59d3fb4b6eccf3d4b777f2

SHA512
d91412d5aa25d0ed802bab044f1b0852bbc33413f0ef3a0b0d0c3ebea08b4dbe0d1e30a2191b7900ce12f773294eb0e32ad861924eebc1c2a17a1b67ced6f04e

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll

Filesize
11KB

MD5
78bbd368e00d1697f00885ca422279fa

SHA1
8250809cf90b2c0422b64709b87c8c59ab9b6052

SHA256
253d320158b51526ec6925b0279bab7a8c05502f0bf077a22aabb7ed91e69c2c

SHA512
bbb7a5bdbc509d55d9afb84bc8d89e60d618428bcff28f422d128db4b5208227c5466967e0d60cf91500c209682cdddadd2b99d536b3d0d8e156ca66d22a4977

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll

Filesize
11KB

MD5
9226ef591e3e859cf1aef0f7ae09b1d3

SHA1
5556d5cbeb32bac3374cf189c52137418c39ab5f

SHA256
1cb25376e093cff3773d0be335457c4fa84f6cc264c0d8cbc238806b93c4d080

SHA512
2c2005682f29dfcec41c39b51c0e3fac5689d8c4766a9d1cbf3f1a8e2195d29cacdff4833b1be59f3fbbf289a292693b3c0022e30cca5144155b218878f47d43

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll

Filesize
11KB

MD5
07d51007c758a3000e09db528c459f01

SHA1
4aba31c4c70add1506589e125c99270eddc561ae

SHA256
06b29acc6f679bbb8d0edd158ddd69854e95d5b32959d1e2a3592d6e1b5ee82c

SHA512
fae25b0e3d377c3dd5dea842bc1f7cc16ac9665ed31f2c8fde95db9c4f0131d10d88abab2f45fe238ebe0e6b20de3cbf970361d813bc5c1778361f204392d28b

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll

Filesize
11KB

MD5
b3a3c7fd677940a7ab511c6d06ad800b

SHA1
7c881833bb7800a63a6c737a2c3deb6d7d9322f4

SHA256
2516885ddbe051a100dcde9b8d43f8e05b1e119956fb0415990ecd9bc672a5c6

SHA512
9f787a324fd9c5f441d5d28ca4ecb290533258d71263192acd11ed38f31d31e515ce0cb3e24d496989b9db47e543555e6434988c428389a57045dcc0d0915e73

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
11KB

MD5
6c4bea0b67a74939a57a98b91cd22dbf

SHA1
257367710509354e55cdc64539e6010dcbbb85b8

SHA256
0bea0b0cdb4c6a7573778fdca8eb1541db326f53bfc8413979c300115de26b2d

SHA512
e0f08283e872d422ef5ad276ba0f5469c6ddd32969d11b50cc63c5be700675192e7c70f67cf87a5f0f3a280c285ed08428d43031c12f60c87106a113da1db6cc

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll

Filesize
14KB

MD5
9eae71d586dfe4069bf3892838547f90

SHA1
ff106277794f576a29db357627643e3bb0a9f568

SHA256
cdb59be1b315aff216a4ef3ec40f6abeaa77f16d9faaa90eb105ea37efbc2584

SHA512
3b3633dbf2730fe65a9fe596f69b58444d273db12eb665f6e90c3de3dec0de7c01afc5be5fc02784537e85b99fc98645f4f3e5a975a1f4b561df4bdacc0f6c65

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
f5390325f9cb947b3f4c9d6fcb84b726

SHA1
6b10e2d91d68c4cf8c65b5e9e8860fe34cb8a561

SHA256
8eb7c2f0e5a81a392ee768f4518fe8885a0ea3c601b81cf01faa2a6327192f30

SHA512
31c544f1d8a40d219e1e70853d521a89f49172c1b660bb27b9b0a768492f8423bdad0b3b7c2e5b6bb44dd6fe459971e7f7b5fe4641b647cbe5ddba48ec3c19ca

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
aa7f0bc512f4257a5939578cc7430587

SHA1
0b17bd0b6c46067641823127e05031d01b1f5aaf

SHA256
b43e1af85be0fde8a1a471889921737a0bb1e0ade74f5f60f75a1dd2e3da51af

SHA512
867278cc98e26e8e5224abab5f5befe48179e682bdbb362629f73c6e41ad90201dca74fdbb5ca7deea5959c1c23a5667dfed21d14074bbb60e0b3e34ad31f05b

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll

Filesize
11KB

MD5
409b5b66f8bcd042339ffbe7b7772cba

SHA1
9adf17ab09710379da1dea2df528e102cdf81298

SHA256
ce851c20bd3acbc66494cc677fdd6f29fd2fd2c84017c97df63fc70d023bb35e

SHA512
8bf276df937b170f6e79247a37a712e70374c2e12e7d8eeffd410d9e0350009980ed8c045801f467f36b0dd2017d64d082c0272aa04a3fb158776326618e9d05

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll

Filesize
11KB

MD5
30ec41e4f7072d2e391e22b676441adf

SHA1
bb47405f1a96920903f7c8d748172bb9b54b335c

SHA256
f864c17e8d2707c9cb51660c35be5ab149d6f3cbb6f93544de11d69673295016

SHA512
304cb8eed6dfc261268bd7fc026e7eafffdd070606a0e7f574b556920c3dbb14544244072d2b403d1a7a0ff103e6f75ba30dac71e4759cfec2aaf7f44d6b871e

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
11KB

MD5
e0b7d169a7bd8769e05b598f5e066394

SHA1
90991e3947226a1c256a4173ccdc71678e876676

SHA256
567e4678ac8e54a5000fe027eba9cd49063f9198aeaae06e6e49f018ee4e877d

SHA512
65a68128332fe7a022a53a5c02c17fc5a0aa055b1f792b5a75c2260133790005c296b442cfacfc6e1dc7a73af8735a0841a2c6982fb9aad645330afad0066f59

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
12KB

MD5
2d07ba8116a67544eb096db9aeec673a

SHA1
5881b48294e3bd764cec99835439df289a0d1273

SHA256
db08754ab0ee907cbb3f337487be490a2958994bd9a2a5bbc216f0b4435eff1d

SHA512
18b13faa25cb287aaafb81356f4b1357c59cd70e36a8f68895a3ccf2fea369800b775bbca5f129d2d0e88e4835fc5bab40c20c0d1ef125f3dfa255f0971a0229

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
d3e3f0778973c2a92e349f4b6fa8aec9

SHA1
b1d07a786af63761166c7f226a777a340e9b5c43

SHA256
3941b3de9919dd3b8207cd565b6ea4fc243ef701dcdb24f3e93256d2168de4f3

SHA512
ea3cafe3c2978258734d222fdfcb259214443a0e790bea1fbf659322ef31f250db3ad603a3725e112e518dd41b95303261fc22b80b91db66516f21f7d441fd4e

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll

Filesize
11KB

MD5
6f40d59ae62228f4b9cc81347b20e42c

SHA1
f6b5a2fce81ea6aa1c90a981d1674d98dd33b3c5

SHA256
8114c15ededf8a777d75be1e7b8b2f9a789281908a8e5f3d1f597f6e96a54044

SHA512
4be6552b49d1714cfed3144d0d12ad8e6fa31b36efcedd8dfd105887e1e5435847d42b5a0e8382f87a5d914ce13b066edea49ce9706659d7439a32bec82ad528

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
11KB

MD5
6cd194744971ab54eef4a8c8640aad3a

SHA1
a37a2719feef02a46d0d7ec46fd89dd620dfe86b

SHA256
77b613600001749a79a8a5bb764bb01ec8b9e4a6d4f9f2c0d5b4fa14e453a6ce

SHA512
f187f695f7df3960bcb9f0fe7330e37a79cd8741cc79f86ba0c69908853e5929a70606d7b5eb83a011d7878dd437b71f3a7928bd340d6d6fc1ca4d7c0b762653

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
12KB

MD5
26fa40553fd9fd8a4397427800a570c3

SHA1
15eb9b0ee51549f2275471f9357e9e46e6b9a9ae

SHA256
ae9f82b02c1d9d9151b5d7dcfa87cdbecfa4c3329ce303adeec3b8ee9d967954

SHA512
c402ac29f43549317825795a865b010143d087ca4fc30518d84dde2f9d9e585bf809a29994c5dd1af91d2a0aeffce15f9f53b30f24274bce60ceb7443541c26e

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
13KB

MD5
c0b6bdd354b221ea6fd2926a8f1fad2b

SHA1
6557954490c8c0f61c9ac2a3c1263d438cf507a8

SHA256
aaa4997249429fbdc45e5466d3c47e1381e7e4058779eb4aefcfd0733e3949e2

SHA512
63c48ef51c470dcdf89b21ec26e596fd7c36505a9c79c900a4ed18654fd36badb00558fa1e3d2e90d0e077c142f2ec97599c3c9073b3956c3f138e3345b53fb5

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
e4f4f33431f006543aaff31ba92cd0d7

SHA1
5c35354051580a594acbc2df1e07d9031942cf08

SHA256
6424db03108bba298fe6379a30920a34c2964696ada3d31aa269b7e0d560332e

SHA512
77c4dab8239908cfc3aa2b0ccd5deda9a93d1257209031d5db7bdf3df8d61ae8e1ba9fea07404b4f8583c683a1eadab170648258df86e9b0beb22b638907a87a

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll

Filesize
11KB

MD5
f4def3a36aa563d49b8c4582eaed4a99

SHA1
58e5aee8a1d6b69c17e24e4bceca7e74cc10f886

SHA256
e746c6c253ddd4356333da597cf6fa3c16ef4b76dca70b566e9e26c2de09a033

SHA512
6d926c026f5b502ec900517e570abda2f6dc6965a341d57ef2daf96adcb75804f2013f659b161474b8a54b3bd1a6a6f37e37ddd4044a11b923d89732ef7b1663

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
11KB

MD5
c1db701f73c95b666c37f97ae9b74cbb

SHA1
170384d55b3101a9aac5175512ee2eca87147b61

SHA256
489d653a1bed2825f99ad69a92fb7b52b971ff69d8f892493d6578bc84866935

SHA512
a9c683372f84f68a165431e02fee79e20b8413da9d0dffb04b40b36f246b20dbf0fa93e5af4dafe4b1405404bf82c1b6f44402d724674c1aab88c0fadda41769

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll

Filesize
11KB

MD5
db1425c57e6b7ef19040b9d5fefc3c9a

SHA1
b70147af64b878a72a96da5eb038f9b0757a8c7e

SHA256
9406d62106c42b7958110251dfdbc0f680c49be889a9bacb6f9bc6e3d02ec47d

SHA512
77a78b3aeed733f2a59553485be99af91f46d3f884a574dbb4e0faf0776492975a541879083c98ea1400e2db3a4c4c9cd44c19078bf65f3b69e0a7e6887bcd86

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll

Filesize
13KB

MD5
ecb5bb6d63ce1b639781a903190ac787

SHA1
58227e7e20bdf88f0b4c31ca49ab6293573a9fd9

SHA256
a0b4c48889516f01b28cd8d16dc9e3378019bea9251b32db602391993a46a77d

SHA512
4545faef22e789e248cd71545b7e33baa0af8e99c383a64028eee7b1d96ff019ed68c0fe3df88e1a3485cf79907d92f5e545edee4ff6b75f4b632ef51edbfb24

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
6915284303e354c4fb6eff24eb699b44

SHA1
d1396e54b652b7dee6241a437facb5f1151be9f2

SHA256
c8b39a4f41fe5f232b3fa6aa78eacd323787e9fbd531c9b97f531e7eed4f8bae

SHA512
84c213285f0540172bc6bb38694f2c8611e7f2fd790abc9d6626fadbdca72f08e068a481890d05577d0b375cbb917062c73731ac7c88fec3e3ab67e8fc5f9362

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
12KB

MD5
df616995a23ee715ab001c094054d7f4

SHA1
5974f5329d2d3f67c5221c798712e129b6262def

SHA256
6560a34df94901a489cf7ea7472d91c85686e353d39db3cc4a530ae593ddb055

SHA512
ca3c560f7efb6ad78c381e959d28599ec92b7f1d34a0d3e5668504a4079283106697b079fd8fa30759b2116d1cf9a1844f03752ece92806e29dbcb00c1548d8f

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
de824b77f387147b037f0824f2f5e1ad

SHA1
dabbb29853fada49ff30af4de6626b0f5a0e9c0e

SHA256
6208132d1fd85526140bbad2f0a2912a7cd2339d542eeccd4417b486a4cc40e7

SHA512
2e577460f3a8a14243bcbc58409a9c68d7268c0274a01e11f7e5b47528dbe89805006f1448b9b1605ec98fb9f7033643e1b8300c2718b40a86d7b2fff5b40ea7

