Resubmissions

19/05/2025, 16:23

250519-tv14aabn4v 10

19/05/2025, 16:19

250519-tsnp6s1ly4 10

Analysis

  • max time kernel
    184s
  • max time network
    185s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250425-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250425-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    19/05/2025, 16:19

General

  • Target

    https://github.com/qwqdanchun/DcRat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default5

C2

127.0.0.1:8848

Mutex

DcRatMutex_qwqdanchun

Attributes
  • delay

    1

  • install

    true

  • install_file

    Rizzler.exe

  • install_folder

    %Temp%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Asyncrat family
  • Async RAT payload 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Drops file in Windows directory 26 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 64 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 24 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/qwqdanchun/DcRat
    1⤵
    • Drops file in Windows directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x314,0x7ffa2400f208,0x7ffa2400f214,0x7ffa2400f220
      2⤵
        PID:4968
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
        2⤵
          PID:8
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1708,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:3
          2⤵
            PID:5912
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2008,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=2600 /prefetch:8
            2⤵
              PID:3704
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3484,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
              2⤵
                PID:3504
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3488,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
                2⤵
                  PID:2252
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4856,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:8
                  2⤵
                    PID:520
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5088,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:8
                    2⤵
                      PID:5820
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8
                      2⤵
                        PID:696
                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5712,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:8
                        2⤵
                          PID:5164
                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5712,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:8
                          2⤵
                            PID:5472
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5980,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8
                            2⤵
                              PID:5104
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6184,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:1
                              2⤵
                                PID:5092
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6792,i,2534757336526655035,15417890461797522095,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:8
                                2⤵
                                  PID:4304
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                                  2⤵
                                  • Drops file in Windows directory
                                  • Checks processor information in registry
                                  • Enumerates system info in registry
                                  • Modifies data under HKEY_USERS
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4264
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x288,0x7ffa2400f208,0x7ffa2400f214,0x7ffa2400f220
                                    3⤵
                                      PID:1556
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1856,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:3
                                      3⤵
                                        PID:6060
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3492,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:2
                                        3⤵
                                          PID:5612
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2256,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:8
                                          3⤵
                                            PID:1620
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=4088,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:8
                                            3⤵
                                              PID:6092
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=4088,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:8
                                              3⤵
                                                PID:4652
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4500,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:8
                                                3⤵
                                                  PID:4020
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4568,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=4612 /prefetch:8
                                                  3⤵
                                                    PID:5864
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4556,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:8
                                                    3⤵
                                                      PID:4540
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4544,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=4680 /prefetch:8
                                                      3⤵
                                                        PID:2248
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4552,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:8
                                                        3⤵
                                                          PID:1180
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4588,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=4460 /prefetch:8
                                                          3⤵
                                                            PID:4660
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4460,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:8
                                                            3⤵
                                                              PID:1336
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4052,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:8
                                                              3⤵
                                                                PID:3456
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4492,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:8
                                                                3⤵
                                                                  PID:5736
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4436,i,8559855187742935403,11934267023693375648,262144 --variations-seed-version --mojo-platform-channel-handle=2816 /prefetch:8
                                                                  3⤵
                                                                    PID:1500
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                1⤵
                                                                  PID:6132
                                                                • C:\Windows\system32\cmd.exe
                                                                  C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                  1⤵
                                                                    PID:840
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                      2⤵
                                                                        PID:684
                                                                    • C:\Windows\System32\rundll32.exe
                                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                      1⤵
                                                                        PID:2944
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                        1⤵
                                                                          PID:2428
                                                                        • C:\Program Files\7-Zip\7zG.exe
                                                                          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\DcRat\" -spe -an -ai#7zMap30898:70:7zEvent20632
                                                                          1⤵
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          • Suspicious use of FindShellTrayWindow
                                                                          PID:5888
                                                                        • C:\Users\Admin\Desktop\DcRat\Release\DcRat.exe
                                                                          "C:\Users\Admin\Desktop\DcRat\Release\DcRat.exe"
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          • Modifies registry class
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          • Suspicious use of FindShellTrayWindow
                                                                          • Suspicious use of SendNotifyMessage
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:2108
                                                                        • C:\Windows\system32\wbem\WmiApSrv.exe
                                                                          C:\Windows\system32\wbem\WmiApSrv.exe
                                                                          1⤵
                                                                            PID:1792
                                                                          • C:\Users\Admin\Desktop\Client.exe
                                                                            "C:\Users\Admin\Desktop\Client.exe"
                                                                            1⤵
                                                                            • Checks computer location settings
                                                                            • Executes dropped EXE
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:3076
                                                                            • C:\Windows\System32\cmd.exe
                                                                              "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Rizzler" /tr '"C:\Users\Admin\AppData\Local\Temp\Rizzler.exe"' & exit
                                                                              2⤵
                                                                                PID:4872
                                                                                • C:\Windows\system32\schtasks.exe
                                                                                  schtasks /create /f /sc onlogon /rl highest /tn "Rizzler" /tr '"C:\Users\Admin\AppData\Local\Temp\Rizzler.exe"'
                                                                                  3⤵
                                                                                  • Scheduled Task/Job: Scheduled Task
                                                                                  PID:8
                                                                              • C:\Windows\system32\cmd.exe
                                                                                C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp1488.tmp.bat""
                                                                                2⤵
                                                                                  PID:1232
                                                                                  • C:\Windows\system32\timeout.exe
                                                                                    timeout 3
                                                                                    3⤵
                                                                                    • Delays execution with timeout.exe
                                                                                    PID:4380
                                                                                  • C:\Users\Admin\AppData\Local\Temp\Rizzler.exe
                                                                                    "C:\Users\Admin\AppData\Local\Temp\Rizzler.exe"
                                                                                    3⤵
                                                                                    • Executes dropped EXE
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                    PID:4724

                                                                              Network

                                                                                    MITRE ATT&CK Enterprise v16

                                                                                    Replay Monitor

                                                                                    Loading Replay Monitor...

