hxxps://cdn[.]discordapp[.]com/attachments/1212056864834195568/1212056914460942346/Havoc-Executor-V2[.]rar?ex=65f072f7&is=65ddfdf7&hm=37e0ea5e2a65279df32288a26c3669685e8faa1e5fd3d751dc34210a64534d45&

Analysis

max time kernel
1703s
max time network
1676s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1212056864834195568/1212056914460942346/Havoc-Executor-V2.rar?ex=65f072f7&is=65ddfdf7&hm=37e0ea5e2a65279df32288a26c3669685e8faa1e5fd3d751dc34210a64534d45&

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Havoc-Executor-V2.rar:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1964	firefox.exe
Token: SeDebugPrivilege	1964	firefox.exe
Token: SeDebugPrivilege	1964	firefox.exe
Token: SeDebugPrivilege	1964	firefox.exe
Token: SeDebugPrivilege	1964	firefox.exe
Token: SeDebugPrivilege	1964	firefox.exe
Token: SeDebugPrivilege	1964	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1964	firefox.exe
1964	firefox.exe
1964	firefox.exe
1964	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1964	firefox.exe
1964	firefox.exe
1964	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1964	firefox.exe
1964	firefox.exe
1964	firefox.exe
1964	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 1964	3192	firefox.exe	51
PID 3192 wrote to memory of 1964	3192	firefox.exe	51
PID 3192 wrote to memory of 1964	3192	firefox.exe	51
PID 3192 wrote to memory of 1964	3192	firefox.exe	51
PID 3192 wrote to memory of 1964	3192	firefox.exe	51
PID 3192 wrote to memory of 1964	3192	firefox.exe	51
PID 3192 wrote to memory of 1964	3192	firefox.exe	51
PID 3192 wrote to memory of 1964	3192	firefox.exe	51
PID 3192 wrote to memory of 1964	3192	firefox.exe	51
PID 3192 wrote to memory of 1964	3192	firefox.exe	51
PID 3192 wrote to memory of 1964	3192	firefox.exe	51
PID 1964 wrote to memory of 5024	1964	firefox.exe	88
PID 1964 wrote to memory of 5024	1964	firefox.exe	88
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4888	1964	firefox.exe	89
PID 1964 wrote to memory of 4196	1964	firefox.exe	90
PID 1964 wrote to memory of 4196	1964	firefox.exe	90
PID 1964 wrote to memory of 4196	1964	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://cdn.discordapp.com/attachments/1212056864834195568/1212056914460942346/Havoc-Executor-V2.rar?ex=65f072f7&is=65ddfdf7&hm=37e0ea5e2a65279df32288a26c3669685e8faa1e5fd3d751dc34210a64534d45&"
1⤵
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://cdn.discordapp.com/attachments/1212056864834195568/1212056914460942346/Havoc-Executor-V2.rar?ex=65f072f7&is=65ddfdf7&hm=37e0ea5e2a65279df32288a26c3669685e8faa1e5fd3d751dc34210a64534d45&
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1964.0.1358500885\1206483324" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3466859-b010-45f4-9804-fa79db48241c} 1964 "\\.\pipe\gecko-crash-server-pipe.1964" 1960 1b27fc91b58 gpu
    3⤵
    PID:5024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1964.1.1713114455\416468065" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8a1bf06-f847-43bd-88e1-d1787cdfe5e0} 1964 "\\.\pipe\gecko-crash-server-pipe.1964" 2388 1b27f0fa058 socket
    3⤵
    PID:4888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1964.2.1391784980\1568110651" -childID 1 -isForBrowser -prefsHandle 3172 -prefMapHandle 3024 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af5562a7-2835-47d6-962b-7e340f34955b} 1964 "\\.\pipe\gecko-crash-server-pipe.1964" 3004 1b2030cb858 tab
    3⤵
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1964.3.494934181\868406854" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 2748 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3eb7b71-d250-4ef4-9e9b-ed99c06b00c5} 1964 "\\.\pipe\gecko-crash-server-pipe.1964" 3572 1b20443be58 tab
    3⤵
    PID:548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1964.4.900783903\1396717275" -childID 3 -isForBrowser -prefsHandle 5408 -prefMapHandle 5456 -prefsLen 26340 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e026cf7-4db4-4ca0-a551-86420f69aebd} 1964 "\\.\pipe\gecko-crash-server-pipe.1964" 5468 1b206362a58 tab
    3⤵
    PID:1484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1964.5.107906411\1896463095" -childID 4 -isForBrowser -prefsHandle 5604 -prefMapHandle 5608 -prefsLen 26340 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56d96eab-d6fa-43a3-a55a-1a003fb45e62} 1964 "\\.\pipe\gecko-crash-server-pipe.1964" 5688 1b206364e58 tab
    3⤵
    PID:5096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1964.6.1337430145\2108277508" -childID 5 -isForBrowser -prefsHandle 5676 -prefMapHandle 5904 -prefsLen 26340 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a1a0950-9059-4946-98a7-fb71521267fa} 1964 "\\.\pipe\gecko-crash-server-pipe.1964" 5916 1b206363058 tab
    3⤵
    PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\14245