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll

Filesize
11KB

MD5
ec92c565ec7cb9f5c5ee8d5c8825f245

SHA1
01f3041ba1fe62edf7980ffb383c99e11410a786

SHA256
bd902c16aef2713ef1e7781d1520b645bc17f335de51af5503510e54fb43e3fd

SHA512
f30509ef3d221dd25866694bc3344238b09a2684d7bd65a968f8acaa197466ffe018ad8c992aa497faaa169aa985dcbaeb46f6c9170f26ef39665cf3ae760c88

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll

Filesize
12KB

MD5
50d4379479ebeaf5767e39a76b56d29e

SHA1
f7e376471d314369148be014847e035646db7f4c

SHA256
8e765697f9a8f6d1a75f0148816e3d8412fa4e78845645cbee133dee836b8c17

SHA512
58d3501d9bebd6488a99983b246a4b5310fb8d430072975554d18e8dc0f3a11c18a8fda45f266003caf0e9150d1ce21abd0b3d7603fc7c7bb49a7763e1847bc5

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
f2c12dd238dc9eda471a001d1c59d806

SHA1
821480024a6d976fa02e156691bae7296268f0f6

SHA256
85ed9883de547c0b36f68faaa012c83697e068fe29b458cf33afff24527a3be3

SHA512
fde7af4388bdcc0d4d41aed93c214bc56ed60029202e4f8aa99ac0c796a32038edbdb6c1318564496385e84bc7b58ee1f56ad63441648a8656528f82b21af468

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
6933691edd6e8c130e89aca318aec2d8

SHA1
0529d583f4971de5af9f9977d998932ec850f650

SHA256
4750c565c3c17ace7eb1ea914bd79e9b7067e735239236df80c61f1b485d8f4e

SHA512
e0aca978a887ad8f6978999df868ed2bc9114f2654c7a7df5bebdc4cae9d6cb4732481afb970edfb011ee7125523abcce80a6347cf7a5571f7ad01b73212a5f7

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
23786ef06fbe00e51b008ae45aae35c7

SHA1
d774cd233f05bb8a0a65b155ac60405cf2b5f42a

SHA256
261781799afce1599cdb5aee63e9109c40164bb668ae9f67ced5b85211fb216a

SHA512
eaddd3b6c11bc284666977a274dd054ec2829aa16f88c9ead492ca14cd46c3583dbfb276223176f1fa7f87840d2f8aab0bd8f9c64af08c005ab343b2334874ba

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
edeae393bc285b187d1962a6788aadbf

SHA1
c1aaee7c7801c282930de6a662bc600ac2052c6c

SHA256
6af3077565ffba081a108724ebc0abf3374060da4c1dbbf5a886fb03ffc43b19

SHA512
100824f7cf5f84fecfeac7cdcc86af0b5349a5ff8bb51a68acdabc93f52a50f3cf3ab376d86e3ba09b3381cf2fe2b3c7ebeebd78b73853b6e65185897a73ada8

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
94eb59866c0490de8214096c190841b5

SHA1
da723542eb97c1c0a3d581a6acc8604f1c98782c

SHA256
57ca64827d90cd3ef4ccbac4aecf786cdf68abf43234c245d5775c8c3a87e22d

SHA512
aa0d040f7ec77290e6ec884e97edd56f9744f9fe41b8f2c3b65b5d39de5a3a3ad3f975554274c06e3cf243056281cf6f4eb4330632dc8660c498742615d4dd35

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll

Filesize
20KB

MD5
b34c8b0921741ff3a2e358b316edd74e

SHA1
d08b9eac2c325dd952d15ab18135a901af7418b7

SHA256
0f8c30730978130975b61b2ccebb9a6552b5b1223d1b5ac815de510d1b446adc

SHA512
03e556c5bfb2a7efafbacfcf17529902534597be20517cca67bcc3e8529286754bb394f214cf004484e7904fdac4028e4d1236f6e5527791fbd910ce2382ae78

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
19KB

MD5
2a1224966cf48d84a066a680e11ff56b

SHA1
fabd2577ae20fda4073770eb6220d353d405cb21

SHA256
dea028dff4bd4cecf1eebced793b3e6932827a27d8f25c4e3de6021b6cff029f

SHA512
9993a99e04c445d87532ef805114ed5aafbb02c110bc5a0d6d6a5b473545c6ea1891d857567212a545552f480e43a8222065813d8b8b0f4bbd424e803935f910

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll

Filesize
62KB

MD5
bdbdd3a7ca81af4597fe6d8681008d1b

SHA1
a4a6fde6df38b99dc67c0593fa3fa055d3bc15c8

SHA256
4a13d3dd28077920a90aef4278f1e09433e6324b440af5f088d3eba2eee6708e

SHA512
a7d21ce56e030b0da65e605e6e8cc8a22a944a3bcd6adb1e765a7154044016703e0f60da306e23a693a2651ec238ff9a043b1b4141d44aa4500e007469f6509d

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll

Filesize
12KB

MD5
e184f92f030f7a3b0a2ae989c8eece76

SHA1
41be15175ea13e29d63ae09ffaf6d5999f818e9f

SHA256
f0956a8fe7e6e9a2c48e8ad13e1e81b74b86376f5209b1676d29252b29c960ac

SHA512
c4d37c9eac4753c6cf638d83a0154ae50ab88ff2a7d9441cfc1d5fa6967a6160eed76b3d5e032bebb38b9e4aee9e7ece888a7bbe20603e29899104bd791edeb2

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
43779e429749b2984d0fff64fe518e30

SHA1
90fc21323a4657f8c19d13e4b6177f26430a2bc5

SHA256
059ad09bb848530f3d5938c8e3eabab9678c4eb7bb6ab1b74de19ac4e1bb16d0

SHA512
c3c6d28020ca0ddf55af733f80a35151ca90a9a1b58f961f61c53f00909f5d24a789ea7df716389ac7bc8ae6a8fe31acd4f2faea5b83d35227287b7f01f35828

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
c8241025b8a4227c6b38288acadeb269

SHA1
6e8c92484a4264914a09d0e67052ca23845e2877

SHA256
a87b96acace45140b8fa91c873ee1ab4ec8cfceeb88c984f9e5e72883eba0e5a

SHA512
59bac2469764c60e695666a08235c619bee7d5ab29ad23b3e4f2f82703eb6a185cb2259d637bc5263b521d716ac1ba8d9b59e2f02fae20034ff9ce32566585f3

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
aabfc28b681e1f12f35c8f48854a2dcb

SHA1
50008ef4793134181e065463b51e5d0751e974d4

SHA256
74dbbdb89b8dd3361a503d02964e3b0fcadc7460e3ba1825f58c5c435674383c

SHA512
e9139d7e66fcccf3e18c2675a006c2dfdbd2bed9bcc6ff77a991f28a41a1e00b3459fd461ac2ed9951577966addf658283b7d144177154014978ad9c3d8d0d8b

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
b582a95cb791baee3d8131da5d28c579

SHA1
a21610860075f0176cd32d3799de47903bc9ed9c

SHA256
0caf2bfd001c53b45aacc31486142d058322397b68bc90c808538790c87fb182

SHA512
ce9042330939381dba4778e8557b36bf7c7b860547d492f089b6e4e72984675457bc75fcff2cca648ec62bb49b1de1d983db2b7e52b6af191e229cf8174f28f2

Download Submit
C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
1124cc2de9bd2990f1bda865a91257f5

SHA1
aca52b351430918e840986867356af74ee63b49a

SHA256
2805d91dd6219001dccbfeed6594e2e734f180844e90d800c9ede1bf7991bc88

SHA512
f0a3b8f5c5b614f8ee933439f2be7239d409ff15673fb97ea7d222f61ee1b52701005ec83912d0630d6125c4387d1f8cc03fad729c2a8fdb42e71e910b8354fe

Download Submit
C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll

Filesize
1011KB

MD5
4766475794a69e1b1487556773af07f3

SHA1
45d9c32e182079646d4d04bf77c05f95204318cd

SHA256
b377e05ef215f07dba8d882adfb25fd7639bdac56a1d775a16fb2dccc0e7fc95

SHA512
f83f904905317274aa492d28607b24346cdf2d954c563d184dca0fde3f1e34ba4d64e42b3b7cc5e16dc65a6b49d458c2bfb16769e679585788a825d342925106

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
9129a1900b70d968561da481251b7eee

SHA1
47a9039a9127855091f1e2846a903dada5e94f0e

SHA256
5fd1c9806f1daefbaca9b8c793e5635bad0c98ce86c70d32a64954c48f47dfc3

SHA512
c691e36636a70fa2a52d42e1b6eee5ec4b17ee83870882550d26bc7bb9d72091f2ba531afda4da58a716777d0b4c1721812641e267f29a242c7f94e6daa1ce2c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
1cffd223ef3a13551d4128e52886e71d

SHA1
ad3469ca71fc430a1779137777f6e728a2af9660

SHA256
92fdb14d33a3ee1cd71a384b92280f556673e195b3e724ac90988763bb8c7625

SHA512
e915df4a4522cdf8cb335999f0db05de025ca005427c4c0b18364ee13cf15a93e4ff86fa4bf8b5cc99b35551a5a64856363465a2ef9e05b774bedded37b82fc7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
b296602db67d4afe9508d822e7961079

SHA1
8edf7dcd1f1c0f52d312309a6b78208ece0fd1fb

SHA256
6017a09b212840c2914096a0ee0b63fbf35caeff65408c7adfdd70ec523befaa

SHA512
d788133928be0a88ee8312f70fe28f1c2b798ee8ed4610afa91ff58858c9aa8feeb43bbdd6cb888d27a8a2d3164cfe0e81a52031e83db1c3bf07fa0f4bc5e9d5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
531d6ed7a8b918f7fb3925beeaf2c575

SHA1
10dde6a50d91e10ebc537390abaa615e20bb7c2d

SHA256
20f45e68dbf580f448ac28c74ef3775fab15c6d52410a0bb1d26aba101b43072

SHA512
d6e0070cbf15c519ee74162c20df0d52f542b77fa7dafb5b1f81a33d49735e2ede9c4577060a972c11cc7092470bc33dc46ff175e5d927548095114acaf81798

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
f3a271e5e772bd6079eb8353da063a2f

SHA1
9a6bf7fdc28f3b1c90e4ea65ca5c4cdb1efa30d2

SHA256
0af909f631474c11f8b07ecba58a2a665a6a130d5ba921ff2a7fdc8acad39d0e

SHA512
1d860c98d44e4a349980a3865b3ebd7df9bf5eb3ec8796a4cbbe76b7fa9b8709e1c163b800a1ed30eb4a648d7a70cbb9a8284af98a2e5e4af7f972f8478904bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
ed531b024e0a98a157f60427c281792e

SHA1
fbae86d68a9201c97c0ae842727a50a98ca64eca

SHA256
e98c6056777df47e7e28b9e370cfc70d84af8e0445d42dade51265e2359c49e3

SHA512
7ff3c64a721db4ef2bbe7d2aeaf02ddb6c1622a383110cf591191502df4a390e171b8bed0e7f513190cc08a7def4f3b8877855daa34967ea3bda389afaadd444

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
1f791af57ed98edb23083ff2207e5939

SHA1
23cafcdeec71b5ac346276a1ece5074d75e511d1

SHA256
39187be77ada5bed0e1406533c121d0a48dfaae916fcb3e67e3aec63a7bb7f73

SHA512
3b679bb860ed17db40cfb5a68e583880ba6650b464330edf71e97a84a9fc8fc782ab42325bdf2711bb79d095b5a7083c1308235298d4cd5dd8fa66b94fa6c10a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
52d5d7ab87900e2994b765784f4d7fa5

SHA1
fe169d4f328f84ccfa4fea488f1b51d262fc72cf

SHA256
cc33d99608fde5685975575d43fbad17c929dcc8f192e4d5c2ba98a7190fef92

SHA512
cc4adbfa205c727c684fce393a40cf3596101f24285e525ecaa3b98e71215f3d6faef3bb7e5a7213d341e7fdbc8539f6cefd97d979401a217a613767a1e3f9ee

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
d9c53747b7bd4f8c25c75f54beeb1e9e

SHA1
ad4ade10d0dd1f7540001349a5391c62f593dc6f

SHA256
8430c2396706bda7de9b3e55c4cdc0b4ac070612bfd85e1f2843e22ae7cf5916

SHA512
4eba25e59c40b9ced6aaf50de2aba049b7f9c4afbcfb8b7727f5f1b294aee81c819ca7fa337f400bd5e65e08c2feef3fea39bb436ef1cffa138b0eef3ffcb0fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
9645ab4924f996dd269dae7213d58f3f