                                                                                    Downloads

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                                      Filesize

                                                                                      16KB

                                                                                      MD5

                                                                                      cfab81b800edabacbf6cb61aa78d5258

                                                                                      SHA1

                                                                                      2730d4da1be7238d701dc84eb708a064b8d1cf27

                                                                                      SHA256

                                                                                      452a5479b9a2e03612576c30d30e6f51f51274cd30ef576ea1e71d20c657376f

                                                                                      SHA512

                                                                                      ec188b0ee4d3daabc26799b34ee471bee988bdd7ceb011ed7df3d4cf26f98932bbbb4b70dc2b7fd4df9a3981b3ce22f4b5be4a0db97514d526e521575efb2ec6

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                      Filesize

                                                                                      280B

                                                                                      MD5

                                                                                      8e301722eec030b7b3839831263481c9

                                                                                      SHA1

                                                                                      134c3fabea652bf1c900c5fc3f7f790af014d583

                                                                                      SHA256

                                                                                      d8c2b5afbb12f1bbf64be4b68d48083d3296627bd8da8f3380e6ccf5c53b45d2

                                                                                      SHA512

                                                                                      e5e2be40522d042f74f672c0fd3137b011325f6d028d35b832327a791ee1ba95b89889173695984ab60ac8ae5dd1b392dc2d82f3f5f4e6900a53ef499d46c142

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

                                                                                      Filesize

                                                                                      44KB

                                                                                      MD5

                                                                                      c5d1beade6cb07298f9288ae999d2cb5

                                                                                      SHA1

                                                                                      baff2b74bf6abe3595861b1a00a33b04a3102b91

                                                                                      SHA256

                                                                                      aee53a9ff60c2b9fb0256ce46b8ec03556818ed6ba529e6b8893fab2e8d626f0

                                                                                      SHA512

                                                                                      6881aa0728c45b9ffd465350668d846d96cf2fc705f61d3881ad4f527d9d020b5d7893204ff78e31c34183787f1385cc2fb08f05608e022f2588d0bdad9a295d

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

                                                                                      Filesize

                                                                                      264KB

                                                                                      MD5

                                                                                      e261cacc202ddec202f16910ce701155

                                                                                      SHA1

                                                                                      cff6f0242647494f7b285d1659e12c10684db850

                                                                                      SHA256

                                                                                      afa47fe803c6e8aa96703e7ea1333ef4b4575e0b0f44c41a9528fd71ea69233f

                                                                                      SHA512

                                                                                      aa0aebc673c975b08489483995f63f48d7ece04628907100eefba605401224e0bd03dd486b95cd852d13465d13410fe77041bfcdd59f4f0b8787b8dbe2c41441

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

                                                                                      Filesize

                                                                                      1.0MB

                                                                                      MD5

                                                                                      d457e20774d95726a7570de335ae1b09

                                                                                      SHA1

                                                                                      4488e0e14631077221c2dbebd5f3084d06907e04

                                                                                      SHA256

                                                                                      819e964aa2c43d19bb1613fa203511e17032e231ddc0ed48a4519b21b628ce8e

                                                                                      SHA512

                                                                                      1269beb11f83d027caa475489914c9d552e22a7bf9ebd3d29429520cee220aebd11f27db1ffde5ebe96b0c8195f81b1a4b368b0332707cc5482107822023fcb7

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

                                                                                      Filesize

                                                                                      8.0MB

                                                                                      MD5

                                                                                      04071ea5131d42b928818f5217400c9f

                                                                                      SHA1

                                                                                      44492c1ba6af6dd75f0ac845b671d801506268ef

                                                                                      SHA256

                                                                                      8e27b9579bd60098d5cd67a40f4c9fc886a5a8ec136a9c53d4f73a4653ad1154

                                                                                      SHA512

                                                                                      6f5bf06cb713642972ecefb5506f458fa5ea7392dfda9a132f40a2973ded8dbe33cabdf2cde18b2c30bcad914fc756f9466656a143e1b7373c86affb5d956950

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

                                                                                      Filesize

                                                                                      49KB

                                                                                      MD5

                                                                                      f1fe5f7765a314f313e9d00ea67b3817

                                                                                      SHA1

                                                                                      a18f5401e60be42fa31326dc7285bb8ccb413c7a

                                                                                      SHA256

                                                                                      cf6f68e9cafded119eb35ce6fad9f80a6b6c64cc0e4cb84e408892f92b3b394a

                                                                                      SHA512

                                                                                      f8f388a1f843748f094f9f97344f221f5afdb1aff8d0be715c1c8b61439c2310e2a9aff9d70ab966cf5d674ceba1bdaadd2ed88ae4da50d12a0b8c4b36b7c977

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

                                                                                      Filesize

                                                                                      37KB

                                                                                      MD5

                                                                                      08bb3ecd4cc910d5500a9e389441a3da

                                                                                      SHA1

                                                                                      92117d3f779be41e091381b027ed880b59bb2d91

                                                                                      SHA256

                                                                                      408816fdce9f5329c6649efb56a142eb7074ef6e8fef5c70ea72a789f07aa132

                                                                                      SHA512

                                                                                      d159eb54f1fa15221302ba65d08494d12b6b2303fe6e80bda9b049be5d71d805a42147ec038c7341b5570e08a077a0a1f17402ae93f7743c9aa8b2164f40bf80

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

                                                                                      Filesize

                                                                                      20KB

                                                                                      MD5

                                                                                      7defd708966faefe5c610f256994fb99

                                                                                      SHA1

                                                                                      12cbe5e32a480c679457f2738e75aee2618a946b

                                                                                      SHA256

                                                                                      f7a1e98ef42e92cadc8f6232f107ecc0c1507ad11b4e242c05db82ff0ff4c3f6

                                                                                      SHA512

                                                                                      25e62926be17e22d979cda3f5214bc4911bbf190bcc7e73f264cb9f97707139fc4779359c1712abddaf3c9adb30f21c006473eec2dd4f9f387281826e247ce40

