hxxps://cdn[.]discordapp[.]com/attachments/1212056864834195568/1212056914460942346/Havoc-Executor-V2[.]rar?ex=65f072f7&is=65ddfdf7&hm=37e0ea5e2a65279df32288a26c3669685e8faa1e5fd3d751dc34210a64534d45&

Analysis

max time kernel
1777s
max time network
1519s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1212056864834195568/1212056914460942346/Havoc-Executor-V2.rar?ex=65f072f7&is=65ddfdf7&hm=37e0ea5e2a65279df32288a26c3669685e8faa1e5fd3d751dc34210a64534d45&

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Havoc-Executor-V2.rar:Zone.Identifier	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5056	7zG.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	2256	firefox.exe
Token: SeDebugPrivilege	2256	firefox.exe
Token: SeDebugPrivilege	2256	firefox.exe
Token: SeDebugPrivilege	2256	firefox.exe
Token: SeDebugPrivilege	2256	firefox.exe
Token: SeDebugPrivilege	2256	firefox.exe
Token: SeRestorePrivilege	5056	7zG.exe
Token: 35	5056	7zG.exe
Token: SeSecurityPrivilege	5056	7zG.exe
Token: SeSecurityPrivilege	5056	7zG.exe
Token: SeRestorePrivilege	2472	7zFM.exe
Token: 35	2472	7zFM.exe
Token: SeDebugPrivilege	2256	firefox.exe

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
5056	7zG.exe
5056	7zG.exe
2472	7zFM.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe

Suspicious use of SendNotifyMessage 11 IoCs

pid	Process
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 2256	5092	firefox.exe	25
PID 5092 wrote to memory of 2256	5092	firefox.exe	25
PID 5092 wrote to memory of 2256	5092	firefox.exe	25
PID 5092 wrote to memory of 2256	5092	firefox.exe	25
PID 5092 wrote to memory of 2256	5092	firefox.exe	25
PID 5092 wrote to memory of 2256	5092	firefox.exe	25
PID 5092 wrote to memory of 2256	5092	firefox.exe	25
PID 5092 wrote to memory of 2256	5092	firefox.exe	25
PID 5092 wrote to memory of 2256	5092	firefox.exe	25
PID 5092 wrote to memory of 2256	5092	firefox.exe	25
PID 5092 wrote to memory of 2256	5092	firefox.exe	25
PID 2256 wrote to memory of 924	2256	firefox.exe	88
PID 2256 wrote to memory of 924	2256	firefox.exe	88
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 5104	2256	firefox.exe	89
PID 2256 wrote to memory of 1476	2256	firefox.exe	91
PID 2256 wrote to memory of 1476	2256	firefox.exe	91
PID 2256 wrote to memory of 1476	2256	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://cdn.discordapp.com/attachments/1212056864834195568/1212056914460942346/Havoc-Executor-V2.rar?ex=65f072f7&is=65ddfdf7&hm=37e0ea5e2a65279df32288a26c3669685e8faa1e5fd3d751dc34210a64534d45&"
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://cdn.discordapp.com/attachments/1212056864834195568/1212056914460942346/Havoc-Executor-V2.rar?ex=65f072f7&is=65ddfdf7&hm=37e0ea5e2a65279df32288a26c3669685e8faa1e5fd3d751dc34210a64534d45&
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.0.439985913\936269385" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3af8d00d-0d82-46b2-85c5-d71113961aa9} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 1952 2bfff2c3d58 gpu
    3⤵
    PID:924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.1.7380690\323196354" -parentBuildID 20221007134813 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbe7a11a-202e-4d38-9dd0-02a0c0a58bf6} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 2376 2bfff1e9458 socket
    3⤵
    - Checks processor information in registry
    PID:5104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.2.594231703\1496717262" -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 3176 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17c31891-7fb0-4a0e-9dbb-105b98620b17} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 3216 2bf87ae8c58 tab
    3⤵
    PID:1476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.3.2019361798\2115290593" -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3604 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95f42718-a6d9-4744-977e-637f2d2bfec8} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 2768 2bf8678cb58 tab
    3⤵
    PID:2664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.4.2030790638\1320992002" -childID 3 -isForBrowser -prefsHandle 4800 -prefMapHandle 4864 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {088fd835-4bdd-44b7-aa28-24adde8fa581} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 4884 2bf89c1f358 tab
    3⤵
    PID:4744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.5.1298805130\177075995" -childID 4 -isForBrowser -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 26246 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77a47245-8b24-4a7f-a55a-81b0eda69ab6} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 5496 2bf8639a558 tab
    3⤵
    PID:4632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.6.1963449610\1130731299" -childID 5 -isForBrowser -prefsHandle 5668 -prefMapHandle 5696 -prefsLen 26421 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2544fa56-296f-4675-9f50-817a1d9ae13b} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 5752 2bf8b325658 tab
    3⤵
    PID:684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.7.1708101506\494036554" -childID 6 -isForBrowser -prefsHandle 5392 -prefMapHandle 5132 -prefsLen 29743 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3401759-81db-4015-a287-35b7ed8ccdaf} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 5144 2bff710a858 tab
    3⤵
    PID:4112