SHA1
b15d9432a2f16b98d4c698b2f200ad4c87dbd3bb

SHA256
a0168cd0b550777382a4be7a3c7d9c4f1c0d9eda4b4ff3ce386a178a611bd021

SHA512
a7ab2ad2bc2655e009477e7a9517935e4f878272d907d095d4fd0cbfadcc123887ae1216764a302f2eb8b2c393d2f07a1014558575452cfc2ff597b68a4bb598

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
2004ad5b25dd57011d446f256412f4f9

SHA1
8aa2e6f51a344595e7558831f11c80b2c204c777

SHA256
c2a70d3a1d2302bbd715c06f60e3c796dfe8c358b6aa8e8297450be146a17c6c

SHA512
c1e1a13fbc8684d830906dde582d6a8a9c4b108039fab081487cd95d8e5d7ff7ea2211577840cfea1c402912b9a51ef64eb62fc9fbd29bfd7d6649968efc14e8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
9cff05b03f4af8b9bafd5e8a94fa1110

SHA1
7f73e997414f37eea0c91021b1849b4eae086c78

SHA256
2917ebf26abc045e2874cd4177e630ac672884de362cfa467ea093ea28157a6c

SHA512
2cf314d9776629777acc96d97889dd539f12c69338b6bf2dbb5a93ebd1cd4a9a30db03d5f5d5540fcd00b1880a86a0f9f0bb76063c37c4dec5855fbbd082a961

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
d18e800c776597c4600816cc7c20798b

SHA1
7f1ba8fce9e0a00ce4e2ed9811674324748079eb

SHA256
5972ef889182627bba443720a86d64fc79fb9753a94821912cd316546de676b1

SHA512
4febf08734542781e59672f79522a2e456c1d9d759bc1bebebd9b2bf9185413c73adfd4671e4e735e1243cb0b9e9ffb18fce52a679c1c925ed031fd09e59f0eb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
8a227a8e581ca5ca23c1776f8b656c51

SHA1
c2d32ba957ff7286f58e72dc89f750a6a52cc0a2

SHA256
786c17ef33df0070e7aedefd3d9761c946dd3ee9ad30f62e79287e40cb36b9e3

SHA512
bd7b77e7f4fc6cfeac84a61d348fba426cb4b65e17f25eb5ba132bba9e20b2c5da4c1c80ac7dd1ef53a733ab22e7165baa34c936013b84aeddfcd298a605f5c8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
176B

MD5
fd744827c4fc09c080900a6a3ec677da

SHA1
82bca0d53678c3e02f70ae1731f82f6ea3d95e37

SHA256
7f3a67913418549cd3e01fd6ccd7c7ac5c86b130cc0eaac0ebda670867dfdd08

SHA512
4f38fc97c66d3f6569592efa7a9aa2e5614479424798402fd3f4a7f64d03063559368f8b9d99c1ea714d88f75eb9e89e4bc0cee8e1b41d4264b2629852dfa9fd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
8c70d4ed8ba54a601d0cae118d432fd8

SHA1
f55fd550524fc79b63fa8e58744ad08b82d1c6c8

SHA256
1b73ecc216c5f77e914301dfb2ac2bdd95e4a1c6e81d1677d2256955d63de1e4

SHA512
4f2908fd73541c46d193963cdf289de8cfa17a9a5c892ab30a1f0599000d74f67f6e87b7b0f58fb1e3cd7e582eb1b472d5c6e0c1b4607fa4b0fcc7bdb3aef684

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
31c3d57558d8f281ba5c63d2607b65df

SHA1
57b71de6f52b100d5dac04dd5001043a0772b118

SHA256
98429d94d86aea4e3789dec60e8b676fa95e730f3df950c1619dbea58e9474ea

SHA512
93fde54dc77ebe13504dfb4431ca197865ec892cc44ef880ab4b67c48fc1f650cef37dbf2293f2f1db92d0681179cdf1f630e5167b5eeba34908ff845a18027d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
ea132b3c121902fd9db038ad92a653f7

SHA1
76f6ce53b300ec66674ee3887b274fecbd93442d

SHA256
0c0a4912620e68577fc7ab6440e4949859a146671983896d2e52fc618899a407

SHA512
1976a4a6c1dd2480d38bb50a12fbafdb1732c61dc6876af660bf2e37c56554cbdf6d579bf8f2720ca5f782d572e89f76c402347796a805e6afb11fe21d62d870

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
ca4be68c5de85f2b68347c5a9280a18b

SHA1
bef7321473d198082c85bbab465fb49a7875fcec

SHA256
8afba827e08873420fdba261faadbd068c850080d9596dc4cc93f44e2f2626ad

SHA512
628f2c45ea1b7ae479f43ae73e1fa14fc31988e3d418bc6a73c80d9c032348aa1d2b35e9b53025ec8d1881a0796b9c1e77b7d26aaf5f020aa475d37638d24cc1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
742a151651219de609e68046e5479dd0

SHA1
bfb3a84780dc45cdb02c40da5a7a05006e268835

SHA256
efb967682dbf8e518d97d04bd30dc76c354c49cfe90542376050e732ad3cef2c

SHA512
727ef61952d458d9a0683e372cafd5b22ec7ef89ef46ada9bd2ae5fe6c8b285842484b80287090ad3b593a2e9348215287bcc3fbc41b8fd2c7cb0f2795d981d3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
5c19cead2c0576085c4a899b8015b0c1

SHA1
0997dbd4f428fd4625ca1bb19a93b4982226797d

SHA256
7975f9497cd7cd8476c6a327b1c5758ca0e9655dc70eae75bda12b0612227b2e

SHA512
dd2f0d03b4821fd70ab290a64d9ba6dea40cffcea1967a4d4c615b0aa8b21212829995a539785c3497ef6a096e3ae8035512c7510d8ed2e1f56697cad59e29d9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
5379d10b98936972890d0ca36adefa92

SHA1
eb9e676abddd605f4306dae33b8f395339614910

SHA256
269c8c596d4ceda3bec41041c6f189edf9cc324574d8234790d4c7487bd8f578

SHA512
d8a8133471de4537cbde5588dc04653e8218084afcbf8ce478d3f2c25c87380251e560b9782ef42558be87fa2b8c37a1d9fbc0e8483c808c10143b415d303447

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
43828142582d0cfb085beaf6825d3f43

SHA1
b668d551dd2044fec3b8549b479255352f646924

SHA256
238a6848c171c00c2e1aed766da0ffa2c46b5c320b8354aecebab392250e76e1

SHA512
cfe8b8eb084d940766e878d801f2bf8ee550ee89212e51dd10c1e890a1203c23de21d55025693698968c8e8adb6b97e728bb6f59dae3af4ae94620650b814972

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
00462d0a3121520118fab1a4c378678f

SHA1
81c4e84bf599a8f39d6e381cf9e1d84aa369a847

SHA256
dcdf602f77b32289f6bd0160d644f63d26afe12546c4d61b5016d4daacd7def1

SHA512
6a32f6337019f5652782ec939181584b9815787d05330e6ffca80d0866645a6a030b755323cf0c9d27961726f0c45391d96dd8ac23e81dabd5d5d52286ae4f1e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
0801ebe9377d9c1a58b28decca0c767d

SHA1
1ad3a2514847fa2611df33bf14ca7ddafd5d6c4a

SHA256
8c59a5d66c52392fb77a82bf736d7b396df1fda486289a22316477e447d7369c

SHA512
61c61596c25ffc64df3dc204b71cb5ee9a2e49865b7ad8734899df7816a5c757056cde8a1aac6c3a3b0d9eb0f7f5524e679eee8c1f5d4846f4ca0174e1818693

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
fb385b1e46a9875e581b6b82b16013e7

SHA1
b788dd98f81d6436dc0ac9c90debdfc5bdda8605

SHA256
86debc2c1e411dfa2df7c4d224fde5e8397526284f1306eea933cc41a4366328

SHA512
ef0e747f13b2a4debc0925643b36a777c5643d54fd4e87fcaf281cfb284f2c0558e7578cb94fdaa481c6d7d1af1615628f566a6b61be4f4d67fba931b35b8df3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
032777153d5f677772dacf83d2d75167

SHA1
b4ff048f4cbc975afa6284cf894dd07f6491f979

SHA256
db277e381277efac15056fe8335623e16760132727b4a83659e154a977051363

SHA512
8488c4f4073c1cb4a2bd73e281fbc10b6fe063551e803629a77141af961957fa9a30d2d23aed12607e84dd03874aa1347990430cef23987d14473614c650601c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
63ea41c5ddb120d9f314e261417dff12

SHA1
be5e2b46e7742e1341a1273347c1782da620170e

SHA256
fdd3e7e36224e422e76d0b31555f73626387953399b74c75035c63033e653fe7

SHA512
b6e452815a37e92eb6633cd3536d792f79661ad0c5ba5dbf91de2ff1ea8443ff0d2bac679ec6458259428377e65462280b3b091ac9724967e7add59bf7708a94

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
ed1856680552758cf7ed80d58cf8d86d

SHA1
7fe7963bfe1b0ab8786976ab59866aa3c8d6ea7e

SHA256
fde044173331a3a4a7b62a1ae33c81f9db36f25669763b1bcf979fc7600b7459

SHA512
9f30e2e6df16fa02c3bd15b2073e89069bb90721cbab5562a8a2b104c3d57963309756b3b517c0c26341b97a7a9b4e3c9c82b185294548a1fedb3cd5de754b76

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
9cc4f283714ea1515bc358d56a3911de

SHA1
8ed8c2e20877274519c7e63866613878255a7652

SHA256
337c65e9d367b0ce72a135c4c9bf86456da82148f13a8484803561484f8ad6f1

SHA512
4b71e66eef8efb842650ffcd9ce256307879081b2d4da2a3f3c33635828eb597f8e3fa58f1a8e78484400306e0a3aef0af49aaf7e3ea1874d27f7278ba53e4b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
82fa943e8005bc3f688f582c158e4082

SHA1
0f68584056eb26c3f7478a352d54d6dc9f98f2fa

SHA256
789b5d48fd32080dd1a7003fef3c04b0efe518e52a4c42c887bfb34de26699ec

SHA512
a3abdc34e5e81a7e45e2055eb7b61d21cd7a2ac0e281988cb5996e6210dc6272c52b81835d355910942347ece27d1c80f151dd5fea494ad6ed695a610b85def4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
8c8a4a774b7297093213e868723018a4

SHA1
c83c14455b42ee5a14c6466b18ce84861b76970e

SHA256
a65c3104cdb207cf570bc2938b0f26a63b2abb3464a3004bf5afd9bb1569594b

SHA512
34ccfc585e448e03942a74c357e551c04b9f84e3272264481aa0806b69bd22f8c4a191bb329a0ce9fb23a714566cfa3bfec263b18b105fac830447b0be1e77d7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
c986cdcce4de532801e2a6f92cb0b904

SHA1
c610cfea6ebee0d2c4168a3cdbcfee456365cb14

SHA256
901277b4c36c90dcd6aa9a7264b0043894f5bf1cd8b522a49953bdb3d6aa678c

SHA512
2b22ee68ccd9f1164d5a596d1f8291a77c275f64fb5eb72ff06015df238efd67edb7428e496d6cd810524b610a534dfcfa2e24e2739904abed67bc3f66ff612f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
dfb453513cbea30fdbd156b5fa985d96

SHA1
1c1ffb38fbf02ae102adac3a5d5effd0ffe0f758

SHA256
19856b5946c04fd091c55a0f213f0554418d6249f074205e7ccba4e25c0a415b

SHA512
a9e46a29d2a175999715bb055cb8d7a39a5fe6df63ab47773e1543a884094fdccbc6810029b593553738a5df43376e57f8e90d8b3f0f892ab579aac70b0105a7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
58f80943a95df1b71aef23120bce3590

SHA1
a0056e3b8aca51e8d036c766715cad4324d7f313

SHA256
8cec5726dbd4cdca59c243d457c02297e1626e53f71c280b3b55acd5a9fc746f

SHA512
641773658775bff2e5101ce792a1c6a2d52772e53ccc7205390ee59088faae70105131ca14417777d0f8f66e71650ae86183952341649c1c2a65c76f13278c88

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
7e0c103632b99d1f977a9f6554cd7350

SHA1
94c6eb25e190dd1fc6440be849b80eda021a8adc

SHA256
48895d1e1cc354acdc13b96960dda2fc1760a33bd9ab1646d5f49ddc90e60a58

SHA512
c0a8cab55e5796686229627d15a82dea5295ad8b72f8dfbec11f1bc5332594c00009e961c09c3d4804fb92c1742f2f328eb6ffc968c5feae4ba76c015ea9c507

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
8bbca9b8aeaee9ce74fe202afadb2945

SHA1
0debc1214212969dc914ce4622b94358ace129e0

SHA256
be41161bb69f2a73420d25e59d644ccd80926e4e4c48cc352bac4478e0da0dc6

SHA512
9d4cef59484c2b7313383cc36518425478bbebf8aeb7c33728aa7b8d085e1cc7899636a0de17c815d6c2d674ce8c5afb57e4a2a65f0ecf3466c306020a442e18

