arrowrat | 7da2fead1f047d7944281ec28881f8b765c6cd484712d4f5b3c79798b957231c

Analysis

max time kernel
1200s
max time network
1010s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2023 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Venom5-HVNC-Rat/Venom5-HVNC-Rat.exe
Size

9.6MB
MD5

c6e5045b7f5201f86fa4e655781cc97b
SHA1

4e3e9125d8881e632a2384d6c57fc27f8bcbddcc
SHA256

5ae30394f70c8269f576374a2adb32de3b400e87b00786d538246dd7b9a7f548
SHA512

c62ceb19bb8b105ce93f9bbf85ceeabb7b7239c1f329b19a844d342fda118279d6aaeb7221ce2f5591e842ef136303fd347d7c1ceef095b145e549b812d9c2ab
SSDEEP

196608:JBP70XvXdb5e0hnHTW3GwhXscv84MzaVpXeEWgJfbC1xllS7o/riN:JBudb5eaHT4GYrvbMG6K+jQ4+

Score

10^/10

arrowrat asyncrat %group%agilenet rat

Malware Config

Extracted

Family

arrowrat

Botnet

%Group%

%Hosts%:%Ports%

Mutex

%MTX%

Signatures

ArrowRat
Remote access tool with various capabilities first seen in late 2021.
rat arrowrat
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 21 IoCs

rat

resource	yara_rule
behavioral1/files/0x0006000000023154-501.dat	asyncrat
behavioral1/files/0x00060000000231be-508.dat	asyncrat
behavioral1/files/0x0007000000023074-509.dat	asyncrat
behavioral1/files/0x0006000000023157-504.dat	asyncrat
behavioral1/files/0x0006000000023156-503.dat	asyncrat
behavioral1/files/0x0006000000023155-502.dat	asyncrat
behavioral1/files/0x0006000000023153-500.dat	asyncrat
behavioral1/files/0x0006000000023152-499.dat	asyncrat
behavioral1/files/0x000600000002314f-497.dat	asyncrat
behavioral1/files/0x000600000002314e-496.dat	asyncrat
behavioral1/files/0x000600000002314c-495.dat	asyncrat
behavioral1/files/0x000600000002314a-494.dat	asyncrat
behavioral1/files/0x0006000000023147-492.dat	asyncrat
behavioral1/files/0x0006000000023146-490.dat	asyncrat
behavioral1/files/0x0006000000023143-489.dat	asyncrat
behavioral1/files/0x0006000000023142-488.dat	asyncrat
behavioral1/files/0x0006000000023141-487.dat	asyncrat
behavioral1/files/0x0006000000023140-486.dat	asyncrat
behavioral1/files/0x000600000002313d-484.dat	asyncrat
behavioral1/files/0x000600000002313a-483.dat	asyncrat
behavioral1/files/0x00060000000231bd-462.dat	asyncrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	Venom5-HVNC-Rat.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe	crack.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe	crack.exe

Executes dropped EXE 1 IoCs

pid	Process
3908	crack.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/files/0x0006000000023144-465.dat	agile_net

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 59 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Venom5-HVNC-Rat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Venom5-HVNC-Rat.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3908	crack.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4296	Venom5-HVNC-Rat.exe
1600	firefox.exe

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: SeRestorePrivilege	2464	7zG.exe
Token: 35	2464	7zG.exe
Token: SeSecurityPrivilege	2464	7zG.exe
Token: SeSecurityPrivilege	2464	7zG.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe
Token: SeDebugPrivilege	1600	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2464	7zG.exe
1600	firefox.exe
1600	firefox.exe
1600	firefox.exe
1600	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1600	firefox.exe
1600	firefox.exe
1600	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4296	Venom5-HVNC-Rat.exe
4296	Venom5-HVNC-Rat.exe
1600	firefox.exe
1600	firefox.exe
1600	firefox.exe
1600	firefox.exe
1600	firefox.exe
1600	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 3908	4296	Venom5-HVNC-Rat.exe	89
PID 4296 wrote to memory of 3908	4296	Venom5-HVNC-Rat.exe	89
PID 1988 wrote to memory of 1600	1988	firefox.exe	97
PID 1988 wrote to memory of 1600	1988	firefox.exe	97
PID 1988 wrote to memory of 1600	1988	firefox.exe	97
PID 1988 wrote to memory of 1600	1988	firefox.exe	97
PID 1988 wrote to memory of 1600	1988	firefox.exe	97
PID 1988 wrote to memory of 1600	1988	firefox.exe	97
PID 1988 wrote to memory of 1600	1988	firefox.exe	97
PID 1988 wrote to memory of 1600	1988	firefox.exe	97
PID 1988 wrote to memory of 1600	1988	firefox.exe	97
PID 1988 wrote to memory of 1600	1988	firefox.exe	97
PID 1988 wrote to memory of 1600	1988	firefox.exe	97
PID 1600 wrote to memory of 1656	1600	firefox.exe	98
PID 1600 wrote to memory of 1656	1600	firefox.exe	98
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 2688	1600	firefox.exe	99
PID 1600 wrote to memory of 772	1600	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Venom5-HVNC-Rat.exe
"C:\Users\Admin\AppData\Local\Temp\Venom5-HVNC-Rat\Venom5-HVNC-Rat.exe"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Users\Admin\Desktop\New folder\crack.exe
  "C:\Users\Admin\Desktop\New folder\crack.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious behavior: AddClipboardFormatListener
  PID:3908

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1564

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap2010:70:7zEvent10219 -ad -saa -- "C:\Users\Admin\Desktop\New folder"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.0.1463128414\916207765" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {234d4ff0-d9d6-4264-93d0-6fa976440550} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 1916 1a00ba18958 gpu
    3⤵
    PID:1656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.1.233151503\1922137905" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b66cb18-8608-4ac1-a670-61777243ebf2} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 2316 1a00a80e258 socket
    3⤵
    PID:2688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.2.1731492123\1439188679" -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 3284 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32c2dfd7-35dd-4c8f-b31a-11936de0237b} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 3296 1a00e748258 tab
    3⤵
    PID:772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.3.456069161\2056623226" -childID 2 -isForBrowser -prefsHandle 2348 -prefMapHandle 2360 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94a57878-f3a8-4064-a205-9678970fcbcd} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 1124 1a00d0fb558 tab
    3⤵
    PID:4740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.4.497075395\149770950" -childID 3 -isForBrowser -prefsHandle 2988 -prefMapHandle 2936 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a62a27e-164d-46aa-ad21-9307d230849b} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 2772 1a00f4d8858 tab
    3⤵
    PID:724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.5.942644048\586419473" -childID 4 -isForBrowser -prefsHandle 4736 -prefMapHandle 2836 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {331891f6-fc72-4a22-881c-8119f14e5d2a} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 4884 1a00e8c0b58 tab
    3⤵
    PID:3728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.7.284863264\331737129" -childID 6 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {255836fc-b886-452e-b452-873923c9cfab} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 5348 1a010fd1c58 tab
    3⤵
    PID:1880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.6.690031505\1257193456" -childID 5 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58b5ef95-7890-45e1-a2b7-1942010eb2b7} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 5160 1a010fcfb58 tab
    3⤵
    PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.8.496184295\33830497" -childID 7 -isForBrowser -prefsHandle 5824 -prefMapHandle 5764 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4601cb3-50dd-4f19-9d56-8725fd325e5b} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 5832 1a013598f58 tab
    3⤵
    PID:4244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1600.9.1057915910\1813862467" -childID 8 -isForBrowser -prefsHandle 5656 -prefMapHandle 5684 -prefsLen 26755 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3718781a-54c5-4ac5-995a-e0f1e4414e05} 1600 "\\.\pipe\gecko-crash-server-pipe.1600" 5728 1a0138f9258 tab
    3⤵
    PID:1296