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3200

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Havoc-Executor-V2\" -ad -an -ai#7zMap11775:96:7zEvent22730
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5056

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Havoc-Executor-V2.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\entries\83ECE6B23DB03DCCDA2384FAB3C58334CD5B6B6B

Filesize
57KB

MD5
18df1d49883f4058c5bb71d4a76d01cd

SHA1
a4c4af40c4395dd94e5c0b78a60c167b0939ea3c

SHA256
3257e9193bde93ac27a6768cd124e79c00bd431ed04d10e42c32d4ffe686a5ad

SHA512
5c0d5f7d1599f3cb549dfbc3da894fa22e5c08288dc610cac8778295fd381ac011cde46744943ff573207e08e0e2c339c7905f638d58d2dde87483a9f963691c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gaix9yhh.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
7bc3e8002d43c42519f182cd0c1c35e2

SHA1
14a09228be3f938eb9b757e6cc143a360f37a7bc

SHA256
adbb2c6fe82ccd50e3f0545122c469d6736a95fb80df4305c461deefc45f12da

SHA512
dff851620b18b1cc39f00b885f977a7996e1ed75842792e822fb25de03d2f2c1af8401bd86cb62932ee91d7d726087168dc2e78c9ef5f58dbc05643e1f7b1d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
6f871f4da11cabc0546ab485409004bd

SHA1
f11e15ac01f11465db6049a89350485a1a4439c1

SHA256
3e85c02c90138da2f70b2ed806cbff98cb2eb64e452481be644feb29d6048035

SHA512
7e81634a41ffffc01aafa3d897fd9d4d0e3678381dd2c7b89e14680d69fc8bd6ce1f3f4541077ccdd6dbbd09484016a6bb3375296a49b61e4e488ad86a7f10d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
e1e110d8dac9c7d5b4b9f10304ca322e

SHA1
2cc6f29e6541a968140ec17f0cbaf83bc57d1f89

SHA256
ad02f2f0ef8db3e2fed6062710337db6c87d5dbc01cdf83ed68aa34cf86ea091

SHA512
26431b1161073a3f78387d0c9067ae35127cff5d2c32f494e3856c6d5d9419f3caa754df934872b28aa34bd5e4fa2e7257ece18ab3cf32e6f8bb6e73c2a9339c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
5d3e746af660c4ec3023cc9defc9e8a8

SHA1
abdb741bd6ca627023ee288c53268f350f12b5bd

SHA256
c7c089ce04bebdbf6ad43fcdde6e23599a05ffadfe39b4965b7cc1ed22bc0a8a

SHA512
7e1efda0c9aa7fad0ab3b711e62c736364a1c67ec575c31264caf73503bbaebd7035c53c625e726d021ff3f3383011cee7918232300620d1ab9cc38e5a0cbe77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\pending_pings\0a15a675-0434-41d2-87e3-5f75da60c5ef

Filesize
11KB

MD5
32e107ee1efd1185dd831715f637cd4f

SHA1
b58d779cee76462965ee9e57784e53a5c12cf086

SHA256
37c41222978171cb29cc194517ff2d2c7b0808e2702b2c8323a0676a5bfa068d

SHA512
5978bcc2d2d32bd0fe97e4661cca312be5de499aebf6474cfedcde870f74beb881893e578a316508e20dc08d32ada39bc93c39b2bc264e226433ce6ba83f862e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\datareporting\glean\pending_pings\b7c91a74-2cff-4a82-8a6c-cb7a90794ff9

Filesize
746B

MD5
f416c6f35aaf253ddd0889f28a5b1943

SHA1
f644b1632fe58b226da381e92c1a525d5a11cdbe

SHA256
d188909539a51d50958702b56741db9f85dab33811d18c24c63cd6d3ace838e9

SHA512
6b5ff01c21c4068b95fe265309c4cc79ecefb45c2e882595b21c7ea33f57f98850c0ae8be5d1e3fa7d59b413c657381722ed74b34ab242c2977197f2c97064a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
10KB

MD5
9fd570d43ae3bce15f8fa22bca43f41b

SHA1
ddf52d6ffb452fa11c5725d36a7b8a9b907a2095

SHA256
a3dc4cbc0ff8ec250d3288106ba84e955135b0a9230cab3c47c28cb0aa4371ba

SHA512
d27cd9050919481b93fdb57469ad60613fff0421926f911c0557ecb6c86ab7fba14621f6b8cf043dad7f26b502b4319a536abe98b45ae1ffb89ffc26b2c877eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
7KB