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
ba87c775c2512b67995bb993381c4d3e

SHA1
11d865fa33bf695b2029127edff0dba0537a06f8

SHA256
4efed6a35c38d12afe8023252a95d2f834af1e7383acf6fffcff46807019c8ed

SHA512
854e38ed203a519d5a7d0c400215b97c644d6d711fbd2b3e05236147b13f9d350f5fffb62141ce2a951c1848444f728c51c9231db14fa611c00b35cf22289a99

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
ff4e81615eb633840432a0cf310ac274

SHA1
3924ecfd08e08c8bfe641cf5bd65d44f03fbcb9d

SHA256
4cf7ab0310cc2058c269e99dcf3e86eecb42fabb0281ea624b63421cf1b6d9fc

SHA512
a069fc6807cfa2c9be485c7609d8de20c3a2d82a32f9cec7155fd58df5a77dfc612223385231d297a940c23894dc1f15723ddfedf5deca45cb0f5e64f51f13ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
98faecb6786e65ce927994ee392e4e05

SHA1
bc4f8349d2a1bdd122a7481aef5685acc5a319db

SHA256
75cd5ea8de9c2d4901a7ee968fec6a736f1fbf271afd7d400f1c515a9fba213d

SHA512
2966497033e42bc7ddc1866f52559c2d9bc9606e43a866a4c9f753e7adbe1f6ca3fb25a637f98a51ff80b256b1e87a290f490a0b71d2de661d27c0f2e3a8ce11

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1024B

MD5
5bd9eff34de1fe1768b426453f1f7ed4

SHA1
3ac84e9349bfe0ac6d337766de89e697faa7c79f

SHA256
0ad54d21fc1c8425b3ed3f9d9e8bc742abd30379fb7fcdc59e08a0820cf71251

SHA512
e09a10c65b4979f31be033ff7872e98f3646e63b40f0cf75dc8bd7a9a305379e3493014929fd8ccd366eb227d7b888a6761859ced395a7148aac03944593a24d

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

Filesize
4.1MB

MD5
842e30720c0d9950a3a948f6406f4ca2

SHA1
dcfdff09ea2531bbf320f7c5ccbe00d25aa385cd

SHA256
ba813a3fb52bd11119c4a0cc5b29b65f0b025aa39c26e118e635f5ee31e1ea83

SHA512
18deb533492b2e6a5e9c807f102fae47d3305adb71b568bf9e83eb32fa67c3e2070ed331cdb4a80646f1fa67067fb028a8f505cf0f32866bfa6b9444edb956b4

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
d32679917bf690239760da05a116d301

SHA1
76db8fbeecd08f4f73e13bf038e3f1ba5daa42c1

SHA256
8e71a10e0ac53cd9d21c976d319b0c5d255657d71bb28801f3be82f4cc516272

SHA512
ccdf78cb2c1d7c7912d47078b2218f3d7c6c37116dcf36e3765a2abbce7d170e1793b25dd14a6fb36d51b347234ebfa454e9c6a72f1f6e0bcc14e70ddd8c452c

Download Submit
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll

Filesize
16B

MD5
6bd120b9ffcdd196425d9c0e58844a8c

SHA1
76ebdabedfcaae05eff91be997ac609397d67956

SHA256
ab5d0df17f38e969fc1de19e147b9bafc9489f3d7b29812c4e6de7637aeb1d4c

SHA512
395898daaa4e72becfceb831c4f4ef6ccea4b52f1c8408d2c88abe7ddd7de5209d28ed1473b5dacac864b65eea22d191f19b0efd6f55a5070ee6ec362e22e4b1

Download Submit
C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll

Filesize
274KB

MD5
b1d413b01aad5040842bc038ac56d14b

SHA1
4a93303f53f90532b4a37c76d0df29fafa7069ac

SHA256
57b7556e584c57d7e9f49228b80f7de23531d6682784848f932f28f79d87929d

SHA512
67e430b70bf4d3df7d9e7c45652fbf2f8b20f7024118af6554478bf036fa68a2753279b55cd2342f7bef9c67acd039ddbf4881c78e6b5e51f51d5496303ca793

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
3978996f37a15c8a3fe15d2b62b9bc48

SHA1
a58baa328382d3e60632a1ffa56f4566c1e80241

SHA256
2ee1935d3db19a39bbc1527148c262772c83d66e1604ec6d21a54c060e02cfc0

SHA512
f6a111327e448ebc92c0f580e979ba7406d79d7842248414d40dbceddb10fbfa2ac858523b5f022f02c788ceea3e1ae49b59659c316e8436faffedde45b78932

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
b017c26c1dc8d1d56b08c1fc16db7f2e

SHA1
f8945ab2aeb8c71b003ccdb4087c6f1f68947ad2

SHA256
7c23b2188b3527c818ba9d6a8d04c64b5e6fdd68ce580350f2eafd16bbdb62e3

SHA512
db9b86b3938d85e2af800214fda19c05f8c9f41777b693f1f5b519744f75cf14f6bf4a120abe22e1c9d7a16b714548a25b59d7b1ec9d6f2e68672b5739eb4559

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
79bb2fe843b7f1bd51a38a0efb3b1bc4

SHA1
5cf6ced990994a73dbf8729bdf297e021f625a9d

SHA256
d18299f19c100ad3ef81d83205c1756d4a230e473664bec89d83149730d23721

SHA512
38e63f0223b03043130074aa4bf50e3a59650312dcf2378d1ac70ce68dc8645cf3a56bb06477d2c381fbf289a48457bc2d362cdf44386d65ef2c457ea7f606a0

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
57b6a879cd23e156cefa1c5c1d93e970

SHA1
7cfacc43b9aba35766078f32b4a59cd3a6b04065

SHA256
4d00541320845e2b9809a54753701738933f891235d517615e3c95d37818a546

SHA512
fb39da8a5e51b32616cda0886efa43fe89d0fd1d40bb20fe1e01ba0658a775c6efcce3eb4bb6046fa1a917f2e75358257880e33634b97ad507f0749387260fa2

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
f51f8a15f6956058edfe96baafbf54a8

SHA1
56130b9a52559fcead5898d7dccfb3dd2cdf2c2e

SHA256
a3865d5c2eae717b08f9d44089d94c8e9069c9006170e6f7ec1d4af67f3a765d

SHA512
18aea174666bffb0e7b7f22bdef91d8993da56fcf802804f92092e03d71468390db7201c8e32e4fef1267d9538e5cd1d8046e699c72498140bdc9954c04b7844

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
409549b2e6f31fa91b5b0c59ec89a143

SHA1
637cdc8691bd882d35108e0d09b93f1ed742e75c

SHA256
8f3e7e29f3701ef3ed57178c4cddfc377fb6130301b8ad8db720c7fd8f2d62dd

SHA512
cf86108089532107bec6ca484af3935f0569ed448964e5cae0047f8053f488b42564fc11fcf87e577dadc6616e8fca469ef3c2c8b79c85232502ebf2dc4e45d4

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll

Filesize
11KB

MD5
6a4024aba26a5eb534f0238199f4c318

SHA1
42877605c86e9b5bb2fbcae73d30c1028c161952

SHA256
5e04c5112ef3da3053e37bd346e10f83c8df07030832238e2eae6436fd7e6cdc

SHA512
2d424164fc83ba31f8023a5c7ab6cf6c051e37bae087629a26e3153b64a4565eae4dcf00417a982374bd513ab3471c16fba9ee49e3a098562a1f67ff05781c32

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll

Filesize
19KB

MD5
c2e122d170eeac4c06c09fd394f12e21

SHA1
972871200a92786b93b475f29aa3e7ba824a80e9

SHA256
fcbeabbe33c89f6040ff16bd5ece6ac379316ab3386c4597f26a9d177d67d9d8

SHA512
92ee7e11a799e14f92255a86380947829d63397e43ab254aa930530d8bf9ca6aee27d13a49914bf9bbcca03cbe784e7cccf34c8c3538acb7f7c14b368f8f91c7

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
521301c8b145d215085c506b3f11bf1a

SHA1
40a7435a5bd677dd5d4659a3c12b02f22497228d

SHA256
4f3b85fb413b5720fe2d1bd7bd0f0039bab23f1d6317b882e09f265f19171506

SHA512
561ea9382354c79ec633ce734698eb1ac769d5823b277f218186e97a9a99b9ff01c6498721d59a82fec6655b885376d74bf3125ff349a597c0a30ff06d2838e6

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
93da1a3ed1962d22bff4b31b67a06ed7

SHA1
6e03b0f718212bb84defb4b54b4cecca91bc36b3

SHA256
3bd4f0ad13068949487871a75d0d3f47b2650427800196741d1740b16f973012

SHA512
da7fddaf83997b3384f28cdbf8fae796f6bdcfc8cb45cd9ef9e96d31c55638d5b9b2eda15cb8a6399ac968a5bb09437d87db08c13c768356547c006f8bb982eb

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
4fc4d2898665e05c2e98117a7a12f6d0

SHA1
df57029b841f0c152c6509d78ea436fd583b80a1

SHA256
0ea573712d738704c8facaf6287d92f9576c08c4ed0764abcd74ab2b35fb036c

SHA512
843634cfd0c5a85f1a8cae44fc69508c2747145b7dab82488e59b7a40ed79442dd84b52b3dd7e0f04db65cad187d329fc4b92c1756b9d03f3b684538602ae338

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
f38070b2addd612271182ef7e0045c37

SHA1
b674eeb0a0f180d8664556bf12c6fc9fdf877198

SHA256
fbcff54841a40a26d97cf7a6e1d471ff2af15326d5eff8643e2bed8b0e2272cd

SHA512
06462c7ad4594e8d92d114acd08ff50900be605e6682960913f7cf2b8ca014483a64ad2bc1bb0ea6a01ad77e629e7d9a3a66f27463d023004f54a642f2816b82

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
c0c2c412fbcee0b00d82df9de2640c7d

SHA1
e397aaf83c5df5befc6dbd2608780fa1f436b1e4

SHA256
6289b524492e7a98181c03b2d1585800aa008a6b37d2fbf6ea371e86f03ed42c

SHA512
79b9ae5bf08c01996d298bf9cc2c540d2de40d1d22f0f38943ac9e6b4d571cd45915a7359e3ad80b8e0451fd705025b7f64ab7c98b6a0ae4b28607f89c778833

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll

Filesize
27KB

MD5
982cfcc52f0cb22a50256ce6857f2ff8

SHA1
6a8e594a849d24948e68e37f227ef2b047640362

SHA256
c3ae746ee9b0c182f70b4c690880ab7871306270e5add5a92c1064b1da31811c

SHA512
616465160621c8c60f8d9319c5ada7d3562b4bdee8320f6e863b038f998a0d41693102a9f88cd257e9b7b67fac11e500af3379c28a6a588d0207ac7adcdb4ddd

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
26KB

MD5
620d47e83a42462d58b1c34dad462c32

SHA1
db86955b094e78c3043db8bc93d60f70881ac0a1

SHA256
59fa10c76cd54cae8446d879f8ef3df560d74456d63bcc65f9d1da08736968a8

SHA512
562e5ca4736b827ed03a98e5e637280524345aefc1935bba5b42335ea95c70355b55a76a7c223e775e2cd02db7bb4f506e1183c50d91358d7c3f04c00696f20e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll

Filesize
69KB

MD5
f4222fa74317f7786e20de93021d7cc6

SHA1
4012fb5eefaa3fe457d68f755f13be38147ece2a

SHA256
daac224f26267075e1aa1b308ac79c18a5954542671029ad98949dae16e9a57f

SHA512
1a804c15074b6671c836ad051b144c09e564c2d0054b71db0037b0891aae1874a4f91795bdaeb5de8bd2d07d6fa4b0eb02cb6c1280134fbfc9a637395e5a803f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll

Filesize
19KB

MD5
f02e5325e35399017921502837831086

SHA1
22859ef48a5a5d77123ff5553010f503e128a570

SHA256
c8b0ffe84cc06ff703250fd73ac415fba80d615d1713781a57c4346ecca3a649

SHA512
d60e2da4fd13baa39dda52a63306d8ba2a28d937ba31e5473fe7f7fe699a17f79375322a7190c6f509e2c97f7ed9b6baf981f99a64f150a67f449f48e31038a9

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
b138984465543cda0ccf04f2a2cb9324

SHA1
612c9a4979e8499a0569a6efef5941309c31b422

SHA256
51693630ca7fc370d1ca6a119c5050744fb6f8777d28cd471a8acb944b549042

SHA512
75a4734c613057af72f5f04f01e303b8a62c7094a5fe49325fb36001c3672bccd6576f11f93249dbc5c5b3a4764e3bc523597e38e9516d2943e903bfef37e097