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
95e9767693f0393921c0985ff1466374

SHA1
f785f7f6479c044f436f7d211ee7993d60f1397a

SHA256
6d09e591e64d856c8137dc1dff7a9623e8aed7e4e057419419e98df9940215bc

SHA512
3b834bc78e3057a7223fc1669a455c37da381df2bd6aaf30a9232657944d5309de74625e1f90781396c516e0149474a5ef83c7dec4ffdad99bf69955a9af0f17

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
140KB

MD5
94801ad1bfdbfe0fa32bd1e5865891b0

SHA1
9b98ebc84af8b9ee446551b72c2d1e92d086abac

SHA256
fa1452029d88dc29f5cfedbcaedd07b8014969989a84dbc98b5868b9419d7e19

SHA512
6a244d755bc92cf5b1029aa61aab1317f7fd5af064bdaa7799a065c06f123ff626b0d20f5558d0aaeebc5c88993a18826bd92d9ddaf922101531426145058e38

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\A4BC0C99327D7691FF360F07D11373B5791EB30C

Filesize
14KB

MD5
f64dcbfeff9259976319a237e493f6f3

SHA1
01a342aa246e44d84a67c4ff18e0135f4f99559f

SHA256
033ed8bdfdf421485235f1ae6c6c19148ac750d8ca3a240d1d42faeccaba453a

SHA512
ca3652d3faaf800f64c52c67324ddaa2aebb527c200e96618d9ff3c7f269d41e96bac356fc45fb000e3ab890f4a7aa32d07374ed2f97420788b9e7210bb19e08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052

Filesize
14KB

MD5
ee2441b8c67cf64fd6ceda1778fc5fb7

SHA1
67a9e1d9c02b9b6f9490a735b3f5eff5bf142c3b

SHA256
d05189df83978641c909bfcdd54725b391c5bae36c374873612a0f35cf88a1a0

SHA512
8d9ac88f04b393543d26a69816061228fc7445e53a4a093787eb0be598c824f4ce9ebe965abbfedcf150c879893b3b832f680236d56124dd7dc12a114dfa5d02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
abf266365d895d0023e3306543558381

SHA1
058497892ab3830839a3421bf81a0958dc46c607

SHA256
9064c61980af55f16eccf0f3a7cb300d508300d0cd67e915d4d5908a7520fe9e

SHA512
7ea95674da3daa004c41eed1acac3f1f1248da3b9baa01e03dccc93dafdd22ede4f30c88c57874420c541e6dcd0343a26fccce1396e60815701c27db94454717

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
f250c684a241935c2794c30ae164ae52

SHA1
ea384bb1ba6744718b3bb8180800365d19887692

SHA256
ff08fca842608945bab874f225d809065a58d1eda82f37f80f727bff95bc00a7

SHA512
e16698db5705fb140ab0579c4ecbe51ba7fd2d494bf987c23bc5c46294e84749a3f1b43d0ef43fa75e7ce0d1b67ac3c22421717506be6fedb4dac49e2e7870ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\bookmarkbackups\bookmarks-2023-04-05_11_gT8FByf4O6cZhcYxBQ66OA==.jsonlz4

Filesize
942B

MD5
d6fe6e70c2ccbcd9059cc0ba120e1841

SHA1
b3be381101a909653bb0cc7e51a6f1ff226018df

SHA256
c6db73fff9733c50f6eebf366f66ed72b9edac2567950b8aca7dc01353aec2bf

SHA512
6a93da2fa42ccd02f812181c043a04c3f5c13fcbed24c5b1b688aea3030f17d766700fa09267a468081b02faa05a6746667314dba57f95849242ed44f9cd4693

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
430aa26ee026037a799900b2ec93ea1d

SHA1
d384b07dd5e2479ac20b8d9231dbc7cb9094941e

SHA256
952d73a0a827a5ff3b9daa9df93224bac6d817f67e1a2e31821398aa8543517c

SHA512
596163559efd43f3beea5c474ae83c7b29fcba88121bab1bbbe2e709538b8bcd1568c60a1778ebd6ed0fb984d523785e561556f7e546339a91cc00717e8dd414

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
8d1070f440b012c1f09e1a89e727d0e0

SHA1
bf8b73cf5c87bf92f158438ff39168fcca9ac98f

SHA256
d8c5c6bb7866aef811393cb866c4c6ed2144591dcea7f3d733320686b4ad291e

SHA512
baafd98dc33b368c0213b7b158f7c81076c77304d5c892d6fe3ef2e1526eb9a77fbf9746f15b1d90cd5ba1937a1072859719fb0abc29b31f2a4b738ab1edb30d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
06e1aa4905a9d8996b4d03fc35f771d8

SHA1
3531bda3e4d9e3b77a84efced6b6f9ae169353c5

SHA256
85ee7b89759ac82d8f459705faa06d779fcb789c458021f3a7dbbde0e06c6429

SHA512
f3ada894ed2234154946249c6c0d67999db9e6d67f56f34b78b529a1d18b6a96071fec5983be95cf49bb90e4528d7fdfda53c150813e9772a46fa5fe2e5bd336

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
52253377441ba836e1a2daba00c21e8f

SHA1
497969a0c9bd86b8c62093f321eeb35783a97507

SHA256
728c2528170d716ae63c69439fc079b03608e1462b3df53f8a30a4bfd6588079

SHA512
b5b4a62d6ec58a4d79e1da52b2ab0b12ad12e15d0529d73277e0765a76e94da98f66e313725e00de01088a867eb26747529bbe1dc39592ad9ba493c0160ff8a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
10KB