Filesize
9KB

MD5
b4d3c21fc736b7962148cf6f2faaec1f

SHA1
47256117471d023355961388bc26481323d74bba

SHA256
96273c394d244e10f221f1e215f8fc2796cd611c23195c7153d4ef517ccb79dd

SHA512
cd0a4d0d98260a43e779741e6aa24e87ed73a0d3dc38e2e5d70e5938252acc6c53c84a9c3dae196ce7b8e87a2b99df82f1515a4b282aeafd9d3b79fb6dc25be4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\7898

Filesize
9KB

MD5
43c47b8340bbfa9ed8ef679a6d2f7793

SHA1
29e022916291b729680cf90faaf67c1c87558f58

SHA256
ca0b437c3f93ac9f6ba3e782f317bed35faf15eec892f151df81cbff0c8c9ccf

SHA512
af7c56152f89f6a8d8cd442dd516b31f8e3f1cfcb5f8cee216981172f26d6f996548f7997c0d0889477c904bf95ec4d57e09b3b679c1eeb140e4a1fed00cac9b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
febbc813fced39917bf14702de1ab483

SHA1
b31c413761cffe74553f24cae3d17a464883d55f

SHA256
7f6e01b6f558976920a1dd87505f37a27d07bce6002d4ad0b9bbb7ea0b6b23c5

SHA512
104f90a712d5fb21428b252211ea290244a34daa7c0a9ace5c0bde1666fe213230ba53577ca34d4ac0ca9f780db00a99c5f36147db453e549aae2504505f68e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
512KB

MD5
62a8edfe9e3df915bba958dd6aed6c61

SHA1
433f86aa1b6bff98260fd1ece8f391bb52c563aa

SHA256
6d5e06892569bc8ca962896183a2115d03fa63d952742d5c043d28058d4445ab

SHA512
813988b7fd576d154aa1e6c25d99a8015b1b925bb24e3a928ed40e5cc29ba7062e44b28ae7c4fde2d6adec82bf0993aa704abb4d263b30343323cb5fedc3da24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
dc6cb49e364ebb5eceb819dc288dc87d

SHA1
8b2eb7fe90e5bde3d91688ff6762e5972b3a82fd

SHA256
0847644af513384e362f612a9187db939c12db0fb08113c97e0ece3003e5e257

SHA512
a5d1a6bddabf7e06820318a33c29cc8998ebb7ddace3020659d3d387b1a9daf17ea1e2344eb4508f323be5dc194f9c37f872053156d9f6e12e7cde0a4404954a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\bookmarkbackups\bookmarks-2024-02-27_11_WTIEZ-EWXCm45mxajnXlCg==.jsonlz4

Filesize
937B

MD5
07262e370179b7b13a95ce885a471b2c

SHA1
ea0ada12675796a81d22ba8fa5e0371ad236ffcc

SHA256
a5e7a85b922d61155fca58d597782bdbbd7ee85ff159c77f33cd8c0201567004

SHA512
78353e89a2561993bedd67738f508b7aa95ee38fd1aaaa816fbcbc17564012717cfcc101991d108dbba2517e4f3a6777b43bfaad5056bd76ccbc056b67cc0597