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
0a869da65474d0dc462fbcd2e9b8d9a5

SHA1
682f6cd8090f6755065569eb3721e54678fc0bbf

SHA256
c4ca80f03a6a9a23072c9777c7ffd705aecd5e068c0c498a3817c6fd24984b13

SHA512
381b216b5039dfdc90733932c96868b9d86a2ff14b1a683f3860db128f4134d306f8fe2381d108ddf6b2acdaaaf9163768920a22853ebd618448fa7291fe54ee

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
5a32e60c4ca5e30aa1340c0859b04bc6

SHA1
6aef4052e30ec32e22b1aea9f96e48c30cbc9bcc

SHA256
b41ee5a7cc709ab921dedfe4d78b2f8866ef609bb40e6462393d3c7955d11616

SHA512
ec716bc6d54802401b3fd8466df16739e9b9bf47609921cf5372fe9cc3966babbdaf902a7040d1b0df91fa374491ab01ff7495f81c1f507677ac8de556b8caa0

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
bd5e5f3c0062ad9f6389e9b4dc023ada

SHA1
cfcbc55b481b7ed0405cb0b8e19fd53fab005412

SHA256
804fba3040b2535680a1da50649f552467f71e99da0cc62597ac1d9cd78bff75

SHA512
73087072a0accb61fe8bdeb0b984171e80dc51e2de2cd1d645afdc413825ea468a1f899084c8620267cd6b5eaa5c3dee3579eb8e0a3063ec5d979ef5406e0b2d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
096c76d07c5fe800b1f74d6abdc2a633

SHA1
5f6ba2f0316cf558eb5122a419d246141ba80fda

SHA256
066d4ee80763df9010867e4b55f1bf4a8fa80f23928f44f0106853a52246719e

SHA512
8a7fd273c54afb222beadaea25660a94ff46dc21198ba65cf3e8eb6d304ae570268d485abbd4fff76bcb3e581f1ca7f85f1c4fc568bac22d347c627b91e90dda

Download Submit
C:\Program Files\Microsoft Office\root\Office16\concrt140.dll

Filesize
324KB

MD5
dacdc7bc4047e56ea1382cf5a0613aaa

SHA1
9a67e99f3cb01d6ce620d437d2907d583560e7bc

SHA256
e971c44ba80f6cfd9481f1580157953fe6a8af06c92180a02319799004a32161

SHA512
d561aad30de5c57b1e8d0c1e2569f236fda5d8d2ed41fe993dcebb8dd7d58d366ec0540df76ce7788b0232de693293ca88c323f114ed2952912f8c5db04996d8

Download Submit
C:\Program Files\Microsoft Office\root\Office16\vccorlib140.dll

Filesize
358KB

MD5
e2bb34c236361e392a0388ddb1319565

SHA1
3e6f3ba2237a6cfc9cf0c308e1dd8da91b6c7cc9

SHA256
b9b3e898050a713142547787fb82b20b80a9dd20d72a25194348b3f9818d88b7

SHA512
59f3583631fe770776d4780fe01a2a8a57a2fe3aa1d3ca9c3cfdfabb88618f7222c577c9b27658ca8da14f746f871f1ddadc7d54b24a09ab7d8284a479fceace

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\mfc140u.dll

Filesize
5.6MB

MD5
402bd2800bc709111457d75e3c183169

SHA1
3318407e03c72394191b6793de4ef8eae267bb27

SHA256
69661a850770643051dd0e60196b93a47a1346aa144271965d606fcae9f982f6

SHA512
05262d9780cd892936616796c62ead327b5a68a313ad461c520b4c8dd57b3bb92845bf628a01e6ac7b0f621db96edc920588cd824b8741a874c3fc71e663bd91

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp120.dll

Filesize
644KB

MD5
928912bbbd759213632f380d94c01cdb

SHA1
4f17c842254b7e5efae6089ec297d199df6ec454

SHA256
fe3a78430c2e6a3bed4e64e70fb220e60ec76b384d20f699b4ce0837e69f5a5a

SHA512
52d14fb63bad772a4d01e4286e93cb9fbe6475233ec4b811cc8e5563c969b69649c5a180f743d579bd4f715df054b4162eccfa047e1575caf83b257aa127eed7

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dll

Filesize
613KB

MD5
6b64cfda20037270b7c4720652305571

SHA1
b80ad552fada1a71bad0b4434a295125655ebdd4

SHA256
4da2cd745cf1381f48d2fa42c4494130dc2bf575e87a260282515a2c56f93d31

SHA512
13cb6cf6a2c1116f3ec9ae596e95f8b235c366ed13ffa236c50c03afe1246d9f6fdae3c5dbf8d64e25ee1ca6b85289d9945a7eef1ac34d86e6d48310687a4c46

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll

Filesize
940KB

MD5
35360fc69187a4a186a6808e604775b4

SHA1
5595175b94e0ac602ce926f9b07962f12950ff3f

SHA256
ad130e96da5ed5ea5ae40af172bb19b32aeb76afe5b5d5faa26e898ebea2e446

SHA512
3d84cb286fd4838522e2fc509064a537fe5710cbec229956176a18f4f9637e91a21140c9a3d72d462b29721a799bc889f2644cc2c591ed0266ffc77376944283

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ucrtbase.dll

Filesize
960KB

MD5
7d6e2ed3f693151e74070bf37c589ff0

SHA1
676e648f366adb8e5bd307f154cd995c385316f8

SHA256
2aeae119f0854933ede9d2ad30525b194116ddee77cf2fa45d2d222b75fd8b73

SHA512
1a5dcccb1b748331075d29509a975bd43c393b03610f758e1104864ca907831001b530b848b806ec204233a802dc2369938af5e81aa42563a1c6fbc0211912b3

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140.dll

Filesize
83KB

MD5
ddc0f3180e8b20dd79a7396ceb01c074

SHA1
f5b0059eaa08e17bdb3d83198114945467e9ad07

SHA256
4b3919b65d6c1aea29cbf0a0dfab40231e6cab63fc97c23c15a02ec502a48a1b

SHA512
0813edb3257639722b650e31b493887cfaf7e2c93cbef406d9ff58834298d35b1bb2a1c27e545559378c857a504deb91e90a69951327bcf5a9c0c59fda632800

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
12e1f99852f15f263a72218be3d54fd2

SHA1
335cf0f05aabff102c12ec2378fbae730a08cdf3

SHA256
e795e5956206ee65fb3bf2074e749b4a1feb1992ec4647dc73d66717d8b1628f

SHA512
cd7b4e13e6ca9ffaacf47fd72d027f593709e33f5b3619669a7fc5927687b25510e88c3c7ca226541de7b70c06b1a16901175cd9be28b62b009f61b0e0a906f3

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
a6e631b7581c3576d1a4be9b406de113

SHA1
a8413859e29afbb9f555206767207363c1c400d7

SHA256
c6873cc135694c2f8c9162c79f446a41bc0f588a57addce4a08a4a712acd898c

SHA512
3bd395f6320e5826f3c608888873549f2e8759a1db3b60d3ed8532e61144d774200a1b2c78cb1417e3c2c6dc0298f31d0ef8aa597b54f1f5276efa1f925b0f48

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
0f51e54fd61daa15825914e2726fb5e6

SHA1
94c42499618fb3a4a9e7fc00eb3dfa9ba1c94386

SHA256
27f537374342cd62c4316a8adb2c6058258fd199e598c82ed3ce4a17e9fb43de

SHA512
7a1095313a14aac4ac8c41898f4c60eaff9d4d1a8d7e8b3b0550c5cd3084ad757263243b873f74e0e0e94ea581dae96c85e3ce228321dace75a8773595587f59

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
f50c523ad974f5805ac3618d87a78116

SHA1
ac70294e85e38589e0d586fb347486f6054b1b82

SHA256
2e7e03a0b11112674fd0a7e8001c9fa252c71fc2fd76fcc214c4285ee9d66c86

SHA512
cf003ec42d80ec808fdd91be83f838ca06f1bbf45fe789090fa0906f61747159b5e8e8ca3555b31662d508a36c262fb1bcd20ace76cb9945e792f5768cb5ae37

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
bce6af84f1d8dee6f021ac66cbbaaf90

SHA1
2bc6e5cf46d4b48575e24888c086ea027c56f031

SHA256
2fa2fbc757f45f5b18550c16235213e8755b376a7c87cd64be4cc985e5ff142e

SHA512
bd437bea7f2e42a96c2f243bad91aff0732525a61dc9e6bfe1dd852c6f3e7d15f30f790e62c22b5cbe1370b5f92d9fb1bffa38410c70136ac803fb95f800a526

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
78bfd5e5b69d058e3618331017d6a3b7

SHA1
f115f92f3ef73349abfa008b59606d4823ac8d9b

SHA256
2e73601859e84ef73a88f57da87d93d5278785645d88ac7f6b2b6a4a296f3004

SHA512
19904f3c3624f197783875673787d42283212fc4650073a004d8d5d1026c9b3e96d32bdd81fe93a6ff8162ff7f3dfbe0ff393ed6df2c653d38ee9c4c03028c95

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-xstate-l2-1-0.dll

Filesize
11KB

MD5
8d02e0d4341e3d2dd454528d995ac18c

SHA1
5c7e8231da5b623c4ca846dc5b939f38d4dd43ca

SHA256
1483d740590ec2fe04a4cc34f5babecd824dfd4a405c1165a01df6720c84eae9

SHA512
8d7bbe1b6dfe520088d90963f26d1efee80ed7a875cc19f97fad225aba2def6ba1139912113a3fdfd525fa2e17bbd5c9a7c4a01b5a87b7a6aec5f5c924463818

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-conio-l1-1-0.dll

Filesize
19KB

MD5
f33536dbf26ce57313dc9c16b2c1d250

SHA1
69d7e1c7acf6fc7c379bb9c646c79111c85fdbd6

SHA256
820c6beb7feab7d75ae8b9003e8077814943e674d73c081a9d6ec0fd2d5d3ec8

SHA512
42c8afad75dcd81edeacbd9522fa6d287975bf26fe633a899e1fdbd86eeb198eb1f27ac24d30775f7066dbabe9ecb8c6b327a682f6b5585570e8b950e2397cd9

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
008fecfd75fa812150953ad81256ef45

SHA1
5dedf2f3fd3589719fba96c715c6918e522276d8

SHA256
7de75ccfafd8ed2d42cf00e13d1631748c93112b5c04ae900c676f130bcff0f3

SHA512
fc07d2bb183119b51421a0eaa08f985067b98333d8b8ee27b0e9ccc51134ddb8182c9c86827cbefd0b004b357635c846e508153416d46ed4e86f32665ac9bcbc

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
78cd687865756a1229cae3dfff4e1227

SHA1
0d4def2a970168f1f768561fd987e2c691f7c208

SHA256
32e371079e7dccecc8888ad90d89c0f8309dcbaad70f86f41942d845aefe83d6

SHA512
ea22c54e80fd586ff963c9fa47ca161caa5462a6472f53fb93d8d35f8b694d3e43e77911b898d5cd61a42712407d9f94da85040d6f948865b1a8a2eee5a6ed6d

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
ca018ab07a4bcc62dbb4056208bc9e61

SHA1
7d96b749bf66134b0afb4e8324b6f26f79b298ae

SHA256
03512169c658495781ebafb085dd5c7f3ccb197a401ae4356f8594a7fc431392

SHA512
60742011996bb5f00ec2fbcb3e88185d44b2022500f51ecbc72f41a199fdf4d531a6bf807f8d5fbd7e84a020fd110a59895eea63fe31b81ec06a0fbe28532eb0

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
91fa2ea9014dbba5cafb9926e0faebe4

SHA1
182a5e0348de17f84489c33942f44195bd73dc1e

SHA256
ad29efaf9cafc5702d96359b5c7a727f2f1d0c714177987c03d250c2a0552d4a

SHA512
de8e35c3ca54af3bd56e78b4a8d46f7c5530c51e8567ba9c0894e22e5e8028672c4e055adcd5376bf2b463e2efdf967bcccda2126c14a6e8655e6d39f70c5daa

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
59c306669180979aa2a0c5d7a99ae504

SHA1
1aa6c9d7307f08b9ddf01cf7cff49e2e5b25b9cc

SHA256
18f4db95b73698361ddef5a116095b1cc44d2c21f495fe30d3f23ebfe8d9dce2

SHA512
4a27f0564d3c183322ca7adddbdc485dc6d029f8415826d7bf2e86e37f7f61ce88570c43ce0c7be30d9425a540f22d775c7d19cd19a83f8e70d1cb646a872c2f