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

                                                                                      Filesize

                                                                                      22KB

                                                                                      MD5

                                                                                      83acad71f5f83f2cc7fad08fc45e3f62

                                                                                      SHA1

                                                                                      0b33d8bda44898fc9e692dedb3c684a14329b32f

                                                                                      SHA256

                                                                                      b78d32e935d4ec3a4803bd01651f7c03b07cfb8ac1ba88fddaa04ff22aa303da

                                                                                      SHA512

                                                                                      31d09c59e94ba33045028d0d1e3fb142399ea8ca90027fbd77a894293ed14e8099c581bdbe5c8a846aa7beb9834266b40f847fdbbf16a0a8286b9abd44670540

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

                                                                                      Filesize

                                                                                      38KB

                                                                                      MD5

                                                                                      06683093428834519c100588d3bbbcef

                                                                                      SHA1

                                                                                      d36355db08f9186fc9f502735a5dbb966d139e92

                                                                                      SHA256

                                                                                      a976b59f11b8e9bfa80d88e3b53e8d2073c3f039a0544066e73f4b58f4ba38a9

                                                                                      SHA512

                                                                                      06cca8f8cd9bcf4ed5c972358aa9bd683213f1d58f6a76a5bd3201592ea30803fe56b5fbc7047607111301a67ed1a332be9549578cf73dc04a7f7698c40e4181

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

                                                                                      Filesize

                                                                                      27KB

                                                                                      MD5

                                                                                      f813ad92abc739744e185e3990efc308

                                                                                      SHA1

                                                                                      6391306a6bfe3f30fae3611151c848277c33c31b

                                                                                      SHA256

                                                                                      28aea16c149f5ee078b34c03cbb8c0eee86663923fc384324cef00f451af764a

                                                                                      SHA512

                                                                                      3ac8cbb479063ce2ceb339684f86dc87d0a444face209e55de9c68c17c81642fbeec4b64ccea7f424e18b77add3c0caa4bf5d00e5d6f39728d4d61c74120244a

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

                                                                                      Filesize

                                                                                      18KB

                                                                                      MD5

                                                                                      dd9f92d1a1ee662c1472c992ebbe36fd

                                                                                      SHA1

                                                                                      8b21e6a4915b02bbd247d8846c6a742c120ed880

                                                                                      SHA256

                                                                                      fb67845b981f637821eb9e809b9fa1c62d41b1bdb0f84247a5a1297dd6b4e154

                                                                                      SHA512

                                                                                      e5ea698d8345800a7edfbbf0ac800a6368dedfff9df79d4cf13f507f561312ed6ff68268038be7e7e2ed6d0009ce20ed7d7662eb304e49fe7b6cd741ec9091d6

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

                                                                                      Filesize

                                                                                      59KB

                                                                                      MD5

                                                                                      7633f17faf3860581e63f3ecd2e80007

                                                                                      SHA1

                                                                                      cc4f08b6be64d862f5d3b2f8ce37633ead6f34d2

                                                                                      SHA256

                                                                                      8dc80090b24abdb7dc37d39fc0e4f808d97326e24bdd837cc56b2881baa7ef50

                                                                                      SHA512

                                                                                      59ebfc1a2ead14cb56ba6430ea9e7f159a7d212fa9ddd24df6133158aad7bec1b333e2bb1e3ce50fe293dccfc57185ca90a1726158d637914c6729ae7e831f3e

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

                                                                                      Filesize

                                                                                      46KB

                                                                                      MD5

                                                                                      a1dcd778b8c06c4299a307532ecd6a40

                                                                                      SHA1

                                                                                      722771bfa67e4bb8d614a33bdd1e49b55f79c47f

                                                                                      SHA256

                                                                                      a5f807ccdc864cbed778010004bcf2b3510776ff7963c91fb94daa85aceb8986

                                                                                      SHA512

                                                                                      7849c1641343912c3cd4f1f312fc9eeccd4a0030735973cb56b308b204250ee5209c726628ce17926bd84748f26df200993355440b90455c3cca7b71a3fcf740

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

                                                                                      Filesize

                                                                                      55KB

                                                                                      MD5

                                                                                      60c6efabb021c8eec4ba448974887f11

                                                                                      SHA1

                                                                                      1df8405943257b9356bae8467615d45151931aa2

                                                                                      SHA256

                                                                                      709d97f82663324b2c441d42258d4aa6d8a0334f03c1935b0b43c9cad3ae4305

                                                                                      SHA512

                                                                                      714c8fcc3343ad259b3b9681c53063dbd99c0023bcbae51f0f607dcff8cde51cc926d6cfe93be8eb6e2e159ae0405bfc9236df984b47083449130a4c0d7f44de

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

                                                                                      Filesize

                                                                                      20KB

                                                                                      MD5

                                                                                      17c697496abaa786bb85b036bf480bf5

                                                                                      SHA1

                                                                                      4985b2ec44d4baacd34f33203d094c1a2640fbda

                                                                                      SHA256

                                                                                      38dd822204389527ddd196d536e10131689ca362c63ca959b6557837bc5d33af

                                                                                      SHA512

                                                                                      ba2c64053040e0979ed3933cb3153b56f16ea99423d332f3a649eb92e2cc5b850e5c3cd54706105220fe8d51bc0d0ba61743aaad914d2705e9d43cbe5eae3fe2

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

                                                                                      Filesize

                                                                                      99KB

                                                                                      MD5

                                                                                      2c5d93f83e9c4810d3fd8257c06f3b56

                                                                                      SHA1

                                                                                      a33a8a4c75381a0e83e31ff46a2e57dccef1db3e

                                                                                      SHA256

                                                                                      82eebff2d35e1abd48d48b7ff1908e33059281734c7827b006093fed49e5fee9

                                                                                      SHA512

                                                                                      0a03771731876243893af94c7cdb64517647a72830a08ef79055005be8b652b47e0ca1066e3898cdab310f6be18e51901da1c5ec822440f6e69d6b2f5a2aefa0