MD5
34f6f37b2aca7c499fa752cf66f3ce00

SHA1
58270c9eb2b04801b62c2f0ee14ea104a2a5b962

SHA256
28b1d71ec5b5715f883e2a01e427fe2c5448e657f1ebf985012db63e79a3f033

SHA512
69314381dbf49baaced892c749d2283b027cd63f7169248d3a46ffbaed630f66938be53c94c66cb39f88eadf96a346e5b99c25ceaf34eeb555486a1b514628ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
10KB

MD5
cabe33dc314138a366421bcfa589501b

SHA1
0fc8b72d0e0e738356ba669c525396483479f8a8

SHA256
845eb29ffb79e2321623a5dc32464196d20b11cb02a73fe52f950561507399c4

SHA512
94cc5b8843ab7d94bf0a9486aa0caf7101fede9a041c0a0298e8c5ac5b54f6a58dd6b851e22b0650674e21fd76c440c574cd529553bbe63768cec69ecbc10a31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
11KB

MD5
7b8512147b6c5cba156434e0e872f2f6

SHA1
c744c0fc503ea90ea6c33ec2760a4cead22e49b5

SHA256
3b63d52d7eb231503cb07f66dabf5191b107087c0cad66c514effeb49189a541

SHA512
f1714586ea0b5e85e5ad7cded0e7257757d73b8a3b3640f7b9d91ba61d1ce9734dbef55a9b037dfcdf1c36f0ee37f5c82a0586cfeacb6fcbf96c68222e8997cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
11KB

MD5
0af7ad31e845e2ea68d5b657837dff90

SHA1
3d0a333fbd8e3101e702d5f5cf0dc7d8886c0c9f

SHA256
6d436a2fd0c1c7e897a93c1580cd4765e425cd10815e00d04fff3914f06a4fe4

SHA512
8f553db9ce75b96b215e34b05be6320adacc90dd632d857d9f8ba8ec7aca48c785a6b92212d0fae54edc25611f4bb623c803569f358dcf736f9fdcc75defd9e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
11KB

MD5
a10639b7fdaf45a56e2ea09b7e500762

SHA1
c83dfd728b3e4c76273a80ef4ff171b386d9813b

SHA256
b89f690aada2d40fddddbdb42a955e572c6ae80489cae4d739b07fca9599781c

SHA512
758634bdafb6bed25e8e7190be43ddf72b18111129e7a15d2a7f6d3ec19179ef36b3b62fa1c2b312c83e226313c2979f8e84b433d38ddfd2d2f011e2d8a25b98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
11KB

MD5
da13e92c507acab150280eb182538ccf

SHA1
15e7920737b0da82f21505e8ac45dbf7235020cd

SHA256
9843ba953de40ef1a9dd26eb5c4cfa76d6e1456c474993a036d0d060ebb1006c

SHA512
0326aa1d29bb659e20ee88603cd9b24f83de5f2ad9381e1e2416be97b9df1915ec6c2d6ffbbc5d04fb10220fa0e81c2929f806701e23ca6249a6bc9e1a23cc92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\search.json.mozlz4

Filesize
296B

MD5
033eb0645837c8b618a593f7b9a72642

SHA1
cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172

SHA256
3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582

SHA512
27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
77c4bc7bca34b5f41a1104fb248095d2

SHA1
6dbb4b78e8d7fc1f67c15e4a60dda6dbc5956158

SHA256
4411118d25715c499d873406a583182f933282fc1a43366ec6ffbec093a39a75

SHA512
337f385bab812f7d2990484052db5504feece7a1cf370f86c1e25ab7c1c2131ea4656a227afdb267eb6f0bc915f3728b054b3f52edcb3ecd6a5e4604c2b17185

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a66d7f9ec10f047eacb6d21dc87b7e52

SHA1
cdc4f11b7d241990abd7539e3f334453a81f64ca

SHA256
ae18f964a57df948787db8873bd88381e79b19be5d45669ae483f39f85ff1a3c

SHA512
d3bd5ce9059b7b3beb1ec7692c0512fb69ce679deedbcd952872aed811e652a735b5d1b46f1f996910ca640e3bff3cfdf7105319e74f64f18c589a7a5e241776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\targeting.snapshot.json

Filesize
4KB

MD5
2310500d0ccde9e9dc310675c2c72a2c

SHA1
83fa713b261431025f83a2517bea7c2b9f068ffc

SHA256
060318d60e2deea6781251a9bfc3912e4832cef434e1c0233a4933c4be342431

SHA512
f1abf06d269f3ece1942850f1dcc4f6d7720dc75655566683fd1499908e9795deced4e92a0ab6ba0d013844701a0cd734d07f7f4241395154af5c3c0b457b15b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\xulstore.json

Filesize
217B

MD5
6d87256a2b21b9603b7d731eb033b9e0

SHA1
8e2603f254af21d5dcf310fdb5a688e9097aefd9

SHA256
5b3e57bf27b98cae50a753101df9a00a1f6d96886c1a92c4106a6f7eaf6d09a2

SHA512
67bfabf0b5d3fc75b5223a5da836e6909b2af8d98172120fc5efc0b0f6ece72b6cafbdd97ac170bc5357d85a39b15fda7e2df861981d193f84cfca82f360e156

Download Submit
C:\Users\Admin\Desktop\New folder\7z.exe

Filesize
436KB

MD5
3e797119e0fd64297cb82794b8d68edd

SHA1
a67d3b35743f6ca383673a3848b8c97ec164cc0d

SHA256
c7245e21a7553d9e52d434002a401c77a7ca7d0f245f2311b0ddf16f8f946c6f

SHA512
1378c54a3a1c5bd73c04e787d218f245024625003d689379013f1343c7f9e6282d670c3d68edce6006629ca90cddd27ac3f53f640f96c4936bbff319658caef8

Download Submit
C:\Users\Admin\Desktop\New folder\BouncyCastle.Crypto.dll

Filesize
2.5MB

MD5
3551343fab213740bbb022e3a6dcf27b

SHA1
de67fb4f9d58db4a860a703c8d1f54ff00ff9b1f

SHA256
5530dff976bc0c889076b97ca695bdb97ef07f63449d32f893ed32398ed8bfe6

SHA512
e90f51053e1d4b0ea1f7458229de92174abf0781c766290da4de5cc8dfcfb730998252bf28b36ca5070978fdcea8b97f0aea6a47b875dd34173643ac0cb46c42

Download Submit
C:\Users\Admin\Desktop\New folder\Client.pdb

Filesize
59KB

MD5
008329249cc3e88aa1d6b89f409ccd13

SHA1
ab8a5d055e9aef140a19534c718f9b9ab2c379b9

SHA256
d5247c86c7402df8e64573e385ad7353f141dab59abc731fff3fe6a98a63e6b0

SHA512
36fbcc915dbcf19f0067e1089741abbb1910786fd0601cc8662b0b5fe985accf55f89d226004e15570949895363eba65f0d9a04bfa31764da36c5648e58b5c35