MD5
8c933c2a57271e258b287b69fba132c7

SHA1
27293094cd9fbc60d2203a0d0eeafb0be7f10f03

SHA256
913f199281ee314e07c83036accff091debefacab7701b33e67de4a89d6e4aa4

SHA512
351cbd5c0b067843820fa64f106db8e13c77cade8505fff9bc816b6b818641bb7cddce394fe0a3545bef56385cebe5ea37143fc13e8f94da6754b00ffb1651a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\prefs-1.js

Filesize
9KB

MD5
521e110d3d779f8630c4f1287f88d3a6

SHA1
ebbdcd2d49c2f16e096f4a202e6c0e2929cc38ed

SHA256
1888ce207b85fd8acf6f43e376b544de1e7b8b001459b3ec0ef5cddb2eedbb6d

SHA512
ad2b1ff9804d851295b33e99cc766c7f22e96756727097df59461469a64c0aabaa2abd470a9faf2db65b3e6b4ba13f84a49f2412e632463dc2cf6cea8a058d70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e9bf5e0828447ee9a0a012ff6fd78679

SHA1
5e39c5d68619b02e1bdac18ddb690536e40a77a7

SHA256
d44f6ce6d5e02a6a0614c4410d42a143da4473ef296f95cad6c89d57e9f1ed51

SHA512
0e63a1d43672fca0d5551ab855640fa5890cf85f40a6109ed7ed850457774c39ef72dbf3a1db22cb9ad5ec6e4fc98aac773e89d9f37ea6dfbd17771e17e62789

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c8f64dcfd3f8b6641028a20d16c83fbd

SHA1
58c1b58ecc8496197245b8d69befd7bd273b835b

SHA256
3b132863083d31ab51f0e9468a01d4ad42f453b0f9979afbdc46c6ee3324a5ac

SHA512
4f25c4da1fa36f6fff947f7ba8cba021ed2f8ee067a3b5bd63449863a3d57f58ae53619e7ed49e0d12a333634618a55a0e133074d8baebf1bc09a58a4c735a49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d3d41d019d699c445245494402428fdc

SHA1
574f0edf7d15f5e54fc679e63b6cdd1bb29595a8

SHA256
6a3f0decd6945d4974cc8996970d58ae80e51ed6ef03c5acaa60b3ee965248b7

SHA512
0e0ae655d15499fbd63e15b6079be17ad137f1f5d6f607005791891105f1e62a2f4a2e4f8a7765126208be87e230315c82ac1b6be1ed2078d3dcce6c8a64804a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
76f1b266d45f33e405d244f726dda9eb

SHA1
91f7f397fef29828fa3a0f7f86e2cbb7e7de9ae4

SHA256
af46436eadb80ba1fad49ea9da16a910a809c587e84f603f9e3bc35b2ce4e311

SHA512
1cba05da4d90d783ea544702b89b1a663f03ca9a22d038c88e43e89f7a6c81f9aa3cb6bc2ef4b6fa0313f5c311321d12568711fde87d22a748f7c29b4a4b9a38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
3dfb8f2ac7968dbb029384a2f76101da

SHA1
1b4f88896672604c152461669257e8129aee2ece

SHA256
742f505b6dedc0b0b1ae53927a69bcaf688ed7dfb526c36293664dca4839cb45

SHA512
f9354bacb27f8ad51535fb102f77f17e58a339978b6a569b0003035928c50ab8011a44206b8f0c8bead28ead743109bc9ba9c5240c16402e092d32668c45eddc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gaix9yhh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
2cbcd3319ba67306337611d34ee98e9a

SHA1
3111526bbea4271808ba8205156c182e58aae2d6

SHA256
34af9eb07f4a2eed6899c86acc00e2007d78ce74aa38e61dde048cf0c542f317

SHA512
2861ae57dc8e24536336ecf5333aad37e765bff97add6e12b57dbb0eb1344c075e6ebf56dc71df53f224cfcd4f2bd2573e54504fb033ba3f8fc387f8b2190e5e

Download Submit
C:\Users\Admin\Downloads\Havoc-Executor-V2.GhqNKSYv.rar.part

Filesize
382KB

MD5
ca4542342c0b36938118c04da96eed93

SHA1
229e9f5caffe11cd69772802a6056dd2e38998c1

SHA256
35e0199fd3c3d85bad3a4c80b8c3e69055a1f145f4d7f0783908425bdb2365e4

SHA512
47d49747a7980c18fac00f744ab272a72d35aa86e2d93d5b3682463b6aedc01ea7c5226a60f4e1e6b81f10847bdc7d1aa94ccaf53f202248fadc1abeae55ff8d

Download Submit