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

                                                                                      Filesize

                                                                                      88KB

                                                                                      MD5

                                                                                      a2e53ee908dc616b23256e82e73343f2

                                                                                      SHA1

                                                                                      c40b4ad46f6433a900536b7abe1d6544d4ee8ec9

                                                                                      SHA256

                                                                                      dd1a1e2058a992fda5828a86ac635b5efdb488e2aa45daf66f180ed95ef0a857

                                                                                      SHA512

                                                                                      3ef3cb8b808e747928df27d5d931ae7a68ec09c05106880680089d4e356bb06acdf6d87cc1a3529c9a6d19e1eb991e563bd6392e8197f6716c1c44dc5b444d6d

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

                                                                                      Filesize

                                                                                      17KB

                                                                                      MD5

                                                                                      0ac62fbab3c332dc659c07cdc4ff5092

                                                                                      SHA1

                                                                                      be0fe7b9786de25de3218d8eb7402564a64edf72

                                                                                      SHA256

                                                                                      16f64784da286df41dbfc82234c471eada5a25d3066297a0e842ca2b98299c91

                                                                                      SHA512

                                                                                      ec8da8c0265f46ee753befa8cc39e39fda2994edacc8134fd4f151d9b239e1172a229f8a32f780eb9c4bf5f1550135f5a1b735c83aaf0c6229e346b6c84ade9a

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                      Filesize

                                                                                      5KB

                                                                                      MD5

                                                                                      e5304992bc4c321303b88ac19f55816b

                                                                                      SHA1

                                                                                      55144bd9ce73d03aaef582b3976618db68544a3f

                                                                                      SHA256

                                                                                      6c59a64ea45629c48c75956fda26c3d2723c79cf7e3d4fd6ce94607e530cb95e

                                                                                      SHA512

                                                                                      7b47158241caa0da1492f656e41f857e8870ebb9649567319f141cb8a62320070a81f7ca3f392f6ec25a89562ef525da06f5ae9a55d11cded6bb545ceb5338a5

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57b3ee.TMP

                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      3f27c4a3ded6880b7f09f44c9d937e15

                                                                                      SHA1

                                                                                      539f90d66afa03c48f11439264a5e49c232505c3

                                                                                      SHA256

                                                                                      d40a225a77572dd5cd39ce45df81cd45d36125c2b1416306a594d4069f58494f

                                                                                      SHA512

                                                                                      ba763113eb0617981a4f1ddaabebc4ef972d741b31b08447f610c97271a18601a32c2f70a9cf6182522b1269531c3f328634bb5b8318358473cf7f492b836deb

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

                                                                                      Filesize

                                                                                      264KB

                                                                                      MD5

                                                                                      f50f89a0a91564d0b8a211f8921aa7de

                                                                                      SHA1

                                                                                      112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                      SHA256

                                                                                      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                      SHA512

                                                                                      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                                                      Filesize

                                                                                      2B

                                                                                      MD5

                                                                                      99914b932bd37a50b983c5e7c90ae93b

                                                                                      SHA1

                                                                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                      SHA256

                                                                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                      SHA512

                                                                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                      Filesize

                                                                                      319B

                                                                                      MD5

                                                                                      cffdae3a6e1fd3998d30568422541713

                                                                                      SHA1

                                                                                      fe69afc424ccc59d13799aa2f30e3379b63a76d5

                                                                                      SHA256

                                                                                      23cec31ec166fd1e875f55a397cfba2756f2d64bb2ec35003afc985766a682d2

                                                                                      SHA512

                                                                                      903c502264fdc989db486691a7303597ac7b75c7ee3844681329305183a39737fe9c407c4dfe108e5fd347d2d6ba94453847213a843fdab5f4967697cc2241a5

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                      Filesize

                                                                                      20KB

                                                                                      MD5

                                                                                      f1578dd9a1ef7ff87b0712ec80328c03

                                                                                      SHA1

                                                                                      dca654d2c14105af5fb67c61d8f6f88478a47de8

                                                                                      SHA256

                                                                                      07bee29d57ebfce1e519d3e9e52f0d834ade3de40e6bf61e9a1d9c66b541f748

                                                                                      SHA512

                                                                                      82ed0b4e746208752137b3f8c74baa71b96a0e9a342537c24c6b7c9c19bb859c3d5843b1af961ad44d0dec02d16883be4c0ec89bf308593a3420ecef3c590bc0

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                      Filesize

                                                                                      192KB

                                                                                      MD5

                                                                                      255a34f58934e653da29a9574a5f010f

                                                                                      SHA1

                                                                                      70444eb8212f3a359a56ab65b772a13c54628683

                                                                                      SHA256

                                                                                      29a546156b59a43dc085369843c8c5f8625b88a8922c6d8c3f4a3de07d1fea44

                                                                                      SHA512

                                                                                      fcc2aa0dff25b78e49408941314759c3524cfa539b37b5064ad10107fdec5b89c3442f7f19fe5a6f50510e94845b76af92adc13baa7fef201bb8f144d86716fc

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                                                      Filesize

                                                                                      108KB

                                                                                      MD5

                                                                                      06d55006c2dec078a94558b85ae01aef

                                                                                      SHA1

                                                                                      6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                                                      SHA256

                                                                                      088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                                                      SHA512

                                                                                      ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                      Filesize