Download Submit
C:\Users\Admin\Desktop\New folder\Guna.UI2.dll

Filesize
2.0MB

MD5
0188fce753516183a41c4d146e337778

SHA1
eb0f5324e8dd08a181d4bdfc1d90543077b2ee67

SHA256
ee4449bccf826cbc56c13087d54a1a69fd42464d437ce8f355ac6afb61df6829

SHA512
b3aafc9a80eec37556f4e60ab23579dd7d42c060b3ca2064d6d0c16901b54500503750868bef651a01401551551e372ac9fd459029c5d0efdd2aa385384916fc

Download Submit
C:\Users\Admin\Desktop\New folder\IconExtractor.dll

Filesize
10KB

MD5
7bcf61e29e5cbcd1b81d9ab72cbfed93

SHA1
d082613177dd1711c18426d4f83921dd932bc7b1

SHA256
2c359ce857982f45b09af49dbccfb2ae302839acf1956e8325e7f854b339a8c9

SHA512
ce84af38dc63374d304d4e3b6c098892588df5ca5e921505c410b2a24ec0137dbc3120bc713cc0e4bf7836c57b7db224dd3264ea454cbfdb1ef78c9ffb19b6d9

Download Submit
C:\Users\Admin\Desktop\New folder\Microsoft.Win32.Primitives.dll

Filesize
20KB

MD5
76b8d417c2f6416fa81eacc45977cea2

SHA1
7b249c6390dfc90ef33f9a697174e363080091ef

SHA256
5eaa2e82a26b0b302280d08f54dc9da25165dd0e286be52440a271285d63f695

SHA512
3b510cdc45c94be383c91687c2cb01a501ba34e3fbb66346214fc576d6f0e63c77d1d09c6419fc907f5b083387a7046c0670377ad2e00c3ec2e731275739f9c7

Download Submit
C:\Users\Admin\Desktop\New folder\Newtonsoft.Json.dll

Filesize
492KB

MD5
5e02ddaf3b02e43e532fc6a52b04d14b

SHA1
67f0bd5cfa3824860626b6b3fff37dc89e305cec

SHA256
78bedd9fce877a71a8d8ff9a813662d8248361e46705c4ef7afc61d440ff2eeb

SHA512
38720cacbb169dfc448deef86af973eafefa19eaeb48c55c58091c9d6a8b12a1f90148c287faaaa01326ec47143969ad1b54ee2b81018e1de0b83350dc418d1c

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Audio.dll

Filesize
25KB

MD5
025864d133e416f144030cf22ea9f2c3

SHA1
6be2cb2454335f0de00799000f65c5cee796c185

SHA256
1323a7212239513270077e07cb436af721acedb0c21c99b06c163a230baaa50a

SHA512
ccda6ef9847f89e53adaa637c7f762be22506b8b6bd2a5538b6622c33f3244f9c491e39e7df7512b5edced3d0395e4541b182f7da6a254b8891b9d64d71538b2

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Chat.dll

Filesize
456KB

MD5
8fc1192cf52f55ed5efb5e12210a37bf

SHA1
dbcf714d0d9b0fe44bdfe2ee150227c2a0e7c387

SHA256
dfa246c2763bf5df442a81128b3587f7bf530e4327f631cdd4dd79106738cf31

SHA512
74603de6069cc6bf02afa5cfc3ba1493240bcb7c74fcbd53219448134b79fb5ebefc1dec61ac4c6a04c56dc6d986887a4a68d87ae1dc07ba6d1d8b8afc9d480c

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Discord.dll

Filesize
27KB

MD5
b591cff18fd7344243cf8a4eca624a65

SHA1
29f9134bb33d429d27b87e6f2112b6753e1dcae4

SHA256
6a43095314d5e32db307eef638d2f5afea7dd40ff6acda24fc28ce0c1632cb6a

SHA512
ae1aa8db37182a4b8ee06249da6304c1c105adf06b2091cf24b3e79ad1d6d1a6eaab12bf059cd86deb04b7084d563a25d5bbef6ddf7857c1a34fc0e0032664fc

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Extra.dll

Filesize
34KB

MD5
17db58471bf45715ba46b5af7920d676

SHA1
0ab236a6d554597dac8fc40fc3e1a29f905c0275

SHA256
dae673b838de497c1aa8a558d4dd5963d90e8b21538cb0d9adce585ef6fbc915

SHA512
29432c0d19be6ae8c8ab68ab1a7c4007d502222b329f9a0bfb994427f182028aeeacc199dd27334cdc0adabbdee7a07a3d24826ed67b05711c2370a4b7395265

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\FileManager.dll

Filesize
34KB

MD5
dab76ee6ff2548a9bd45c0e582f4d90a

SHA1
70b0e615c1728aa8198dd4be4899fd883bffa1d9

SHA256
50f93055604c7418fa0e5536afd0b4d535db752b5e7edf588cbc14c1570613a1

SHA512
431f38a2b08c5d9f9914a05eca7a32084b3b33d473cedb91904776417c49d8599ec81c905a857a118e8d6b39a200accd14b1c21a35b1faea760084fd75967501

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\FileSearcher.dll

Filesize
280KB

MD5
a186a27b6e893b60bf236120a6a329a7

SHA1
9186d71d524f2716c7ad3e934e134aa68366006e

SHA256
a91d0552200064646768b1fcd393568ca6144279ef0543aee6a74c4d11c34f49

SHA512
f5acc60bdcf71eea700af6c6372e68d58cac1008a6fc2850dcde1c59310cb84527725740f646be4a146adde6f0878781101670ce922c3566b34262da857aa847

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Fun.dll

Filesize
36KB

MD5
e07004ec43ed994b9a11999145f5a43a

SHA1
00cba09ae5a38dcfdbac1a8cff9cd1fff2c0b3e7

SHA256
2b25c33a033bdc85ea4db8c3ea89bbfc7d1a1dd80d21a1835bba5672759efdd9

SHA512
39948577cf0185ffbda3c2757c7fa746e41a169ca7fa0a3718cc564fbbec439b047bc540fbd5ac59908965424ef11f6564d9795b101bfc58656247e76b0c88f5

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Information.dll

Filesize
27KB

MD5
a7670d3509baa51af6566b93b185b854

SHA1
2b322b936eea3dd5414efe589acab3cb49dfe9b2

SHA256
9fbfd1036e579edc9498625e86c45743e4ad8ecf5960f4a87a9402ba1236448f

SHA512
34999ca9b71de6ed4a3cc99177ee472bf90af9282a095d2cf6b05f17e896f518b46382aee021b540f5422c0997680023206b1281013c468a72116cb646a89882