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-math-l1-1-0.dll

Filesize
28KB

MD5
fca0c36ae3c173d7958dfdafa4389f7f

SHA1
2b6949147edba4e4f802c17220fcd1d047cd1896

SHA256
2594e7e00870615c79397225b576884c3caa18c5f8e46901a164b50d1f6277f3

SHA512
f1620012d8acb8cfab8c524fae89a2e5d3a94e7e0cc1dad175b062b1b40dcc608963c4a27f6027d3567830318028be420fdb608f7539d545cdbe0f6eb4bcc008

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
26KB

MD5
2a338827fe25a0ed6fe8af60587d6a22

SHA1
56bfe2a583d5626a5ac1e3e851a93836bd2d9ca1

SHA256
2f55aa3c676c3dc871355de8ab3bbc1c17b38bd1975705b545849df4b2b3a875

SHA512
f79465cacaee4dfc5e2c62358d7c5022942136171042eb224dd42a1fed98a7f9fbdd44dfb9009951e15959ffde9098bf022933b41376dcc4555a31a9ec0578dc

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-private-l1-1-0.dll

Filesize
71KB

MD5
fe3c9f48e35e4a42476d7e8790fdce1f

SHA1
645629d643ca4b66fac3756b26c28ab85c05626f

SHA256
ee1670bf0e84e8d3ddad534f94f204c5719ffbb0148f8db1009d3880cd2388bf

SHA512
b37814255808511ebc0878e485976b4109a050979531b71de33aa1cf36badb762cefe35c90f7a2c32dd5c24d1a517f7e30562ebec843a5d2693ffa942fac3890

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-process-l1-1-0.dll

Filesize
19KB

MD5
8eb12e5ebcf7c08fb069f38c6b09b2f9

SHA1
53f7e59aec7311070700e2f246681b9d16539929

SHA256
c7adc90aea0c4dd1393fd0ccabdb424f139ccdb1b7c88302d33e0d749077b653

SHA512
07bd1c7dff6c9345ccc9fe0e4788372c97efdfe45513d9e52916b12acaf16f750d5572e68324be14a6b3bcbebf8e18f6922eadd249c7552a4b29de2860d38b60

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
98054c664372b12ff8383fbc56c2e20f

SHA1
7fab1ea1e56bf48ca46c52ca308dcf6dea051f63

SHA256
97ca607b3d81d891ce610cc36149ddc437414506c7e356a2ba55472bcf327c13

SHA512
3e8d0dd90de8e8284a043cc8f44e478eca27d224075968deb877d8e2b82c7626e075e53aa5b54ed259e879eed18d16747c8034666ed3ec686d0bc6c65d231808

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
ec3a565e6210b9e8b0e9af1e33791dad

SHA1
8efcbcb954922ee30f588fb51f363e6235f39a8c

SHA256
9a70d4b17b29ba66d4d3a4ad0d4615158cffe4024a79e81a9db616236d30b01c

SHA512
326f24d8a4bf262ae10868a254cf81cb59f08418a29a1417e2835145c847567ec2f416e1750e0c6a42868c07b9ef7b033b20156e7702b7e297e28b3a44e4c031

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
ccdc615753915ffbcd5f052554e4d390

SHA1
28666e6adfca5a10867a67371a8e93570bdd82a9

SHA256
33e08fecb9c137d91db88d2fc4a36e295d9e52da2e6aeda905092e04e6d2e3a1

SHA512
a550f6c2ac6420dbd2e49ef40b84cd0b2f7f3204ce9faabb987b2a925aa65d5337ce08529630d0d65182f24d3627a76bea1d255499b3f6c1b3b1244a52509ade

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
2316ef48df2c92506fffe638814db059

SHA1
911f53dbe88a7b37fd693e6766ae1fb790442b8f

SHA256
5401d59b8c37c0a44c983cde204a4dae8b99874371171d73a24c02393ad8465a

SHA512
d0d46afb5375036961cd8c97e5a3770bb1ed006c70b33f6cd20ea2732dd020874749786374d256a44b887222f356707da9be30294e1620d01b02851735beab2f

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
b1455ff45759aae89c118e3798a9a792

SHA1
e550dd64f4d62543f462f0580b8919cd2979c2cc

SHA256
1e043b4b465d971d3b4ba62d480d8c2d91976b539183fd85ca46d3b3c66b7532

SHA512
ed91644e489a23e637cdcff118ddbe357bc6568bd50057d6bbf2ca24701f52cceefe03a9cd1126184c4647f52132a455e18e36b434bbd244c3461180257edac3

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\concrt140.dll

Filesize
244KB

MD5
6e7e512bef03e098c4dd9307601b2ff9

SHA1
5c78b025ef190e04d35bda3e33e5013ebbb8141a

SHA256
fb8254a344c49036cf83f7253d43ea59c40cdb7cc6d3ce4ce223d0dceac90766

SHA512
a56fc8e084d4cf702d83c607515b961ef63bad20c66fa5133cae1a681f92ea62e2f2753ce4401a5492c92e6fe09f2106bdd0a769bbc5fe48ec9e1c1d75f9de89

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\mfc140u.dll

Filesize
4.8MB

MD5
2fc89d0cf4f9b5c359ae809a6d2bc68e

SHA1
fd25c9ee10615455bbc863cd5fd7b18acb744556

SHA256
355aae22c02bbff967e5d1dd327ee53532bede3d6f86c1a498e6ce8da0c07663

SHA512
aaf05f52a033fd978a4f6c19c74adec194efa25f35f84183ab3d63411654d74ccf26df142123d58acbbe10cf6045f9ca1a6cc83133c790c36e026e79f1b74606

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp120.dll

Filesize
444KB

MD5
fc5c3a84ba650a26ba8c66314d110aa3

SHA1
6b5c62294fd39c056c4030a4c0ec73ca754d9278

SHA256
d640e4e80e13122fd4227602a9c3c6cc37e3989ffb6f8497bb5e5fd6bdf0f399

SHA512
d2da1e694d99137ee9cc87e89808418523ec1e3cc1659b0617b439c1d9264cbe8d3ac36017b57b347a3585192835de0ef98b8620973000f9758483a8c2436952

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp140.dll

Filesize
439KB

MD5
841f91272dfff405e4c840b70593815f

SHA1
dec184858a45a368c5c6469741f83109cedead9e

SHA256
cc2c803935ae5eb8f5f9a7af17ea818c956c3b4814ca2e62e2bf2d952cb6dd2b

SHA512
b3307aa1f8af80876627c3b9c6c1f6220efc85fab5287dea0cf47e694d2a81286a12ce3d06694a599abf0fa8db86f7d9bafd5e00457b3496c36c2cf625bd0108

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcr120.dll

Filesize
946KB

MD5
a8006ad1531e69558b74e4e9ea2f38dd

SHA1
da95aeeb4dbd5e41e1c91dece92b3a02d855375f

SHA256
784b659710d76a2a0a1863a3120fa51a031ba52cea454d7e8484e86f3282982f

SHA512
eadd8d9f7d9736613cf077f02209ce8c0395e365825ef8dc698b39e0df8a63ee3ef440492f45f5510382254b7ffa25e3c128d829d6fcfcfcc02d8c4c91d7cf25

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ucrtbase.dll

Filesize
879KB

MD5
9248f3a10e86845f048c4222c830cfde

SHA1
c8ada24225ba56fddb485786be0179ba39f05ff1

SHA256
532ad52c98985bd122b991cc65625f80b0d701ed97950734d1f3e41040847517

SHA512
2c69bee3abed8227e581cc5c647d62f63d9eaed09040135ccb8f14701df0811d1156874d58bd4638eb609638197ff8481a712544cbffd4d21d9a57d57962d922

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vccorlib140.dll

Filesize
263KB

MD5
0d1f781505039062fefe802e720a3a91

SHA1
f589c2396c344522e36a3b7f52c50302689d2682

SHA256
1cda22e6068bdb2a60adb7e14a69578dc57ccf8183e2cb6b15d1463017430ed7

SHA512
d06e76a45f15316a1b4015b634ba777c3e79d6db61a5149742dd783c09d311316e9e7b118dd64a7184df5b5dee6fedab9dc16c4de68f7c1bae08a4e4e2d64aba

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vcruntime140.dll

Filesize
79KB

MD5
8f6f34e01c64d26736da89c4ef8abbe3

SHA1
b80c9ac0606c3da1840bdbf76a41755446408fa0

SHA256
5065cfba6cf0ffea00f99e7118c93881abd6b17538a3543f9fc124299a1b0b5e

SHA512
913000f3b1d3dfab1d3354167a87a1620c865f04a5eb73d7ad7ed76cd20c622593307e709184b30f8768465a326426fec64a5bccf9b0e7fef887c9bcc96eb6f1

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

Filesize
1014KB

MD5
58a58644ee8f18022cd0e27b3c0e9c59

SHA1
a1c7364e4a4db2eee5d63b1d894a939ea8064949

SHA256
530af9561baa21cd715a33e8f35d50a3fdd644aa4fe0d687e863f086ac6579da

SHA512
76bfc49efd859099fc8d34807ab26b3e67f9d279bc3428e2bf69d5ca0919993ab3722ea9dce96ce9ebe6841debd9da866f0576020cf11d17f6957123927277b9

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll

Filesize
1.8MB

MD5
ddaef473ce4509158136148a8de8b5d4

SHA1
9f581b7734be58aec47c4ca7a89aa0ad5cfb69fc

SHA256
ad82503cca739a0f89f1a79e11e5b69678b852673420bf7c2947cc272dc81a68

SHA512
6bf99a2afd3ad18244f9d81621d22244a4e934dd76936513a6f0dd29b198c218f229594ecf48718bc28b10ac7234597e8321e094c3676a678b536a4db7466a15

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll

Filesize
4.7MB

MD5
ac6174a2ec673ad2c52fdded4084a555

SHA1
e703e803f0eea08545283c09131409b962677618

SHA256
a38c7d6ebd7d5a2ddf38ba0d0d8637f26ae706ad7956b69e9bd83fbb1ce1113e

SHA512
85038cc2554ff9e40433779ff9e10eece1d00f7af8afbfacd3ece44284c46f8b8df4b7142dcf46f85a3050f5c5ed4e80995c8e49261ce227466439430efa1cb4

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll

Filesize
116KB

MD5
f7321d56c021297b1a8082ace18758ba

SHA1
29a53a24c5cdb5ff5e504cfce39f5e4ef9453fc4

SHA256
a5bac4403386c6a150e014d1ee469a514ac1131d23c3c3eeb9114d6c95762365

SHA512
af8ecb33924d4503067908978d9fe37670badab36716cce43c0d8e8cfa7d9e47f14b0bdfb7a714cf864f26fab330a29a2134a7a77c51ac81f25552597e448272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef84d117d16b3d679146d02ac6e0136b

SHA1
3f6cc16ca6706b43779e84d24da752207030ccb4

SHA256
5d1f5e30dc4c664d08505498eda2cf0cf5eb93a234f0d9b24170b77ccad57000

SHA512
9f1a197dccbc2dcf64d28bebe07247df1a7a90e273474f80b4abd448c6427415bace98e829d40bccf2311de2723c3d1ad690a1cfdcf2e891b527344a9a2599d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39191fa5187428284a12dd49cca7e9b9

SHA1
36942ceec06927950e7d19d65dcc6fe31f0834f5

SHA256
60bae7be70eb567baf3aaa0f196b5c577e353a6cabef9c0a87711424a6089671

SHA512
a0d4e5580990ab6efe5f80410ad378c40b53191a2f36a5217f236b8aac49a4d2abf87f751159e3f789eaa00ad7e33bcc2efebc658cd1a4bcccfd187a7205bdbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
0b684c927d56c8f2a269fad2ce708bca

SHA1
b24881109b33ba68168308333840e1c7b03e7775

SHA256
0a1174c0168a1a056fc5a67ef229a4255b750131f9bfde84f8226f88a8f1f9fa

SHA512
68da39e77fde0e0e75a529e7452230230c99cebb61ac763d81136de4ee4b150442a076d96d0f9c4f431def094a225ec621b656c326e44e2b8e3d340278fba471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
68f8577ef2277af534bd365955facf94

SHA1
b591aacbdd80ea781454098fb0f832da76d97675

SHA256
4be777b4eee9986f1d065896cff21a6c0923b7d953e4e485e2466f645c9b621b

SHA512
2c320bc83ae3e807964396c90697f5dbadce27aed08f6fb2df26ce066cf10800d2814939446c01539bf6d5918447ce169f2fdc97e462fd0d19d14cb641cd7372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a76167e4b8b6a1c1f04130b50f333c14

SHA1
db373495dcdcedd6e922f777598d9f89571795c4

SHA256
31c6cf44c234bb5fc2464b10bdf8e3b9162ef958a25af78d148fb42cef807385

SHA512
58648918213e80882ad8337541c01b4dc23bda98134b48ee36edeb64c35265c4f4dabced4989712e7f8f4f9d7264fa05e1bfee2b867c2cffef26897f141b0d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58024d.TMP