                                                                                      20KB

                                                                                      MD5

                                                                                      5a5f3cd25a3cc37422b5b1263433293c

                                                                                      SHA1

                                                                                      c585eeb905bfdb82e807e5b8e3e60c7955bd87d0

                                                                                      SHA256

                                                                                      0d9cac97810b2fce10dfad806ddbfe2ce26e7d0b1774e3b438a3ecf403af0428

                                                                                      SHA512

                                                                                      a6648c2f1e4a7d066e22ce20676d3ac59ae61aed4be8c82b930081c2523e120f9737621415ad313cf155fbc2e5092ec39b40e08a13548198b937f60304c6fbe9

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      2526b36284e79ea84d89ad8961a86bde

                                                                                      SHA1

                                                                                      c192a940419f0c08f7e568b983973db097c392ff

                                                                                      SHA256

                                                                                      adb4d4b1dd0a878109b4d17197528079b1c57c48d90e02a8b4c341bf6d6d9543

                                                                                      SHA512

                                                                                      4f3ba3954224de551340378662c3c69ebe70d4d2319580573df3724441f37303e6b8c2a6e6bda683d6c53afa1b8f7aa0810531f7d96d0ef8c9079c953cb0c2c7

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                      Filesize

                                                                                      2B

                                                                                      MD5

                                                                                      d751713988987e9331980363e24189ce

                                                                                      SHA1

                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                      SHA256

                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                      SHA512

                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                                                      Filesize

                                                                                      40B

                                                                                      MD5

                                                                                      20d4b8fa017a12a108c87f540836e250

                                                                                      SHA1

                                                                                      1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                                      SHA256

                                                                                      6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                                      SHA512

                                                                                      507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                                      Filesize

                                                                                      859B

                                                                                      MD5

                                                                                      0c693a6897912041fe50dd868428d71a

                                                                                      SHA1

                                                                                      4a811421c47fa036575233fe3dd92e62ca9b948c

                                                                                      SHA256

                                                                                      820a844d93f23870bbd6c828452cb72c8c1ffa9f332ddfa3517498599933a105

                                                                                      SHA512

                                                                                      989c463320388834e7eeee8ec90687244d2e3fc0d4f1b063dcfcf5a4e42abc466fc0ecf8dac2bd07840757a71cc93dfa0cf922aff2443c8f90ba749862cf201b

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      16KB

                                                                                      MD5

                                                                                      14d8805d9851a532aa6c11ee9c5e2790

                                                                                      SHA1

                                                                                      611ad999dc1284acbe51ea78d6ed262f745b1709

                                                                                      SHA256

                                                                                      041becf7d4481b3019bb82573bad17deff3c3ad2c09a81ec8c7d08fe8bbdb076

                                                                                      SHA512

                                                                                      0bc1a4bf20519f115f159cbcd50662703573b8831b88a708ca32ade364d5ed043442f6883964e28bf939ac10951c1f32b46551454895484a2babf2eb828cf3e7

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                      Filesize

                                                                                      17KB

                                                                                      MD5

                                                                                      ceb1c0fef5f41ee02d9be5e0619eaa81

                                                                                      SHA1

                                                                                      a0b29d73af79d4fe134d3f5c5a4746cb6282d9fb

                                                                                      SHA256

                                                                                      e385ff47538f59bdd66c6c28ebbeb3b1b2998a2a7d9ca34c788fd708bce9093f

                                                                                      SHA512

                                                                                      f07e14f803dbbc860dbd83c50575e61f6cca19f2823f0cf2010de55c94397d3a4e3e60327ce2a53ca9d10795e2520fe99163a49882ee364a4293f82f81f6668d

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                      Filesize

                                                                                      36KB

                                                                                      MD5

                                                                                      85161c3c62da25cfe31019ee3303a436

                                                                                      SHA1

                                                                                      3a272b755d34672e6598343391f40908eaba7cd9

                                                                                      SHA256

                                                                                      f9352f5c6be53ed563cb3c4c0da085c23748ed7e231e8eb0d4881b58d1202a9d

                                                                                      SHA512

                                                                                      fae142acd47850e1fc6d193b44a77c35463fdff1edbf9da83aa6bf9bf0272147c337cd7399e99a213b4bb2adb3569ebd2635afcd7a64fe73f60415abc4071c4b

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                      Filesize

                                                                                      335B

                                                                                      MD5

                                                                                      f5bfbc15e0c2d1aa44f5b438f3698e38

                                                                                      SHA1

                                                                                      9536ee68d7714d6bbbf68988db13e2809f6b2ef2

                                                                                      SHA256

                                                                                      22eca03436903b505bfa9fc3e2aa977e694a14bebb7b6d3663f24afea5db45b6

                                                                                      SHA512

                                                                                      9e5436324a01aeb98c948ed26ad31c5e68a056bf4f002d4b15bf46d24310201ae8685e1f110c34474c156ffd48fd5e88ce59dfd85ca04ef96902e82da8288da6

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

                                                                                      Filesize

                                                                                      112B

                                                                                      MD5

                                                                                      bd2bf506d44d71a0917875e68c084080

                                                                                      SHA1

                                                                                      7aa47986879cf9848f979909a48b1e64d92df8f6

                                                                                      SHA256

                                                                                      01ac076f9552e3a7e5ffd49c2b3c6220bf9a93bd454d89cc3831f3b0039949de

                                                                                      SHA512

                                                                                      b40cdb6028b9841884cc3423de005c9562fb0df0897131b6f0f76275750772852e866684ae3453dcd3ca3e38136364d156af4780bc58d025a0c2a77e109b5912

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                      Filesize

                                                                                      347B

                                                                                      MD5

                                                                                      c4ed9bbe1ea4394c1d4362f8c0d02a8b

                                                                                      SHA1

                                                                                      d5740d0a42686c8318beabab923e54ad084ca219

                                                                                      SHA256

                                                                                      23606047031a2c104f7a1b4553553efe1811767f56edd15fe42910172c5616c8

                                                                                      SHA512

                                                                                      f6119f89a9d724e120e62048e6e070e30bb1123d8c7839bd6a9cf6d7aa0be0080e2cdb752f0a0b43668f5fb510b5cc1ba4a8d74a6f99c296cefc9442b72e6a0e