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Keylogger.exe

Filesize
10KB

MD5
4f846f2117c4eab285289b0090521b1e

SHA1
e25287c39bad32159417c5f0bf798625b6beff45

SHA256
a17a5bf35d8b784c3111632ba7e0c30a2c1a9c2c95b549235affc16d6d055477

SHA512
fd946b5f7c3c7d32f226897283de7ba3b4a4ecc2919c363877f1258cd24ed1a52bce53af2fe4ef34c4ac30d00fc456fd4e1593b79c37f7c22211f2c4f6092e5e

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Logger.dll

Filesize
28KB

MD5
3717491f7b1a90aaa5f271ab14147a9b

SHA1
bced873bf58c79d2787d8ea501e7888b260d36f6

SHA256
f744c46e4c678d65d9682a0f42dc2b82277ea2d879eeb3d708fb70af2af40a94

SHA512
c45dae23e4fe7524aba823a834b6882572d4de10034291b81236fe6a44457e4d8fbc935b1d673b6b83260925f76ba1a0ae156eca4626b795f10b1a1e4f327a31

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\MessagePackLib.dll

Filesize
18KB

MD5
aff009b639ba8794200e91f7ea8915d9

SHA1
772ad6e739b1c85e09a3c2e0dc50797a8352ee71

SHA256
007a50a1275964e14abecc461549ae495147417d601c5900f3105330bb2e4a4f

SHA512
2f68cf7805c8360d343c97ffd734c7f277e5949b7ca74e2a5a39c821eadc32415bf1c737b9d424003b5040260c9fdf6ae4eeba14378a2f9f8ddcdd23aa42bfc6

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Miscellaneous.dll

Filesize
85KB

MD5
8ed27058380bfe4ed4b7a761209ad623

SHA1
4787a6d8d7a55f214d953a37718f942155e800ba

SHA256
588ed6232c93d2e18a40051b02b6e0b0c2ce252b897667d5c6134166206c7396

SHA512
c31450e4f33eaee44e59711129ca4c1207724bcbf2f79c39e077589fee0151f123aed8d95ed2ff9519b0faf2fd1befd4ec1aa9f5698c501351124be7711822e1

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Netstat.dll

Filesize
27KB

MD5
f0da85bd2bda4f27567910b80481b920

SHA1
4363e72fdd4de82b36ba248c899c3bcbb02399be

SHA256
479371c859f9e18a38b0832cc49b817cbec3970d1820badd5e274a7809afdeea

SHA512
237020ab90c043b34053eb551c4e2bc8bab1243e545e747e433dbec409caff289c424cc60a3068eeed0a101d3b5181d74bee6f7155b35439193b9ba018396f90

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Options.dll

Filesize
377KB

MD5
0fd19be97a94b00e440d14b06449cf92

SHA1
c0ce1911fe5ddd5d9b9446b16df6c51a555e5415

SHA256
0460389a3845a271ba5d65b30b66c57458f2373d75aad94e92416d772d06df5d

SHA512
1049d90236b43a617ee3ede56ed175a39d1bf090ad1469f9edf71d91fdd7267b1aacdd3303a1ead11785aed2bc31dbb9fb1b2f15461cc793c7ab7c8b8f31e9f5

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\ProcessManager.dll

Filesize
27KB

MD5
97a477186db32bb9020166069dbc25bc

SHA1
bb1eea629845e6adfcc8620eb80027c8ad145942

SHA256
e7d1a49c2c1ebce3b465f5a97d1771bd7681a263b676b0311a3ad9e58b87e1f9

SHA512
1e17734ff635b555888e686c5fa6bd8e86568bf45885c407bf2afbb96c95864781cd2274f99322df0d3683b5df504148f941dcc689e50d6b829db5a4f01e021e

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Recovery.dll

Filesize
1.3MB

MD5
902c646c9cfad54cb1271b8d4db4ce10

SHA1
96776a4cbe93a5e1a8a4b52a4a03172a27429a59

SHA256
d446330954f19467b8e8b09b4773781c54292c2a3dbdeab27619baac0664074e

SHA512
f3c7437888ca312ac5b617d0f574839a740735abfeaf07817e0baa62a372f84f16b932aa4d6ba60e8f040b2ba9a4bc45b2c7ce05a0a1a471a18b5aae17fd3d76

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\Regedit.dll

Filesize
282KB

MD5
f5f2798e0ea216d11aedb8257b7cdfe8

SHA1
d8974a91f8c37a6096aba1c58f891533590a0718

SHA256
0e9445775af2f2377469ccf463ffae76290f74ad6bfa324cbb0b156d971bc32b

SHA512
d8148ada3a46e37f78ff40d23565cd020eaf65b9e62ddaf0be0ee1397966601f3452cdd8a6b655c52998919aaefce78fed804a3561322befcbb127e1bcc44e4b

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\RemoteCamera.dll

Filesize
109KB

MD5
59361cf454809302313c7a4c2403ba0d

SHA1
37b02bb2c79452e105ef27dba2bde7bbce82cf94

SHA256
4cbce783aff5305afd5e15e60f077ac5dd2b9d40effacf1089d766c02e7fa112

SHA512
4101a25ce5b6951d035f48560560e552f7b252911bd62503867e0ca4f9cd870b48f2400e1cc3a7126eb9d4cf85fe7d6d765cb2afb695de8ccca610f0dfac9320

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\RemoteDesktop.dll

Filesize
37KB

MD5
f75278e1fbfa2def4723a73daec54547

SHA1
5dbffd558e99dbbe66d06efd3fa40f98d66db6cb

SHA256
5bb6b6c1c4a1bcd5b53739f455fa06dc79b05a58c24dda17aebdb19700abf89d

SHA512
1d779ad89fcb5dfc07da5e19f3583740907a2286454413535b9d87943252d89dfda56b675cec302e29986f316eac48f93f7e6edf612d7632931cc55567505e57

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\ReverseProxy.dll

Filesize
14KB

MD5
f83d9cf1d492d2c87e25c4584b0e2691

SHA1
531d83bf531368142fdaf370c30f146ec6bd951e

SHA256
5d360a46eca2f0721cb7b7080fabc41595d9acf25aa787ce76f8dd091a6d8049

SHA512
110c500c23d53abf76eda9addc232479aa6a6d37251a06572144a53ad871ed9a87b9e02d9df9b75654487a72fa0e51be94a2540639a7e176dda572fdfec23b3d

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\SendFile.dll

Filesize
28KB

MD5
38b26e87939cb40613f0aa2fce3372af

SHA1
e455e64391ca14d08f1b85b9747c38c661be3b54

SHA256
072d48161b09b35ea7f698a4dd7708005e2c39ce96fde8dd140da5d3ff900c54

SHA512
7d357ff9a1a3024a79ae1408249eb9941af1a50f21cc81f500404d811bce9f82adf0eabb953896d132dda97a3b3afea409fff39135f8a60c034204b28121e6c1