Filesize
48B

MD5
a2be9df5d890ffc8ebe29ecdb1d7aa02

SHA1
2d1c252f00aef6c096767a05b64044dcd1aa0496

SHA256
c737a7f8ac1e3dd4065b1ad8556c7baabe808701b5276c6a879850f1a00fa6e1

SHA512
4a5d1407c7f8da33499bbd4db1cbbda15097a393cc1cc8a050b48cc803960ce16a707e8b5ec5068d042ae3904e0b86b8071b937009211cb20e3e51e4d47bccae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
e5a015a5b272978c912ef2ca6b1fb176

SHA1
a08d7abc953cd3aec8840110ea08f8e85d554b3e

SHA256
30a37f1c78ae17a25e013aa6bf8948736a7f4f914a30d9ac8c664bcb834e87bb

SHA512
931f4465cf10e1aa875fbf3d01421edb384cbd11cf62eb13e5ac93454e3be5e5b11d27a0047e896f2b2bd6eb0b4c3b414a0f2ffd52b9f17c7004f49ebae7d471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
30322550d9f9c54f345ea1c71f3b2e8f

SHA1
b5a3cff2995147279c2bbed7c03b2280ecb286e5

SHA256
4e7798d8476361378f8fbfb0442db63c7f6bf7e1830d50808bfdb8a58700d8f9

SHA512
261d1f5bc9c8a369f815eb846c252f54681f70862153bd49959411450870207b3ee240cc9016533c27401922527d561cc1ea7bb23708e4a257f071d010cf55ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58a3fb.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27fabe2b23bba83c17fb4d75b13d41ef

SHA1
92b44e7b9e1d5ccb6fda12f84123c49940eb0fd6

SHA256
42fb6febbd3a3ce490995cc2f80ecbec526be8406cd32f708d23e527cde404ef

SHA512
33cd2c9e5ab23205ff5254567b81032851a0ea578821f252507c3669be795dfcb98e8591a49444c55e40a0bf5a9e1a8d348d6fbe127019b5acfc44085cc0d8b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f34739797a4b22fc21ab598fd3c053a

SHA1
a466fd7078224e1c62715fe047c2853dd942c420

SHA256
4809d82d7d2f75018c5f49be2968e1f8ffa2a29cd30da825accaff5040b84e5f

SHA512
71c01efd7aa40ce2c80afa9fb96fa29ba2acaf7947f8d573c100a9e6b060d9b05b75905153fcd4393e9aa4d28426431a1dad09972aa7e2c4f8c96c60ca7b8c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
faa1d7798a82faab453f191141c4d281

SHA1
9e39ea0e8ff53b6ce863f91ea91274dc6e409db3

SHA256
ebc610d8c66cd7adb83ab9399c7c924265b2c4e6164880f04554ec81677a9665

SHA512
7099d22c11ee8dc2145db2840ad560f2ac27177b1dcb8dd3797e142024f6c1a202e091641e230532fafef5ea2a4bac8197f7b10a87df0005b3c66ddc7de92431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9a80d557d094d8b51772560b3532fdb3

SHA1
884f9b6052528d70c19e5d100c5017812f998c4c

SHA256
1eee877924d0450e7afc3ba2deebd857fd258f041c1ec0842e006608fe0763e1

SHA512
4182c7e642eddc5a793becf9c03898886f0286b307839643fae22e9148088781eaa072969b8d5d45f049dba7f7fce8ae7ad2d5397e1637aa72f7bafbb73db957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
50ce822ee549bee4446f90df5b87c56d

SHA1
c7d9cf53036e5a94d00230033d40630e673e9ef8

SHA256
649d5888da1d2bd7fb32549c1a1538b30eb5e0bd03d52264a57c516f210d1926

SHA512
26a8a040cb0f2db915a4196fcaae8daa04ffa86fd6c271bed6e22b645bdc1fa555a0fbd4bcd31fa0b8a2590434513e535c6f72dabc2f3b723295aa0e5b75a898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60d82bd601d64fd00bb0373f5ecd65b8

SHA1
0e8bde426270dfa3ea285c2c5b7282ab37771d4c

SHA256
bdec91a5061c6a400ef33c2dca5b1d0c16c1fe9e464f8ec99a72442b752e6a97

SHA512
5ea1b33784438acd246c02c95716f72c78293bc8d8e8e6d71aeaab370ae9fc2063ba8ffa443bbfc26c96e45a95549b62894b846a459c986531b34a110d0be38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e98d1679e15688ad133f11eee8458ee

SHA1
a4b1a83f0a3f2867954d3146d95d314441950606

SHA256
8aa7eaf918f2969424996a8f3575478006d9d74b308a750f996fe4f5f045554e

SHA512
eb34d52a8df4992444000a93c8d0d11254069b5f43a68a6def21061be03a538f36c42b2e968a8637f12b93235de3140002b0212aa2cdebe0950fd115c04bc72f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3fdee38663a6ed52d0deaae0c759f857

SHA1
3fa3da4583a3b4e307ea79ae1e0579d7fb72109a

SHA256
1697f85fae37cb46e0eb9fa6b32915449512a49457d5adb09027058ba88bda75

SHA512
b6b1e069ec0c0c4182084a33c3963e85c873d2e835dd9f743c9334f536ea16af7d361b0eac8a07632a8b5550e3ada1a15e7c71454069851599412e274f397de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b73188f726f68435bf428bb0916d9614

SHA1
26087c3e7e94410bd397d7e75ee8cfdf4e3e49da

SHA256
73ba919cbaf6dca757005d42544bbf8c6ab1953f7f195bee7da2e818e337a395

SHA512
bffcc0ae0baf63ebf0b09131b9addcb18970fe377084e6f3797561ebeb60a1d321102c9139d51d6518bc0bf3a1d54795c28ae884cb2c1aee11419750926a2766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
79e5504640a9e6b93972fb8b6705aa25

SHA1
3a09004930043bbdabcd3fede7c592f0a00d0055

SHA256
506fd0a30eed9e0d077114b67b125d0e892e3f2ce4ebfd82345575d2637b8a29

SHA512
67426081945edc9be80e4f8712040e9a8f09b2f5f105dce3b9492373d88f380d4ab164f70a81d6500c75691948375eb41e6beaa8e85dc374fd503e6ac5748abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
a74497048223b850f4e3820f50caa064

SHA1
ae4673ccb5dbfb1eaa31148e2803208ae9089de5

SHA256
4893556beba147da2ebcb30513491dde3a758077f8a06b04b173e730743ce8a5

SHA512
b6c94d4feefde503826e4c013637191c9e1b40b938b9a610d8456c6c3ee2461fec439583add2a04ec6742f8fdb80be960c6c6030552206ac2d6e54c85dbeb3c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
d775620a75999b53d7e48fb6ab7360c8

SHA1
5a01dcdff5d0849cd25b733515f8a508479d465b

SHA256
be132b0dd42feb1d5eb19ec316b9f89ef3a9e5f27bea226a0228c0bcc3a55e3c

SHA512
c269502804149a17e915ee6d35accd27ea6b9b2a1e67cc9a85ddd40b85dfb40850e51a7955f1d38f64a2d45c64e5b74ac68e9c1bc29d41b7e8bc2a7ce8c5a4a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eaec.TMP

Filesize
874B

MD5
8be1a8478b3fc533ccdacaf2bad16161

SHA1
b500acb2b88c3c517c83e77f2b031cf674747926

SHA256
e0c341699bfd6fd9477a0a141bfeab8c7db2c25f4ff332254dd108d63b74e240

SHA512
089cc622002b05d23f64959e5e2e535ecc7630052f97168ff1dbaa099d232ab95d949712e62feb8dda2eb77a2a2860aaa079a130ab435b8fafa3176b59c2be18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d7573eaff952e36f167e68a2b753da4

SHA1
212ad1ca330f2ee9c89892f0a891c45d25a1c4dc

SHA256
68fbabe6869ec84e3117cf44f85813baab7cd28b1c55013030c1569c1b4a87f2

SHA512
064684aca0b3689cac7a411a6016fe0a7e4ae2b35c3b6da2825024b55d44a17f6bc28a2a13a77f91808aa9349ffb2398201ebb81e4fbc2bfe0d1204324c5601d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
07fceae494136bcbf1c427370725f0f7

SHA1
d95b47f2b43963bea2acb30b87935ef9d3887757

SHA256
7044ecbcb6a4497b15fd5c55992de4c11fd9b912dca6bb6c8370d24ebf70b7e6

SHA512
1854b955ebdcbb94b004911053e5e22fde18dbd7cfbc4264052a0b32a84e33ea437c02c5ca0aaa32d6080f23ca1e42cb8bc28fad67457ca12d711503972e23bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
85db35c09147570e5152ed1d4e33682f

SHA1
d89e11733b96a664cc795c1459872fa6fbbbe48c

SHA256
4598a473b894ee2dc4162e535efaaca9d14a59b3d2f284264df698a774a458d7

SHA512
e54d7d89bf5da2a3c4a9dbf2139e707871253e375e08b9b3b3d06aaa66bbe74e2459153a9a215b9f25be35146728f5bab83fded89bb31590ea81adc11ea0782f

Download Submit
C:\Users\Admin\AppData\Local\Server\DcRat.exe_Url_qi34dqeykmsoiucmy0glkpazo1w3p0pd\1.0.7.0\user.config

Filesize
309B

MD5
0c6e4f57ebaba0cc4acfc8bb65c589f8

SHA1
8c021c2371b87f2570d226b419c64c3102b8d434

SHA256
a9539ba4eae9035b2ff715f0e755aa772b499d72ccab23af2bf5a2dc2bcfa41c

SHA512
c6b877ff887d029e29bf35f53006b8c84704f73b74c616bf97696d06c6ef237dff85269bdf8dfb432457b031dd52410e2b883fd86c3f54b09f0a072a689a08c0

Download Submit
C:\Users\Admin\AppData\Local\Server\DcRat.exe_Url_qi34dqeykmsoiucmy0glkpazo1w3p0pd\1.0.7.0\user.config

Filesize
580B

MD5
acb6df8bd0fe9236ea87ea6e3c28173f

SHA1
8b1d88bd749b58905c6db258e7224a67d1179938

SHA256
ec2b3fc4d011e9b8a04188d8f2ff280de854dde7d6ebf8e871e0642f789dfa5b

SHA512
a4222c0f5aeba58679c21361dcb6ab2c7ed1d9cae41d2839089fdb7bbaac3b8735afff8b302557f85389daa977b826cee77b944ba598e3fa6c2a16781453a832

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
448c1f4e9aa9508e774b5be9118c066c

SHA1
1b9b51b5084c93ded27f55fe1579a936f01d0df9

SHA256
070d7afc1829c1fe2a4f700100a479657ffaaf4cbe5565bde846c31df75201f6

SHA512
d89490a891adc0e87e59fa10d42e9c58e0984c47ab13e06077dfd10b59373078964fc312607cb0bdcb26a6dc219689f142b33ee7b8b0e8d6309f389cec801143

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
94f18ed8e08c46c1f0f751243bc43663

SHA1
94aba153d4feef4039373bf673a129690f24ab45

SHA256
bc5736c5b05567b1557738506d1ec9baa9f064d8053664113a01cd632e98bcce

SHA512
075eea9a42d609d1731c87b679dd6fb45c0c93d868a15777e6be7a7a84d0525318701739daa1802a97686d836256e21fa13f26f50563194c285e9751b165b1cc

Download Submit
C:\Users\Admin\Desktop\Client.exe

Filesize
47KB

MD5
ba96a6e9163c497d1380a489f639cb80

SHA1
c306d552fc518b22c0bce03ab623d8d54a9c5cd1

SHA256
05f20038da1196c5adf861316cd0b0d6be31c317b3abdd7a1f3089e8861d93d4

SHA512
3be4a1dc544327b5a5a3cb91e1c1d0ada03db37043ba5e21efb516d3b124b9c84f317289be4b67db116c9aa0d726038cd029f9019a6bc0f17665899e4fea3059

Download Submit
C:\Users\Admin\Desktop\Release\DcRat.exe

Filesize
12.3MB

MD5
7fce411ea2b74f227489659113960b18

SHA1
543d95b74193a188fe273ce7b065aa177405beb5

SHA256
c73b1ffa39c5843b2ed951ac48350d1deb33db4057341f1dab1ee64ea1a62248

SHA512
42de7bc4a0b47e1053ff3ff52a3f887e56759f81cfa691996a533d769e80f98b3e8dcf869785fce801d9cc7a2bc3d675e2eb832b520846b053d6b07093be2678

Download Submit
C:\Users\Admin\Desktop\Release\DcRat.exe.config

Filesize
5KB

MD5
f8806ec6bcfeda3bfaab9821506ef15c

SHA1
ede84267e6df98f8c60ecdb72a1546013cb4ba3b

SHA256
dc698c4a2c1b33a2e449f4f4c8ef6058c325b4125584a70b71efde05715b78e7

SHA512
2617bd0917f5de770c06adec6484ffd2b34406e6708c67929192531bd95eed9e216825909f610573dd6bbef64870c6a7c5801d9d201c0d98010fc634b8f28477

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\Audio.dll

Filesize
22KB

MD5
9834bb111cfe8084c4f88b10c246f4b0

SHA1
68fc9f2e8df32a350a56300b3c2bc97f7159c340

SHA256
b843447e46f13e5cddc2d3ccc974fdea22a03a4a393a9310787c56b9f18a4c5d

SHA512
7b7f7b93c2094f8010fc8ee696a16d3fe8190ce79bfa1fa083a4a09d9d9bc187eb5b43ddd4674c3d11ddadca273c4c108a64d5d7316d923ddb2c351d0be556d9

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\Chat.dll

Filesize
387KB

MD5
485874ca1ca6a970edbf93deacade012

SHA1
d6d94a485d4a43f538d305178408f34c032ece60

SHA256
eb772c641008eb5d441c37095a4e0b395748b0246f187d30a92c9284e56507fd

SHA512
2d49477be64537841de35973575b0f1d3aa44cda9cbe76e3b53fc4d31c8156caa6e1a33af6a60892f912a683b1600a264f256d913ed1a90499796b493ba4aef8

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\Extra.dll

Filesize
29KB

MD5
00d372a4d492c46625e6a2bcf98e12f8

SHA1
6663347f6dc00942e32127b4de64a55a348082df

SHA256
df8bc945b8e62b82f31e5eb11f472392130becfcee16fd0832e7ae4f109a427e

SHA512
051bb37839176ec7c22bf3af57ad3a3e162dd833074be2ea6be937663bb9e6a880007d99425debd6a39ebd255131076a84cd128806990bc253aaea385e656931

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\FileManager.dll

Filesize
32KB

MD5
67f3e90ab8453715362f181b55315e57

SHA1
31b93df1ead2b4abe01234444965398b3fe93be0

SHA256
1a311b860252d4aa0c306d9a4e580c1dce91a7f3a03e289ff02b3d4f59588276

SHA512
6e8fb1d9f5d568376ab15894f1709d5aa0cb467cb34a1aa9ab3f0bfb78af8cfba76cb185cdfc797ba6afd30f88c9bcf79d118efc2999af12e6bbc21debd3a6cd

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\FileSearcher.dll

Filesize
277KB

MD5
6d837cc3170240963302c07cdb0cfa06

SHA1
d6aab1c8842ef388a756259f49e97de3caaf2732

SHA256
6ad83748dae28b4f8e6e93c54ff08fdb01c91eb4f510967145852a2c4b64703c

SHA512
baaea2aaaa42d75012c7fcf735b31deb0531e35c7a6a9d93965630a3fa31e8fed836f98a850760eefc253a2ebc001be4c79956efdd6ce51289dd0296cf7c7f1b

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\Fun.dll

Filesize
33KB

MD5
4db70bd8aab4b9b62ce8c318db634b21

SHA1
7f5b4b21a021b5fd95702426d97a62222d26520b

SHA256
8b8ecd3edab14d136f3257411e2ff9436ae2eebc96f3613e84abdad0fb0a1f3c

SHA512
78b59c833075b904c404eb860d309dd15c364032154401a910538bde573be90d7057e2ec390d76104b55da8e586660022633f5566950c1e0eea775474a282004

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\Information.dll

Filesize
24KB

MD5
3105d5c3eeca8a242e366369bf0f1f45

SHA1
2ad3283dd949848db6ed4a844500d43a373b650b

SHA256
a1a9dd40bcdf20ba208aca0f687fe4bb0a50cc9d62416253d9416400b1cbc9aa

SHA512
66ab935e909bc53f9ab9dccf925dd19cb4160fb5e69249274be1a3a502ea1e8061f044dd92e473e5298f768f30e0455731f52532039e80b9cf507a1012201a98

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\Logger.dll

Filesize
26KB

MD5
a77594c93c6b1ae5e13b71df4cb030c0

SHA1
8cd99c7365376445012f16f3fe9f22f0a0fda7bd

SHA256
870507a66814c8eac8d062a9bd77614db8ef1ee81b17a865974d9e07bbd0318b

SHA512
2fe23ae9f06f471c96bd91ec2ee91be69a7ef373d149a1cf9fdc83ac310f8d746ffb998c730588e0f7285bfbbe0709fa5938ccd77b50e53996323aecf5131cc6

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\Miscellaneous.dll

Filesize
80KB

MD5
0c49fa7e8a6191f95a5a411b216b5dfe

SHA1
4476c1694437bcf7feb8eeed609d450a35fa578a

SHA256
0f000db8616abb51a74b8fcf943a693b4c78518634df96b7a4546a870de15076

SHA512
e4bb840a76c3e35dedf13bf1dda421c0cce4db06a043d181ef5bf02ffcb45e05216e4058f4080b46bb1f7f664f198c859c26d41906ecb4de168c2aaf1a36ffd4

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\Netstat.dll

Filesize
24KB

MD5
add261063f3e20f12a77551a91f2c54c

SHA1
96c658d7defd3515585d3b5c02cc0e6167670991

SHA256
e8dfd4a2885084d0463b6c68041b601bb96bbc49962716e88f915edc64a97428

SHA512
0030092a7e75f26ad67ed9d81e641d28d5db62270ccdb455941ec3a5d1c10e7cde4c9fa580f54614e17dbc61d3a1f176e119b1a7fdc93f9b5753ef8962f07512

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\Options.dll

Filesize
373KB

MD5
f623829ff9a5014f398432b4509fb9f8

SHA1
f402bfeee72932b018368d1573b214b81f697536

SHA256
f7a2cf016280a5e7a24a46d6e81a704bfccd6486b35afefc4601a8330895f85f

SHA512
14b83f4d46824dfe804ac3229a354e2957b058db92100be93beddbc22b3b3a3afd4ad9326c4ba8e893836f34775223a797116ef85055636a24b46b7d4459417b

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\ProcessManager.dll

Filesize
25KB

MD5
856c461db8d31a410299c90e2d2fda0d

SHA1
6dc8820ce249a75653aa54dbb51a2d752a448f39

SHA256
fe64f6419cc7e3906c42e413bd844655a369fcc15c6ebd99b7951309e279509e

SHA512
23e6baee7c15e09fea41d7f7d15d0a224241bf560e9b5573885fa448bf0560d6b8d22faba36a475bea961fb33f0289ab5229837f0b5d2b7971e50456ac7facbf

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\Ransomware.dll

Filesize
97KB

MD5
1fd1dbefcb19ef46778ae437e82b3bdc

SHA1
7e99fa5bf165f6ca552d5bc150d01c3bf26f7b74

SHA256
fd0387ed6322079b9e95fb853e4ffc683782a221dcc49b740937cd0e173c6fad

SHA512
b990058baef88ef5f415f52414ae01cca45bab6bf3cb1b7ab361509bc00b5ef1d36c262c6605baada07b56bbcf2ffc0d184640c2d0f05f8387069f2435eca137

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\Recovery.dll

Filesize
1.3MB

MD5
b4762c63cc383eb02cb093eeb88aecf1

SHA1
a3a1fdd8612c63f6d62d5a62915966be8e922ba1

SHA256
ec768f980b651a2fbbbcffb715bcac5214730c02ff21a1a987d6db9cb04f01e1

SHA512
51a9a8665be79a043dafe114d577988d5ab74803ab738d4d7129136372c7e1db4719c83e98c6e3aa7a8374a84cca570b34274d6bf18272906e6504872c514a1e

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\Regedit.dll

Filesize
279KB

MD5
2d7aef122e60ce2180c58b8ed9efc2ab

SHA1
a389ca6f93f0d963ee7156e7a5f95684cdf5fdae

SHA256
39324c7593b5dd64bbbf75fc6ae108721ed211b404f16542a0d475b4623ffeb6

SHA512
a6baec7ab964823e881e839242fcc6a1062ae5f442db52d6366e5c2fe212f0113b3d8050ce50ea447eb2c8e7f3987ba225b75cc5b8279fc4daea683baf933482

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\RemoteCamera.dll

Filesize
107KB

MD5
2835c05dc7f763c60b2126a490dfa23e

SHA1
9948a0361110b385b5bd8669964749476db85748

SHA256
d324ec3d6d125a819f1f06b157f176b8148bd3fce0fd688fefa65cae5b0eb63c

SHA512
754c123cf6df42196df835078ea74e9e6e2fdf62676a0075cf5c4a2ff9839b14b609db8962af84d108385e2b7493ed46be821f0c63ea83e316fd236537fc47a0

Download Submit
C:\Users\Admin\Desktop\Release\Plugins\RemoteDesktop.dll

Filesize
34KB

MD5
3baefe634abb75130635ce5e06758f62

SHA1
d820a0e6e7b7379bc864b90dad2eaea43419f6f8

SHA256
518fd63c51d5599ab3f578718735ea43550705a3cd53f6c2782203005bc1f1c3

SHA512
b545643fd9ddebdabd1e9379886357194a9ad4919a5c8874c5ce8eaf71634228f7e75b97bec1f4ae67b2b8ad9695c465248a9d1b1366266fe011c661c5b34c8e

Download Submit
C:\Users\Admin\Desktop\Release\ServerCertificate.p12

Filesize
1KB

MD5
63929afa9e27e57e62e79f5118fa8a36

SHA1
35e29b24ea32f993bed41041d6feb045803959e3

SHA256
cbeb3d62071e24bc8b5a409947e374990d2a314a9fa539728a86dd141564974f

SHA512
fb1bd3b2feb29801133b24859471b9609f2954b444d62cf6149ccb1bb26bbc62432734a30762184680b5b029de8829f260daf88b5421fd92539d8bb7a8931359

Download Submit
C:\Users\Admin\Desktop\Release\Stub\Client.exe

Filesize
45KB

MD5
c007eafb83bde10955e1fb1f559a207e

SHA1
5dcf9702941e41c01fc0a8379df21a5691fa1b5f

SHA256
f003f20a3f57d41c72f2874a889a7a2a8e396a57f42cce35fbed9869c6a01964

SHA512
cd25e388f06a313fb35abb7fc66d1f01c3df18a9ae01e9e2a8d005f44a749d8151650f01d32af83dc23e09ec3b3a6ce3e5a33c8bc1a32c883f848445714fbba6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 291321.crdownload

Filesize
4.0MB

MD5
836c2ae55c1baec789b83fa3d79d23b3

SHA1
359a091da48369e1e8cea6e004826ee25a93b3db

SHA256
68115c6e039363be3b80e416ed462d97f8c763af800237b1fa183cca1180bac5

SHA512
e12f7438545f6615f84e37b81837127aacc79b4aadd3b212702bb662b0f752778ed15d646e8d657b318dfde57d2f893c18831bfb686a0ae1b7d62137c63080be

Download Submit
memory/3244-2330-0x000000001AC90000-0x000000001ACE0000-memory.dmp

Filesize
320KB

Download
memory/3244-662-0x0000000002840000-0x000000000284E000-memory.dmp

Filesize
56KB

Download
memory/3244-525-0x0000000002890000-0x00000000028A0000-memory.dmp

Filesize
64KB

Download
memory/3244-3989-0x000000001AC50000-0x000000001AC6A000-memory.dmp

Filesize
104KB

Download
memory/3244-504-0x0000000000780000-0x0000000000792000-memory.dmp

Filesize
72KB

Download
memory/3244-526-0x000000001B400000-0x000000001B41E000-memory.dmp

Filesize
120KB

Download
memory/3244-643-0x000000001C470000-0x000000001C492000-memory.dmp

Filesize
136KB

Download
memory/3244-2351-0x000000001ACE0000-0x000000001AD02000-memory.dmp

Filesize
136KB

Download
memory/3244-663-0x000000001C610000-0x000000001C62E000-memory.dmp

Filesize
120KB

Download
memory/3244-2327-0x000000001AAF0000-0x000000001AC3A000-memory.dmp

Filesize
1.3MB

Download
memory/3244-524-0x000000001C4F0000-0x000000001C566000-memory.dmp

Filesize
472KB

Download
memory/3244-4376-0x000000001AC70000-0x000000001AC7E000-memory.dmp

Filesize
56KB

Download
memory/5836-421-0x000002B557340000-0x000002B557352000-memory.dmp

Filesize
72KB

Download
memory/5836-417-0x000002B539060000-0x000002B539CAA000-memory.dmp

Filesize
12.3MB

Download
memory/5836-420-0x000002B557390000-0x000002B55739A000-memory.dmp

Filesize
40KB

Download