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                      Filesize

                                                                                      323B

                                                                                      MD5

                                                                                      059c52031ba2b1f2a012a2c2f380585e

                                                                                      SHA1

                                                                                      ece149a1499f27977a982febdc268c14e2e88fd0

                                                                                      SHA256

                                                                                      51877757aab37818ae2187661f4e112148f39ffa94a026068616a771c5b7c380

                                                                                      SHA512

                                                                                      fd16f5b5ffb57946d70beb7a77415d4db1c5287911f78b13c4eac1878f4d63df4def0e51ff9c5abdf62b57e0475c5cb636480ce76fcea4cf871fa3a1088c87ec

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                                      Filesize

                                                                                      22KB

                                                                                      MD5

                                                                                      a17c5a2f54a990866995553f193d0b60

                                                                                      SHA1

                                                                                      fa724c21ca3a7d3c05a7eb2843372ecaf759bdf0

                                                                                      SHA256

                                                                                      271bf6ddf91efd3306eb38168bdff3558b1c2985e00c42d39f2e090bfdac0622

                                                                                      SHA512

                                                                                      24ae1345b856b05b52a919d0c8fc18e7ed74127e1be961a92fe1be0f53c1bc380dafbe24f7373db46b1f24d2c603c0f65a99d2dfc3c4913c369b9c480dc805dc

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                                      Filesize

                                                                                      25KB

                                                                                      MD5

                                                                                      ff9030ea963edef2a514d9ca4edaba28

                                                                                      SHA1

                                                                                      8a5909b239a6cfa5b48a6e51d52895c1ec203f15

                                                                                      SHA256

                                                                                      8c5cefd28f63226a0544ad9a4f18d39e052bb6558402c2d6af5381a13c417e8a

                                                                                      SHA512

                                                                                      b2a0d2866fbce13d2e683a10afaf63aba4da5f489885c28cfefe09e59015736c33c7992da73da20c3cb53cd7f54b851be5ab9a954d90004de0009543044c14a9

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                      Filesize

                                                                                      128KB

                                                                                      MD5

                                                                                      c1909fe68747a55514296ed0cd4b6371

                                                                                      SHA1

                                                                                      bda0990c4086f9c7d15608212b7f15cb88d988a4

                                                                                      SHA256

                                                                                      ae24d1401f8520f662429408bd3cb74cea8c0c1853a876acdff45a49380ae992

                                                                                      SHA512

                                                                                      6c411728adb7662d9547d4a9c6b94e5b205a9d0ff7166aac247e468cc9af6a8fc95fb5cd0ef6d041a7942850c01217f550448e761c87a3590041b19f95865b18

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                                      Filesize

                                                                                      14KB

                                                                                      MD5

                                                                                      51dfc6170450d52f180ede8e985857d3

                                                                                      SHA1

                                                                                      0242adea1b1cf40fba19eee027e59b1fe6453f44

                                                                                      SHA256

                                                                                      ff6e3bc0d4a208275a5826d46801b36814397753eae3f0321c87275e665a6fd2

                                                                                      SHA512

                                                                                      a1593c92ee4cf0e4b8936bcd3907c47e0afeeb25d4827097e8e2bfb5b6ee0660fa3419c7733c9838cc99738331ae8faef3424412ce05459104cb4ea3b7f81d6e

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

                                                                                      Filesize

                                                                                      13KB

                                                                                      MD5

                                                                                      256c40bace492c4e28451ce149d2f9ac

                                                                                      SHA1

                                                                                      b48b0eaf986b9efc91d5c8dd394dccb6d82e2adc

                                                                                      SHA256

                                                                                      f9e4da319fe1f5a7d497c452421f4648a24ec7588f309ebea0f0cd61a6251eef

                                                                                      SHA512

                                                                                      33b38d1ced015798722180fc8c8ce6daedb18cd5d0e4b3db27d6176c13cf3ccb1bd79f2e68ca390d6eb43ac508c29067e8f1a3ee9f0167cabe37ebbddf6b0ec0

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                      Filesize

                                                                                      14KB

                                                                                      MD5

                                                                                      54e3387e40dded66e03b442665d18ca2

                                                                                      SHA1

                                                                                      6b810f5a683bb5d2743a9349e3ca09ef5588e74d

                                                                                      SHA256

                                                                                      2c40d1607a5a9764ed173a147ac5eb3512f362eb3342b421aa2e98ce50c9888d

                                                                                      SHA512

                                                                                      f01111ca7edfec819b6cafcaabf9b98d02bf3a5b679890dddccbd18d112503fe11be3b848d64d65563a09f9dbb7ee36d0ab6c3857b8767bd2d295afe14fa31cc

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                      Filesize

                                                                                      319B

                                                                                      MD5

                                                                                      c522ef0ba342f01213da7d8fbf19dbd6

                                                                                      SHA1

                                                                                      d18a012db219c8608567916bad410b899c8e09e7

                                                                                      SHA256

                                                                                      6b4f6fa5a12d3fb4e3b7974ddad9ac4bfae73d926b948edd4e609c40126c2702

                                                                                      SHA512

                                                                                      d161cf2000100a16d73cb3f4b0571d9cfd574a0f07430ada3b3402b48f00f851cee87c1e37b123f96e334d931c4abedbfcc64e64528b08e53208823c0a115ddb

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      0e404d10a87673d0b4dc2822422c3257

                                                                                      SHA1

                                                                                      ca0724449d8834e02fd3b715e6d673b5fc66acc7

                                                                                      SHA256

                                                                                      9f8f945742fd10cbb7fa25b2cdbf9acbc532eb3d0ddf8b2febbb57665920da71

                                                                                      SHA512

                                                                                      1998dbf2bc45dd86f44304aac9e9ff2b71ea2dffc942af8650ab074f3404573c29de2d1a132713724135ad78422891c94b6ab39d0971101c5dba7a8b436b64a3

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                      Filesize

                                                                                      337B

                                                                                      MD5

                                                                                      ef25c8280d454555fe9f1ac668bde1ae

                                                                                      SHA1

                                                                                      72db10f060a9ab48bf465c2cad66a8e486e7e9af

                                                                                      SHA256

                                                                                      8ecc92dafde74b8db2ea80365fe5eb799fb71f4b1920cf869a6935a4189e152a

                                                                                      SHA512

                                                                                      3d6167e3b138b68b8f6c68604b6dbce632ed6ffc437529148ee570e96752ae1a769feb4099167a749d8ecc6fd3fa65e1750be863c3a7e746d6fd993260ec72cc

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                      Filesize

                                                                                      464B

                                                                                      MD5

                                                                                      4046d1547058ffd88db3f9a91241533c

                                                                                      SHA1

                                                                                      af91a18842aa687ba3652a8d5308b1e8d823c3ee

                                                                                      SHA256

                                                                                      c11c25fd43e4ed7c9d7efcbab527d9da9b00a684a97de7f4cdd1e73dcb02d2dc

                                                                                      SHA512

                                                                                      e9da78273b4e5e1c6d3a0b1442265ed9f2b92425edcc0ec38b428d9f65663f733ed1bb0cfdb9690e7093d67f9f0b5e10d03b32e5928dd34212136737189cdb56

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                      Filesize

                                                                                      13B

                                                                                      MD5

                                                                                      3e45022839c8def44fd96e24f29a9f4b

                                                                                      SHA1

                                                                                      c798352b5a0860f8edfd5c1589cf6e5842c5c226

                                                                                      SHA256

                                                                                      01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

                                                                                      SHA512

                                                                                      2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                      Filesize

                                                                                      54KB

                                                                                      MD5

                                                                                      8718b2ec9b52bcf8fe1b375145923fea

                                                                                      SHA1

                                                                                      4908436971e4d396af490303f669c164e7dc23b0

                                                                                      SHA256

                                                                                      2dd6831b402e9272f904b68902fb06838afde28711a034af4e11142fd8ed7746

                                                                                      SHA512

                                                                                      19c5779ded0df7204c0b4b8221594080bc8570d41d810f8d7ab4e80b8423a17e9080f34abf087834075637a1571ffe0c72b634b0618fea0d56b2e7572b314a3c

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                      Filesize

                                                                                      54KB

                                                                                      MD5

                                                                                      f003a9a7329373c58e71b9bb7e976672

                                                                                      SHA1

                                                                                      77211f9973a2740da1aa3c43af81911d4b9593b9

                                                                                      SHA256

                                                                                      b63d56b3e9c74a14c8501a7c5a53f3e66599123672e8386bd58ead4f8f9d272f

                                                                                      SHA512

                                                                                      d0a641e71533dc759ee29e95e15d7f0d819bd48ccaf65f12f84fddafa862cce358d49b6a10402c77f367c976f419703340781c27fedb7e21df45a15a994e963e

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                      Filesize

                                                                                      40KB

                                                                                      MD5

                                                                                      22cff315798fbfe84cd0b8f5db669792

                                                                                      SHA1

                                                                                      e19a965613d38c945b1bc7ccefb7a9f14971dd3d

                                                                                      SHA256

                                                                                      477c154c9e4274336d5c2cac277bfbf089d23725888fa60866558289047f6030

                                                                                      SHA512

                                                                                      fdb7b82d1fd66e5365b6f7b3733e212c127df8470c492788db591ebef5d91bd450d25cf44e072367f1794d5832ca203171dea8b56855135b3b1015b102586dff

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                      Filesize

                                                                                      39KB

                                                                                      MD5

                                                                                      26297c135dbdb8bf290fc82a6fc708da

                                                                                      SHA1

                                                                                      99796e745dd96501d61e13f097cc80b625839514

                                                                                      SHA256

                                                                                      6b6f15258934224bc174333990d6e7674af283a4e0410179c00302693ab47d72

                                                                                      SHA512

                                                                                      7fb83c8f4a6fc75037817d12d2fcce4099add380a2483967755582033402d05481524228aebab439535cc94b514409fbcb75ddfed74103d92e3f40a3cc109418

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                      Filesize

                                                                                      48KB

                                                                                      MD5

                                                                                      9b455db4af3a09ae703fd52dbd82d540

                                                                                      SHA1

                                                                                      757f38c28e129c118dd6ffbcc172d5b037cf8b6a

                                                                                      SHA256

                                                                                      f9b8b3d89151afee63bb93cb4996caeb63dcb9100b62ab0891d0848c892f6e17

                                                                                      SHA512

                                                                                      ed44d9573d51ecd3a218c9360637623249e867710df0f74f345c775bd3d2504ea4fa631d36a87fd880361d97db92c86327cc9cb1d9272114bf874641d691661c

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                      Filesize

                                                                                      264KB

                                                                                      MD5

                                                                                      50cd9b4287f7a69ef3365a143b3512ee

                                                                                      SHA1

                                                                                      7f964d3aabd8d47e70d7a6ee69f49cf26ee3a773

                                                                                      SHA256

                                                                                      f7df4c60592f54efa53ab18e9b51515acac1e655a88c18a54276c213543c5324

                                                                                      SHA512

                                                                                      e8e4f5a192f9cd28dcebe5ca0e5fb31d74c52978bf643d1b2e96564a789bc39c3830b08ac3d3bd3d76bd9ef36b4f7efb010d2c9cd65bf319689b47243fa8c122

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                      Filesize

                                                                                      86B

                                                                                      MD5

                                                                                      961e3604f228b0d10541ebf921500c86

                                                                                      SHA1

                                                                                      6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                                      SHA256

                                                                                      f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                                      SHA512

                                                                                      535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      944def4db76b5776643500a18d78f54f