Download Submit
C:\Users\Admin\Desktop\New folder\Plugins\SendMemory.dll

Filesize
30KB

MD5
dd61babbbe5c58e8c7c87a1795ff63a6

SHA1
f6d2931d2c11a57cc12c2f8bd059e6b4cbba44b9

SHA256
14be9c3ff0aaccd55a2fc7b17fe63009ae3a746c28623efd8a7e66150f715a32

SHA512
724be458c812a8b3f0911418f273622f8a1a2aee7fc8ea52e072fd5be673293b867b551a3b79008729bcd83098619d69cb57468d61af415054f1e97bf43737fd

Download Submit
C:\Users\Admin\Desktop\New folder\ServerCertificate.p12

Filesize
1KB

MD5
9eb35831c5fc4c2faa95c0490da1fd97

SHA1
e9bd2d635feb0ed64b64d20b3443e479cd1778bc

SHA256
676b682456910aec732f9061663309d79b1bd84a8956492881fb45d757a8427f

SHA512
4ce36d18b4c06c7af205413dd155741dfa5de7a5a0058283b54fc5fd09d89323a93d21d0205a252d3f0fe70f30dec8a9133b519c113b2f975c73c0d20a144ab3

Download Submit
C:\Users\Admin\Desktop\New folder\Stub\Client.exe

Filesize
63KB

MD5
6158c0682f86511060619bba0fe864be

SHA1
63a1738c87ba9449b1d572ee470da2b242742643

SHA256
5bf4fc2c4d3115229d60511cad1af48019a4c291ad6144e73393e88e319f80a5

SHA512
baef40b589d8717f419185ad0885173f790394827d72d78520890ae737c7ee1cebe3af062340847cfe705c223669562e7116f48ab11d59654653a0b269026bd1

Download Submit
C:\Users\Admin\Desktop\New folder\Stub\Client.pdb

Filesize
59KB

MD5
008329249cc3e88aa1d6b89f409ccd13

SHA1
ab8a5d055e9aef140a19534c718f9b9ab2c379b9

SHA256
d5247c86c7402df8e64573e385ad7353f141dab59abc731fff3fe6a98a63e6b0

SHA512
36fbcc915dbcf19f0067e1089741abbb1910786fd0601cc8662b0b5fe985accf55f89d226004e15570949895363eba65f0d9a04bfa31764da36c5648e58b5c35

Download Submit
C:\Users\Admin\Desktop\New folder\Stub\client

Filesize
144KB

MD5
f4fdcb900e7af47100ac9e46945fbd55

SHA1
c1d235a9a2cae8d5a8d4f6ceb4eab9417e1b1fb2

SHA256
9160b90fa4a6a9cf22f943dba92cec64e2dc03c2317b5d9ab50a753fc410ce43

SHA512
236eef98d4695a5e1224a87a1dc598639e5c49f6dd192a96cc1b9f8305faa57078deb62d73906a33ba1c1fac4fa5ccc5f344a0f196dbba718b76a36667984ac2

Download Submit
C:\Users\Admin\Desktop\New folder\System.AppContext.dll

Filesize
20KB

MD5
8cc4c7dfeb41b6c227488ce52d1a8e74

SHA1
93702135db0646b893babe030bd8dc15549ff0c2

SHA256
9dc115ac4aadd6a94d87c7a8a3f61803cc25a3d73501d7534867df6b0d8a0d39

SHA512
e4da7e3ae5ca31e566ea0475e83d69d998253fb6d689970703a5ad354a2aad1bb78d49a2c038f0a3c84a188d091696191b04e4a39253deb3b6cb310b72f02f97

Download Submit
C:\Users\Admin\Desktop\New folder\System.Collections.Concurrent.dll

Filesize
20KB

MD5
559c98eb9633c7ba1bc813f8e6e0e9a5

SHA1
311f52b31611e6dc5fd4c0159bfa452c22980ca7

SHA256
cc62f3b867d50083c2932061f20662c698d2e1a741c4d2f9df1fd2d435e3ef3c

SHA512
e241c16869d1cdbb2c6482a7c5b2af93de4ba0cef8185b8826eee35ecb174f35f7585c8ae0320f7f4f6b80f3bb5b3edae2383760f2f35637f03c3a0e38e0875c

Download Submit
C:\Users\Admin\Desktop\New folder\System.Collections.NonGeneric.dll

Filesize
20KB

MD5
45ff71114047dbf934c90e17677fa994

SHA1
526c688e71a7d7410007ad5aa6ea8b83cace76c5

SHA256
529943c0cdf24f57e94bf03fac5f40b94a638625027a02df79e1e8cb5d9bc696

SHA512
29684ac5391268eaa276196a6249364f6d23abfe59bdc304a561cf326cea6cd662fa04c05e15924fd6d3f9e9d1607992b8dcad3f817cfe891580f9d9462fe9b7

Download Submit
C:\Users\Admin\Desktop\New folder\System.Collections.Specialized.dll

Filesize
20KB

MD5
b52c339601cb264f83df72d802e98687

SHA1
8bbb7badaaa912c1f17775e9acdcab389704c772

SHA256
938da38561da54793944e95e94b6e11cf83aacd667487297d428fbce1c06dc9c

SHA512
287f08ab07827570f9f3ef48a6d7e5c186899a2704fb3dbaf36975f6be7b29fb6695a69fab85a6f09bddefb60c79052c3a33cf862651f892eb9d773d880b3af8

Download Submit
C:\Users\Admin\Desktop\New folder\System.Collections.dll

Filesize
21KB

MD5
1d8aafeca1ea565b257384d3f64864b0

SHA1
4d923b100142afa2e0a8b7acdb3a6de6feb91148

SHA256
c2250e9e51b44d8ab8c5b892592766925f6580ee00b95026621d0afb037c2707

SHA512
99e4a226e1fabb348e7ef7c6fa56ad0ce4e4cf5d8569ce21881703dca8d83a1c113fd5f440a4fc9e9b99a04ae8cf4490e17d62ffc09cfac5a45678a4419efdbb

Download Submit
C:\Users\Admin\Desktop\New folder\System.ComponentModel.EventBasedAsync.dll

Filesize
21KB

MD5
6067ecbab3c6dddb6bf7c49c7948caa8

SHA1
5f3da777af01dbc159bd8d9d97d5dc105918afc5

SHA256
22108e32e0b6e42f5f52a4cb17b9b6fa3dfd547ecd9eef9c67226dbec54d23e5

SHA512
9f3e834b8342e0c7aa5ccc993b520d664b03f1f0091066c66067923e1d4991efa03f63908552538c05f423aa2b696de7c76993f71a7564f3e87662cb0fc00726