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\broadcast-listeners.json

Filesize
216B

MD5
156e6aa0def118f1e0037cfa50b2294a

SHA1
9b27831c270ea07d5be1bc043783ff5cf6fd99be

SHA256
722a79c976f28bb6e822b5d6b97ab28348e2eab6b12eeef36c2a3e4f20440521

SHA512
a6e31fe6835ce2c537446f548929794c7547c914e0f5f04578a7771723c73035642b4089d92662c42c117b2408dc5e5d38b97c608f79d26a12ef68ca7355560b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
6b538563c3633c5911095c499cc04806

SHA1
c3f3d15417c5f6c77224724f6908dc0bc89b7bfb

SHA256
20a16905eb0fa4b483c3d52431328d3388bc4621f717676eded8280775a8e24b

SHA512
ddb5927e0c0486541cd3090568baca1a736d37c9b87978cd6185162d7516bacf660c0c43acf1a0ee58998bf39fb8a39270e2b342ca7cb8d582a8d81f9aaf75aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\37f85f6a-c139-44af-82b3-8b298d4f1991

Filesize
746B

MD5
4d6d5cffe3c0c49abc0d5769cc180d75

SHA1
cf4518c4336373dee2ce61e9c077d06302e85083

SHA256
c16c2a6a5314659c7263cb934ea1b3c9aeaa194ed7bac977946effb13a6b6afd

SHA512
974af9fdcbba99a8e5a0c98a9a86d291382aff86d4583c0ebaf526d6b5e0ecb2c45bd476a249ae9367b265b6a5a6f039c5bc706195744c6b5c215cc5d78bbc77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\7754de66-d6b6-403e-bfd7-6838975ae4c2

Filesize
10KB

MD5
ee9e1855325918ed6fd889a64cda9e5f

SHA1
32e1a12cad5e53fdf84d4e00b90fc01ef2315320

SHA256
550577282a34959cd119bdc2529d077cbdabeba18c3e6fde7cfb51372da389a9

SHA512
ac6950f8aaf19d373ee4b90619ea94161e618dea3b56611022522b1214a3cf827c9fd7baad7ca194396157b708c0cc64367ebac09d47ee3a3b2c58fed7828b18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\extensions.json.tmp

Filesize
34KB

MD5
33f555bc7dee92ad75914a8f0e5ecfb4

SHA1
74ea5b3c596a71e07fde82de82c448a86bdc8fa7

SHA256
b4da85520b0cdc4c59b9f370bd3b061754d080e13a36756decd7219ced16a66c

SHA512
61a84c478f5adcf6a31df80c78a1affbc4a12404d6b452fafe544216890e1764647501dee1df4370a1296c59b7c49c11bf210b53f5bfac5b3b55515b48a7eb5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
7KB

MD5
4e6e0aeb4571da7f1a69bdd45b57d274

SHA1
18affb7f3764589b7e4bfcb305a6da1f208eb66b

SHA256
b9aa3da221826bcae2333e551a4a710cfe350bfe7f821d7f93a6e35077d442f9

SHA512
52d64f6dc9f8c16f6f67f59bf803b8c2e2f95d63f72425eee941db1f0fc424766c17cfe759461cd312df65537ae00cde0009bcbef84535cf27c36cbc9145f323

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
10KB

MD5
77df9d44b696113fc7793db9a0ae2dd9

SHA1
141940cb7fec434081e70a0c3be9bce0ccb4a8af

SHA256
03bb8b04807684fe4a671a9bc5ead2d1d8131ac284fdfb028a02486780a8d820

SHA512
edf8b3c2c43ba27662cb2f4a80239c1af2d1b58fde75c6b2deb18907f8daa667fcf7c26d66cbec13b2c0ed74d5ab8111453d5be466e75ed96f5a703eea296894

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
10KB

MD5
452640483d8cc4e270e23049bd0d7a85

SHA1
a16efd1106b13e670868c6862660257ec6624574

SHA256
b5e173b76a28d1053a70c4b94688de142f4809814c80111a089bb0f69cf17522

SHA512
155e75ac47e682290ef24243d78fb6645a0dd0c3ec45147345ec4fa369e69d9160100d358e71070bb7c0514c4998eeb6620356bc589139257dcc9b98e74e2c66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
9KB