                                                                                      SHA1

                                                                                      8351b91ac1056759faaeb48714a2b27ac8d39adf

                                                                                      SHA256

                                                                                      01a28d30c8859af50f6f1d688fb810f03ff6f861308782c6bc418687ac2694cd

                                                                                      SHA512

                                                                                      05cb26fec7fa80fb8ea72f654877d0909bcb00416edcf740210744c53e7d8dbe7fd04e080ba8efa37cd64a0e8ff1a8cefab4ff44424365684a6906bc40d5d6d5

                                                                                    • C:\Users\Admin\AppData\Local\Server\DcRat.exe_Url_nzptexryieaskvtv2305jtgersripj4o\1.0.7.0\user.config

                                                                                      Filesize

                                                                                      309B

                                                                                      MD5

                                                                                      0c6e4f57ebaba0cc4acfc8bb65c589f8

                                                                                      SHA1

                                                                                      8c021c2371b87f2570d226b419c64c3102b8d434

                                                                                      SHA256

                                                                                      a9539ba4eae9035b2ff715f0e755aa772b499d72ccab23af2bf5a2dc2bcfa41c

                                                                                      SHA512

                                                                                      c6b877ff887d029e29bf35f53006b8c84704f73b74c616bf97696d06c6ef237dff85269bdf8dfb432457b031dd52410e2b883fd86c3f54b09f0a072a689a08c0

                                                                                    • C:\Users\Admin\AppData\Local\Server\DcRat.exe_Url_nzptexryieaskvtv2305jtgersripj4o\1.0.7.0\user.config

                                                                                      Filesize

                                                                                      830B

                                                                                      MD5

                                                                                      36979ae44f7fef37e74a41d7ecf37588

                                                                                      SHA1

                                                                                      2b836ffa7e561c94e5011bfbd870551d19fa1027

                                                                                      SHA256

                                                                                      c10c856973fe4599d8f98db1629d9d53230c094b275980d7a4f3e83c98f5f2cd

                                                                                      SHA512

                                                                                      b9bbb40b7b0bb449b394f47a6def4c9527ce3aac02157e2121c42bb7f8eca700115d187330c1fcfcf9ff04f2f5e6abaa4e58c56730f0560356e23e306a9fb2d1

                                                                                    • C:\Users\Admin\AppData\Local\Temp\Rizzler.exe

                                                                                      Filesize

                                                                                      47KB

                                                                                      MD5

                                                                                      dfc1a646326a2b5f365f68e3e377e790

                                                                                      SHA1

                                                                                      8f1ee85e92ea499799e4f673220df313da8ad1b2

                                                                                      SHA256

                                                                                      1893cac4ca324830686eb78513b667bb230be10990ec9b7d8002526054295625

                                                                                      SHA512

                                                                                      3ae12d090318262200ba51797d4341533c4b80e867c7e3af7a57106ffd392c863f19cd51c4265e71201915497aa874b1351675e1facb55f9985657bf09962bc7

                                                                                    • C:\Users\Admin\Desktop\DcRat\Release\ServerCertificate.p12

                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      e5d252a03d84e50b8ba03027c0e1038a

                                                                                      SHA1

                                                                                      7c6ab96792d9f9f70937e6e039cc7d6a7d3c8708

                                                                                      SHA256

                                                                                      458f32cb83bbf5949e5dcc5cf04b3e7433167a77b53ea146e6a1100c2fda3e90

                                                                                      SHA512

                                                                                      63c934fffc9a4a254a4595157fee092e3cc7be7d170d450df369eea5a84263f90be6a57b030c55c8b1d7e122d3f103124b6abd72071d075a73dd300211c312cf

                                                                                    • C:\Users\Admin\Downloads\DcRat.7z.crdownload

                                                                                      Filesize

                                                                                      4.0MB

                                                                                      MD5

                                                                                      836c2ae55c1baec789b83fa3d79d23b3

                                                                                      SHA1

                                                                                      359a091da48369e1e8cea6e004826ee25a93b3db

                                                                                      SHA256

                                                                                      68115c6e039363be3b80e416ed462d97f8c763af800237b1fa183cca1180bac5

                                                                                      SHA512

                                                                                      e12f7438545f6615f84e37b81837127aacc79b4aadd3b212702bb662b0f752778ed15d646e8d657b318dfde57d2f893c18831bfb686a0ae1b7d62137c63080be

                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4264_1133434118\LICENSE

                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      ee002cb9e51bb8dfa89640a406a1090a

                                                                                      SHA1

                                                                                      49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                                                      SHA256

                                                                                      3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                                                      SHA512

                                                                                      d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                                                    • memory/2108-816-0x0000027BBD560000-0x0000027BBD572000-memory.dmp

                                                                                      Filesize

                                                                                      72KB

                                                                                    • memory/2108-815-0x0000027BBAF20000-0x0000027BBAF2A000-memory.dmp

                                                                                      Filesize

                                                                                      40KB

                                                                                    • memory/2108-805-0x0000027B9F0A0000-0x0000027B9FCEA000-memory.dmp

                                                                                      Filesize

                                                                                      12.3MB

                                                                                    • memory/3076-955-0x0000000000580000-0x0000000000592000-memory.dmp

                                                                                      Filesize

                                                                                      72KB

                                                                                    • memory/4724-993-0x000000001BD00000-0x000000001BD76000-memory.dmp

                                                                                      Filesize

                                                                                      472KB

                                                                                    • memory/4724-994-0x0000000002620000-0x0000000002630000-memory.dmp

                                                                                      Filesize

                                                                                      64KB

                                                                                    • memory/4724-995-0x000000001BCA0000-0x000000001BCBE000-memory.dmp

                                                                                      Filesize

                                                                                      120KB

                                                                                    • memory/4724-1022-0x00000000025D0000-0x00000000025DE000-memory.dmp

                                                                                      Filesize

                                                                                      56KB