Download Submit
C:\Users\Admin\Desktop\New folder\System.ComponentModel.Primitives.dll

Filesize
21KB

MD5
2f39655ccfc010e32a7240d9bf5d0852

SHA1
20aeaed12dfb8d71e39687350eb12bc0de372af0

SHA256
bfcd867f71c887429dfe008d7ec5d1853d15b3932d4ce8991694293477b5be37

SHA512
9769e59279a32f29c2f2c6970c81d3ed76fe3421b819ddffc8fa98329f1b45300c737fdf71956672f80f69b3a75727d184f8c421e00b84e94163a86cb744a991

Download Submit
C:\Users\Admin\Desktop\New folder\System.ComponentModel.TypeConverter.dll

Filesize
22KB

MD5
d1699287934da769fc31e07f80762511

SHA1
bfe2384a92b385665689ad5a72f23abc8c022d82

SHA256
0dbb92ecd5dfa7fc258bc6deed4cecf1b37f895457fd06976496926abdb317bb

SHA512
4fef3e1535f546ffdde0683f32a069beeffe89096524c7068f1f5ce8377824f82ae530d3990c9dd51bccaa9e53fded5613fa1174013325808059276dee771187

Download Submit
C:\Users\Admin\Desktop\New folder\System.ComponentModel.dll

Filesize
20KB

MD5
632cc8ad69b76fd9bb5847de1e1439f7

SHA1
2e32d50ec33ec6635681485b754f4e58d434a5ee

SHA256
5e61d755616cb10524f5f31e9b70c65a7fff8e30e25ce711ac8b354d657ab479

SHA512
9ba5cc82573308e5d995ba05bc660fc1c087eb91d8bd7efca6ff838a3c47bd6118d9c92919b2e0dac11a5a27977318c5c819499dc19cd5d6e57122a0749858c6

Download Submit
C:\Users\Admin\Desktop\New folder\System.Console.dll

Filesize
20KB

MD5
ea9376c17ee0148f0503028ad4501a92

SHA1
9d5686cbf45e90df5e11d87e7b90173a1a64b1a0

SHA256
b537313413f80105f143cc144feeae2ac93f44747727de309a71d57d2650034a

SHA512
18d1bb2d5c469644078d75766dbf04addf7d0c543f7ed15ff522ceeaef960900dd8ec68172f5d684b76b0aa6946bb38d641f021ec04c70ad66a6062c10412e0a

Download Submit
C:\Users\Admin\Desktop\New folder\cGeoIp.dll

Filesize
2.3MB

MD5
6d6e172e7965d1250a4a6f8a0513aa9f

SHA1
b0fd4f64e837f48682874251c93258ee2cbcad2b

SHA256
d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

SHA512
35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

Download Submit
C:\Users\Admin\Desktop\New folder\client.bin

Filesize
144KB

MD5
f4fdcb900e7af47100ac9e46945fbd55

SHA1
c1d235a9a2cae8d5a8d4f6ceb4eab9417e1b1fb2

SHA256
9160b90fa4a6a9cf22f943dba92cec64e2dc03c2317b5d9ab50a753fc410ce43

SHA512
236eef98d4695a5e1224a87a1dc598639e5c49f6dd192a96cc1b9f8305faa57078deb62d73906a33ba1c1fac4fa5ccc5f344a0f196dbba718b76a36667984ac2

Download Submit
C:\Users\Admin\Desktop\New folder\crack.exe

Filesize
18KB

MD5
b441b71b1ce23257d6f40bd7555703ac

SHA1
961d3ae7e69b7a39edda340e93986c5a7f89c097

SHA256
eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4

SHA512
e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

Download Submit
C:\Users\Admin\Desktop\New folder\crack.exe

Filesize
18KB

MD5
b441b71b1ce23257d6f40bd7555703ac

SHA1
961d3ae7e69b7a39edda340e93986c5a7f89c097

SHA256
eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4

SHA512
e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

Download Submit
C:\Users\Admin\Desktop\New folder\crack.exe

Filesize
18KB

MD5
b441b71b1ce23257d6f40bd7555703ac

SHA1
961d3ae7e69b7a39edda340e93986c5a7f89c097

SHA256
eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4

SHA512
e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

Download Submit
C:\Users\Admin\Desktop\New folder\dnlib.dll

Filesize
1.1MB

MD5
4d0b771879de85137ee7e5f0d4bb4b16

SHA1
fc32cccd0cd5c3ebd968bcdf48e32a7ea25e9bd7

SHA256
962332e8c8cb459fb2f7dacec5d7a618cc53b1b49bc1740156398c89742f43fd

SHA512
bae39862ea07ebc5c9aa07a7333a880471baf4bf52eebedc03536e45584887eecc1075e0c0171229a54900ab93a66db9f666aa631c160912f538666da8c9e980

Download Submit
C:\Users\Admin\Desktop\New folder\learn all kind of hacking.url

Filesize
121B

MD5
7ade4a739cbd8f44d0ef52a2f1bc6e7b

SHA1
20753d483e1a84cb248ba2c0fb72d44137d7d73f

SHA256
cc7649ed53c65e4851ace414529564fe16801bb2bed4cb15588bfd6b4ac13616

SHA512
5850c3d064c9d616854a47b4bd398b76494f1fbe9b356ec5e15879f97dc67970168196ec6b177fa71d15d25d25757a29319cbf9697f3a80461aa62b431d53851

Download Submit
C:\Users\Admin\Desktop\New folder\netstandard.dll

Filesize
96KB

MD5
0adf6f32f4d14f9b0be9aa94f7efb279

SHA1
68e1af02cddd57b5581708984c2b4a35074982a3

SHA256
8be4a2270f8b2bea40f33f79869fdcca34e07bb764e63b81ded49d90d2b720dd

SHA512
f81ac2895048333ac50e550d2b03e90003865f18058ce4a1dfba9455a5bda2485a2d31b0fdc77f6cbdfb1bb2e32d9f8ab81b3201d96d56e060e4a440719502d6

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\.signature.p7s

Filesize
9KB

MD5
008690efa5dcb142f17bf7f97461df25

SHA1
4b56b9178fc8ec56d9f60ee950edbe5379d99c0c

SHA256
96070f8dc2b0ff9bf0d4ae6b78fba4576ca91eb463ec82587bf2a7d933607104

SHA512
24174c7689ea03dac11c60a5983c2e2de29a9adb91a1bd0c661252989a604e88215bff647cb0ef8add15901917b2d084a6bfd34a3801fb3d89729e4a457c0390

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\Vestris.ResourceLib.2.2.0-beta0004.nupkg