MD5
d37a6877af3ea9919a91972ad0afd30d

SHA1
0f4d31fc745526a62c4c20417884e7965b066c90

SHA256
7361ea78ef8aaacfc797ac46fb5b9d41ea1d67a9f3a14aaec71d627f09e7ba40

SHA512
6dc79be7916704a78b8cb802a7326dd7d3b7ce8ddb8c0f5cccc06a9a9f61a620c45984b04a67ee40d6379f94ae7ad626f2b88c49a0288f6f4a223bf71e6bd0fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
10KB

MD5
ef20da67656163201a3ad4433fa4ca47

SHA1
e36c58e8f2f291adb3c11c3740f3fb2cc8fbf9fd

SHA256
61dae376547560c8d4647bff56789a6ec7861e508ad9dbe46ead3efe15262424

SHA512
c5f7f4af582f801b17292fa6776285cebe565a0d811dab67e6c87d3b17b343f918bfb58c58e5d1d6e0d160dc05c2bff9af0e91252d6ba5ddcef666c7a2a4b1ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs.js

Filesize
10KB

MD5
e1780418cbdd0a5a382933907abfcd96

SHA1
df33c226a22849876495269e03d174c5a71f69dd

SHA256
3258d10a5c02e569261695ab79c16fbea696239c707f47dc3af45f25a4808d65

SHA512
312379969a2b87bfca8d9a1ee694a03e295210769241beed1e4e9c500b0b2ec991e160a17651ce1850dd26050b8f5120798cd64997e11e99d0e5ab739eb881fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs.js

Filesize
10KB

MD5
71f6cbf3e651edfe2cfd2ae2007aee49

SHA1
e39cff1fe1d3e04cc47dfb98ddaf25b83f7ed05a

SHA256
11e6db2c02bc1fd99d94ee013c4b657642d3c6970a423e585609c95042a3d9de

SHA512
0fda7ad013ca513aec3c2c9f0faa5a75c54e53abaf2dca49e310550845b49dfe73f5d722403b0073f14eacaad620f36be3449b6d6c12dc2b7b4b04fbbf54562c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
8414b7f0b5393e2b4c95e958f4c2d8b7

SHA1
141db8db1c1a178af68d78b6854d9e2c1818add0

SHA256
f79a2e5128e5fba03fa98be0fbc77635f170d7d51a4145fb4240b7516047dff8

SHA512
9eec93e96a417ea4332248b8fb9c9eb8edb3064785d06056420fef916526ad60efb04e5f582908ba6076a73d4f677f52cc70304f01cfc10fadd9fca0e1b77029

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
9.2MB

MD5
baf0a2d53b76cfdb8127d19057ba5771

SHA1
56c4cbe1f1fa950336bba4e43cf282910d10b17c

SHA256
ab6da3f2e16a63cf251c52e4780c93803b0251a55e89f6d4883ac1f5a3be9c64

SHA512
66124b0d2e936d37ef52651a728ae81338a657d564c181bdcba96b36883e70c1e4187f332983a975ade82edb6c8fc4ea1146e5c1f994a7d8af7dd7eb52819cb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\targeting.snapshot.json

Filesize
3KB

MD5
667ddd1cecefe6c2bd7e8a5942afb6c0

SHA1
5a47a95d4b3de9ed165766695b529f2eed6f425a

SHA256
74e38c3ff7acd4a045ff0f99dade84a3c13c21c2835b93a4baf26fe397378975

SHA512
df234863ee7374608dee43d4ffcc1f97de1317ca39783d7685b19722828583082fde74bd475ac990387c39a8566a6b55c24303e8d30fdc59789c3f338d3c416f

Download Submit
C:\Users\Admin\Downloads\Havoc-Executor-V2.0OUsOTiC.rar.part

Filesize
382KB

MD5
ca4542342c0b36938118c04da96eed93

SHA1
229e9f5caffe11cd69772802a6056dd2e38998c1

SHA256
35e0199fd3c3d85bad3a4c80b8c3e69055a1f145f4d7f0783908425bdb2365e4

SHA512
47d49747a7980c18fac00f744ab272a72d35aa86e2d93d5b3682463b6aedc01ea7c5226a60f4e1e6b81f10847bdc7d1aa94ccaf53f202248fadc1abeae55ff8d

Download Submit