Filesize
339KB

MD5
849b21794509f4f0f1e0871e9b414bb1

SHA1
f6314c42531dfe4a4564d98a67524b2deeca03c7

SHA256
7296ba826122f5130cbe9f9adf364175a900c34b7803eca7ea4dfee2b0c74ea8

SHA512
065cbf826a3e98bdfc31a1a3e0f5677ab806ecc17167936dafc53105014972d27956770eabbb9703c867ac7cd4261e8cccb73af634836a84aa64656d4c60c721

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net20\Vestris.ResourceLib.dll

Filesize
76KB

MD5
2e565b9ecc88100e5815d3fec51311a1

SHA1
41db669f884a03217eea2d6082912d61f1fc2d23

SHA256
6861251df743827aad59af9dbc68b4f43b191c2a0857d222d28a82a9e3aa944a

SHA512
c61b90da4427b5b6005f1b1a7355c6972adfa0ba3818bffeebcdf54f0db13308dcf428455de212b77b22a19b6f41837522a2e316f28daffd71b38276c956c926

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net20\Vestris.ResourceLib.xml

Filesize
286KB

MD5
5d2dee455b4003b6624b6dd890edb279

SHA1
4cdb025c8c5935bfc49871fca80fc4a346acd579

SHA256
02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6

SHA512
90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net35\Vestris.ResourceLib.dll

Filesize
76KB

MD5
4aa661efcbae2aea7050adbeec022d46

SHA1
3f1862f14ba7eb63fe3e24a78dc83a51fc676c7b

SHA256
21e08e7cf51fbe7952f8cf88b924947fd12b01b1ce3405ce2bf6914479f72fc9

SHA512
dda55ffe2345d3222a2bfdef7ad2f904fcabf3d76aefafb9998ba540bc347491ab9d8b7ee55cc94982544f3a7508952809ad7a159fb0cf62697dffe4edfebe11

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net35\Vestris.ResourceLib.xml

Filesize
286KB

MD5
5d2dee455b4003b6624b6dd890edb279

SHA1
4cdb025c8c5935bfc49871fca80fc4a346acd579

SHA256
02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6

SHA512
90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net40\Vestris.ResourceLib.dll

Filesize
76KB

MD5
1d4ac765c46e8474583b3bbeba088f74

SHA1
8f2db7e48158a88d9fa49b888a4b20f93c8b2e0c

SHA256
3b3c0be681d7603cc1c5e3c5f1d8614a582dd82b2465f7f42d79c5ae57f7f642

SHA512
cbdca62b58f8855c92edbda5d926787157c16cf46ab5f8d5cad23176fc1157f19531347c4426de5a7e12198eba440ee69d06e46dea1efc6f1e5fab9b4764a5c7

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net40\Vestris.ResourceLib.xml

Filesize
286KB

MD5
5d2dee455b4003b6624b6dd890edb279

SHA1
4cdb025c8c5935bfc49871fca80fc4a346acd579

SHA256
02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6

SHA512
90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net40\Vestris.ResourceLib.xml

Filesize
286KB

MD5
5d2dee455b4003b6624b6dd890edb279

SHA1
4cdb025c8c5935bfc49871fca80fc4a346acd579

SHA256
02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6

SHA512
90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net45\Vestris.ResourceLib.dll

Filesize
76KB

MD5
22fbd571c82399e06e0a7321eedef722

SHA1
ed5aa859dc8141d93a2bd8a8dd14fc50391b66db

SHA256
c05a6f13106e2dd10ae279c3435fb63fbabdc328f94d8065231c3cacfff5fc4b

SHA512
65aa846054a2b0c0dcb2db15273269d8514e000ac67e71542f910d8f556a0ea11e5ab5400b7f2026e5e51fef185d8e12379ac52fa4788c8940727a3721d134d0

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\net45\Vestris.ResourceLib.xml

Filesize
286KB

MD5
5d2dee455b4003b6624b6dd890edb279

SHA1
4cdb025c8c5935bfc49871fca80fc4a346acd579

SHA256
02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6

SHA512
90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\netstandard2.0\Vestris.ResourceLib.dll

Filesize
76KB

MD5
61ddea15b7ac8c8f92893ef321867d27

SHA1
ea6835a6616f8a3dc07f82eb70111520a7b78c8e

SHA256
372103129856911388bfea0dc0d6934b645223e3e3e4e8280228abda9382030e

SHA512
1ee0196a52e50339b9d0fc68036a58f826b2be1095360ef299d2be5bb9a9a56c46f163094c912115f6c80b200caf6bcef74ce6ad45fbb74fb8f80d33d6ac3eb5

Download Submit
C:\Users\Admin\Desktop\New folder\packages\Vestris.ResourceLib.2.2.0-beta0004\lib\netstandard2.0\Vestris.ResourceLib.xml

Filesize
286KB

MD5
5d2dee455b4003b6624b6dd890edb279

SHA1
4cdb025c8c5935bfc49871fca80fc4a346acd579

SHA256
02b4fd6d46ffc9411e4688a5b088fbc7d34062024e1c93637535e093319c35b6

SHA512
90f0123b6300a2fe53b7da8b50253c5807950da96dd0010e2494cc9f14d339d7a131c9653f29a585c2647634537cfbc1a1d84debc33a1b96bf7f01b88eaedee9

Download Submit
C:\Users\Admin\Desktop\New folder\protobuf-net.dll

Filesize
269KB

MD5
4a4756e227c10623d81228bc4bc49c1d

SHA1
964014f538918d85f6eb6a7b4023b304067b28f7

SHA256
042b8c1c1e0eb7648b164ee48c95168c48324f1fb439cabd5f2e41db0938d807

SHA512
93d2c6f47c618dc9493f5a538cbfb5a32c1e3bb35a623b51561057245f2fa557c452ee18ae274182c3e0440b77353c5490d196f16eda142b6129e8d1108e5a04

Download Submit
C:\Users\Admin\Desktop\New folder\readme.txt

Filesize
740B

MD5
4dc812ec4ed8b9f6b117eebf783d78cc

SHA1
4f17b61b3693b3469e61781af895e7e437a6e5ad

SHA256
8746b7b6305d3fd5d986fab51e9db647319b5673bb96b7d8082e416ab2508b03

SHA512
92c9215d387f0c29147d69d47f4a07ac1f093504eb14e63160838001d179e164c51efe1459a269a396263edf6bc1c4faea206671591ee728b907506f034c7d15

Download Submit
memory/3908-458-0x000000001D050000-0x000000001D060000-memory.dmp

Filesize
64KB

Download
memory/3908-457-0x000000001D050000-0x000000001D060000-memory.dmp

Filesize
64KB

Download
memory/3908-454-0x0000000000900000-0x000000000090C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads