Overview
overview
7Static
static
7Silver Rat...ng.dll
windows11-21h2-x64
1Silver Rat/Loader.exe
windows11-21h2-x64
7Silver Rat...on.dll
windows11-21h2-x64
1Silver Rat...ra.dll
windows11-21h2-x64
1Silver Rat...at.dll
windows11-21h2-x64
1Silver Rat...ps.dll
windows11-21h2-x64
1Silver Rat...er.dll
windows11-21h2-x64
1Silver Rat...DP.dll
windows11-21h2-x64
1Silver Rat...NC.dll
windows11-21h2-x64
1Silver Rat...er.dll
windows11-21h2-x64
1Silver Rat...er.dll
windows11-21h2-x64
1Silver Rat...ns.dll
windows11-21h2-x64
1Silver Rat...rm.dll
windows11-21h2-x64
1Silver Rat...ds.dll
windows11-21h2-x64
1Silver Rat...PP.dll
windows11-21h2-x64
1Silver Rat...DP.dll
windows11-21h2-x64
1Silver Rat...om.dll
windows11-21h2-x64
1Silver Rat...xy.dll
windows11-21h2-x64
1Silver Rat...ET.dll
windows11-21h2-x64
1Silver Rat...rp.dll
windows11-21h2-x64
1Silver Rat...at.exe
windows11-21h2-x64
7Silver Rat...rs.dll
windows11-21h2-x64
1Silver Rat...le.dll
windows11-21h2-x64
1Silver Rat...ry.dll
windows11-21h2-x64
1Silver Rat...rs.dll
windows11-21h2-x64
1Silver Rat...to.dll
windows11-21h2-x64
1Silver Rat....3.dll
windows11-21h2-x64
1Silver Rat...ms.dll
windows11-21h2-x64
1Silver Rat/cgeoip.dll
windows11-21h2-x64
1Silver Rat...i2.dll
windows11-21h2-x64
1Silver Rat...re.dll
windows11-21h2-x64
1Silver Rat...et.dll
windows11-21h2-x64
1Analysis
-
max time kernel
1345s -
max time network
1176s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
13-04-2024 02:05
Behavioral task
behavioral1
Sample
Silver Rat/Bunifu.Licensing.dll
Resource
win11-20240412-en
Behavioral task
behavioral2
Sample
Silver Rat/Loader.exe
Resource
win11-20240412-en
Behavioral task
behavioral3
Sample
Silver Rat/Newtonsoft.Json.dll
Resource
win11-20240412-en
Behavioral task
behavioral4
Sample
Silver Rat/Plugins/Camera.dll
Resource
win11-20240412-en
Behavioral task
behavioral5
Sample
Silver Rat/Plugins/Chat.dll
Resource
win11-20240412-en
Behavioral task
behavioral6
Sample
Silver Rat/Plugins/HApps.dll
Resource
win11-20240412-en
Behavioral task
behavioral7
Sample
Silver Rat/Plugins/HBrowser.dll
Resource
win11-20240412-en
Behavioral task
behavioral8
Sample
Silver Rat/Plugins/HRDP.dll
Resource
win11-20240412-en
Behavioral task
behavioral9
Sample
Silver Rat/Plugins/HVNC.dll
Resource
win11-20240412-en
Behavioral task
behavioral10
Sample
Silver Rat/Plugins/Keylogger.dll
Resource
win11-20240412-en
Behavioral task
behavioral11
Sample
Silver Rat/Plugins/Manager.dll
Resource
win11-20240412-en
Behavioral task
behavioral12
Sample
Silver Rat/Plugins/Options.dll
Resource
win11-20240412-en
Behavioral task
behavioral13
Sample
Silver Rat/Plugins/OptionsForm.dll
Resource
win11-20240412-en
Behavioral task
behavioral14
Sample
Silver Rat/Plugins/Passwords.dll
Resource
win11-20240412-en
Behavioral task
behavioral15
Sample
Silver Rat/Plugins/RAPP.dll
Resource
win11-20240412-en
Behavioral task
behavioral16
Sample
Silver Rat/Plugins/RDP.dll
Resource
win11-20240412-en
Behavioral task
behavioral17
Sample
Silver Rat/Plugins/Ransom.dll
Resource
win11-20240412-en
Behavioral task
behavioral18
Sample
Silver Rat/Plugins/ReverseProxy.dll
Resource
win11-20240412-en
Behavioral task
behavioral19
Sample
Silver Rat/Plugins/ScanNET.dll
Resource
win11-20240412-en
Behavioral task
behavioral20
Sample
Silver Rat/RestSharp.dll
Resource
win11-20240412-en
Behavioral task
behavioral21
Sample
Silver Rat/SilverRat.exe
Resource
win11-20240412-en
Behavioral task
behavioral22
Sample
Silver Rat/System.Buffers.dll
Resource
win11-20240412-en
Behavioral task
behavioral23
Sample
Silver Rat/System.Collections.Immutable.dll
Resource
win11-20240412-en
Behavioral task
behavioral24
Sample
Silver Rat/System.Memory.dll
Resource
win11-20240412-en
Behavioral task
behavioral25
Sample
Silver Rat/System.Numerics.Vectors.dll
Resource
win11-20240412-en
Behavioral task
behavioral26
Sample
Silver Rat/bouncycastle.crypto.dll
Resource
win11-20240412-en
Behavioral task
behavioral27
Sample
Silver Rat/bunifu.ui.winforms.1.5.3.dll
Resource
win11-20240412-en
Behavioral task
behavioral28
Sample
Silver Rat/bunifu.ui.winforms.dll
Resource
win11-20240412-en
Behavioral task
behavioral29
Sample
Silver Rat/cgeoip.dll
Resource
win11-20240412-en
Behavioral task
behavioral30
Sample
Silver Rat/guna.ui2.dll
Resource
win11-20240412-en
Behavioral task
behavioral31
Sample
Silver Rat/protobuf-net.core.dll
Resource
win11-20240412-en
Behavioral task
behavioral32
Sample
Silver Rat/protobuf-net.dll
Resource
win11-20240412-en
General
-
Target
Silver Rat/Loader.exe
-
Size
490KB
-
MD5
9c9245810bad661af3d6efec543d34fd
-
SHA1
93e4f301156d120a87fe2c4be3aaa28b9dfd1a8d
-
SHA256
f5f14b9073f86da926a8ed319b3289b893442414d1511e45177f6915fb4e5478
-
SHA512
90d9593595511e722b733a13c53d2e69a1adc9c79b3349350deead2c1cdfed615921fb503597950070e9055f6df74bb64ccd94a60d7716822aa632699c70b767
-
SSDEEP
6144:3PkcFUUUQHs5TlOhDuy4VjmSO6/tU4j06xeJyCjvhsXZ4m05d0qCsfBLuWWCV/rr:3McWUUysz/NhKjJPhM4/5bV/rvgE3
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
Processes:
Loader.exeSilverRat.exeLoader.exeSilverRat.exepid process 1232 Loader.exe 2384 SilverRat.exe 3144 Loader.exe 3940 SilverRat.exe -
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 4676 2384 WerFault.exe SilverRat.exe 5576 3940 WerFault.exe SilverRat.exe -
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exefirefox.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe -
Modifies registry class 1 IoCs
Processes:
firefox.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2516240262-2296879883-3965305654-1000_Classes\Local Settings firefox.exe -
NTFS ADS 1 IoCs
Processes:
firefox.exedescription ioc process File created C:\Users\Admin\Downloads\Silver Rat.zip:Zone.Identifier firefox.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
firefox.exedescription pid process Token: SeDebugPrivilege 2096 firefox.exe Token: SeDebugPrivilege 2096 firefox.exe Token: SeDebugPrivilege 2096 firefox.exe Token: SeDebugPrivilege 2096 firefox.exe Token: SeDebugPrivilege 2096 firefox.exe Token: SeDebugPrivilege 2096 firefox.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
Processes:
firefox.exepid process 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
Processes:
firefox.exepid process 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
Processes:
firefox.exepid process 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe 2096 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
firefox.exefirefox.exedescription pid process target process PID 4584 wrote to memory of 2096 4584 firefox.exe firefox.exe PID 4584 wrote to memory of 2096 4584 firefox.exe firefox.exe PID 4584 wrote to memory of 2096 4584 firefox.exe firefox.exe PID 4584 wrote to memory of 2096 4584 firefox.exe firefox.exe PID 4584 wrote to memory of 2096 4584 firefox.exe firefox.exe PID 4584 wrote to memory of 2096 4584 firefox.exe firefox.exe PID 4584 wrote to memory of 2096 4584 firefox.exe firefox.exe PID 4584 wrote to memory of 2096 4584 firefox.exe firefox.exe PID 4584 wrote to memory of 2096 4584 firefox.exe firefox.exe PID 4584 wrote to memory of 2096 4584 firefox.exe firefox.exe PID 4584 wrote to memory of 2096 4584 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3176 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3068 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3068 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3068 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3068 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3068 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3068 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3068 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3068 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3068 2096 firefox.exe firefox.exe PID 2096 wrote to memory of 3068 2096 firefox.exe firefox.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Silver Rat\Loader.exe"C:\Users\Admin\AppData\Local\Temp\Silver Rat\Loader.exe"1⤵PID:2876
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4584 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.0.2145052087\640182259" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1776 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a84fb52a-fc5a-4009-8116-2fdda5c5ea99} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 1880 21beae24c58 gpu3⤵PID:3176
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.1.1041433781\1660664923" -parentBuildID 20230214051806 -prefsHandle 2376 -prefMapHandle 2364 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ab100ec-6c09-4fe5-a221-426c61baf6ba} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 2404 21bde187258 socket3⤵
- Checks processor information in registry
PID:3068 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.2.1759952717\7683329" -childID 1 -isForBrowser -prefsHandle 2628 -prefMapHandle 2816 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33f3e4d6-9503-4bbe-9edd-39a6f285d237} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 2804 21bedbe0258 tab3⤵PID:3904
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.3.1778858532\1343224983" -childID 2 -isForBrowser -prefsHandle 2596 -prefMapHandle 1632 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af517917-d793-4114-b374-9d2d408df363} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 3436 21bf0470258 tab3⤵PID:3556
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.4.1817351246\1551165744" -childID 3 -isForBrowser -prefsHandle 5052 -prefMapHandle 4960 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bea029a4-c3f3-4103-b224-04a20b2cb3f4} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 5064 21bf1df8558 tab3⤵PID:3596
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.5.192558974\936675166" -childID 4 -isForBrowser -prefsHandle 5300 -prefMapHandle 5296 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b440ba4-efe2-4126-a7cb-a52def6509c4} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 5224 21bf266cf58 tab3⤵PID:4856
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.6.12328228\1991631313" -childID 5 -isForBrowser -prefsHandle 5480 -prefMapHandle 5476 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba456dd0-93af-468e-924f-11e304ccccf6} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 5396 21bf266a558 tab3⤵PID:5104
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.7.124211355\802831872" -childID 6 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fe7f4e0-85cf-4ffe-857b-1cfd564b84ff} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 3404 21bf31a2958 tab3⤵PID:4784
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:336
-
C:\Users\Admin\Downloads\Silver Rat\Silver Rat\Loader.exe"C:\Users\Admin\Downloads\Silver Rat\Silver Rat\Loader.exe"1⤵PID:4656
-
C:\Users\Admin\Downloads\Silver Rat\Silver Rat\SilverRat.exe"C:\Users\Admin\Downloads\Silver Rat\Silver Rat\SilverRat.exe"1⤵PID:1348
-
C:\Users\Admin\AppData\Local\Temp\Loader.exe"C:\Users\Admin\AppData\Local\Temp\Loader.exe"2⤵
- Executes dropped EXE
PID:1232 -
C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"2⤵
- Executes dropped EXE
PID:2384 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 8963⤵
- Program crash
PID:4676
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2384 -ip 23841⤵PID:4020
-
C:\Users\Admin\Downloads\Silver Rat\Silver Rat\SilverRat.exe"C:\Users\Admin\Downloads\Silver Rat\Silver Rat\SilverRat.exe"1⤵PID:3256
-
C:\Users\Admin\AppData\Local\Temp\Loader.exe"C:\Users\Admin\AppData\Local\Temp\Loader.exe"2⤵
- Executes dropped EXE
PID:3144 -
C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"2⤵
- Executes dropped EXE
PID:3940 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 8643⤵
- Program crash
PID:5576
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 3940 -ip 39401⤵PID:5020
-
C:\Users\Admin\Downloads\Silver Rat\Silver Rat\Loader.exe"C:\Users\Admin\Downloads\Silver Rat\Silver Rat\Loader.exe"1⤵PID:1944
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\activity-stream.discovery_stream.json.tmp
Filesize24KB
MD5050766629bd864b13e3d21853867c7ac
SHA1b2433373f511420ac58587d55c4c515c35ed04cb
SHA25676b44948b430dec32526e84285643a1fa173e77c70c24ff42479f7c29e302608
SHA51245f58afb5819d3aab170621f6ed17ea403c8ee3aee818f8f37e38f2c13b883bd0baa39b6d7e2256ffb1110675395fa517158b1a6072da656bb2bc5c7b836c8d3
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\activity-stream.discovery_stream.json.tmp
Filesize24KB
MD5748c25d2b7571de48728a14809c4b9a4
SHA18ab85569c47c4fc18fb5d5ac700d9b6226eff8cd
SHA256168aebff993a279eeea2c7c16405c5a9461de67917669fa686229c31ce2da578
SHA512e96e49ed47c2a0ac9ba250a829261e729b83556904e7a34edfa370f7a852c6ab3436e0ba29f80a8e7d7223e90bc2cb50044d3df05757cf8e7bfea4390233bfca
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize13KB
MD5e874ac6b9406ff6fd1fd40dc03dffbaa
SHA1620294e065c1935613b8ece47130c0ac7cfe00ad
SHA2562112d7cb4d4751d15dd8ae5cd3d5e3338c76b999a964b0afb40adf69a96c2cb1
SHA512fd26aa004ca487437e4e82dd1b390c2f70dabdfac88fd8620f9ff6639c5a1f1e5d93d2fe51fe0aa14de997ced6c0ec0bac0e9b89731b99f08aa36e10c23caeb8
-
Filesize
490KB
MD59c9245810bad661af3d6efec543d34fd
SHA193e4f301156d120a87fe2c4be3aaa28b9dfd1a8d
SHA256f5f14b9073f86da926a8ed319b3289b893442414d1511e45177f6915fb4e5478
SHA51290d9593595511e722b733a13c53d2e69a1adc9c79b3349350deead2c1cdfed615921fb503597950070e9055f6df74bb64ccd94a60d7716822aa632699c70b767
-
Filesize
25.2MB
MD5d6527f7d5f5152c3f5fff6786e5c1606
SHA1e8da82b4a3d2b6bee04236162e5e46e636310ec6
SHA25679a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9
SHA5122b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
8KB
MD5dcce0be5a0c3fa86131c9f30df75c9d9
SHA1c8ed8b247a7221a7b4d2ee91fd346e54d791598c
SHA2562ebf18981efe4f44ae76b059ec648fafeb27bfa07cd233ab47a442408b54f44b
SHA512cdba9696ce13e2dfaa9e9d81e3238fe39b5e9673d5fbadcab840f4607c6d985bc5852cb6347d4f65d73e5d28c0f9c19cdefc74460fea932ee55deeb5537d2a3e
-
Filesize
10KB
MD5c8f3602113dc2ae77caea7eb6d474674
SHA1c657884c10d56f8b49606adb74f321124bb5ed5a
SHA2563f9601e5a938c8ed683b339c4de7e14ca574fd4441e15cd7fafd865031635af1
SHA5127f275aaf59324ad6b80775d6f69429867c9ae6d46feaeda2a55fc718d7293530ae61905f79a9683e644247684285967218397c23dc1c02bbcceaad28637138a0
-
Filesize
6KB
MD5d15f7a87e8befea30e735b45e39b9504
SHA10a83ac3d5ca0d24230f601a891c44bbe9f99937d
SHA2560fb68acdbab583dfa52fc79bb9b5981ed14d761fe7f938238d0b7b97039ccae7
SHA512b321eb875b710fb2ba8312386ac8521d907f538c60013afb24d9ba60551a8d2f83525c5463fdb8673fec7e844c6511711873b98fdf10853238d790448a817cb2
-
Filesize
7KB
MD519d8a59b0a5b1ae7502a32154a33150d
SHA15416b111f973d491f8e158b422462a04aeb6683b
SHA256ca203f0d3d9df4cc6a85c412320ed37a342c2493828a2efb01c842a15c586830
SHA512dfb723c1a616af294ac27a81a783e5d9faf755ced304f6d6dbe827acd8c8f96e7368f3de2fc04023eb287dfbe716906e5ba097cde3547ac76866f567fb4549f3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD56042796da24fe9695406737188fb310a
SHA17f58fb1b35129809988ba363ae2fc8d68cc43016
SHA2560458d0a951d583301e60052b004aa6e939402e7bb1347e281eec7b442f36b6cd
SHA512a8e630a9c1346b9c34a5f09e85cb95eddfe073caf048eced890f17315aad71f223ed840fff93e98f7997b614d3f568466c0711b250a4d37c5649be59ad2c1325
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5e723ecca48b143774d3e41c224106b65
SHA19d041995838ee450ac1547d00fbfb4998902dc7e
SHA256f9c7df6a68412b193039df01670766e910197525ad783b07a8c0aef3b2435e43
SHA51218c3ba696db9b0c3a907ddfae70395e3a92af7b169ee8bb0f1e095a41494c278520adb51287112a993ebf4bdbedf8a0334a34556504fce0511f9c04acea239ee
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore-backups\recovery.jsonlz4
Filesize5KB
MD5a0e4962eb25a2539e0358dec9bdea660
SHA172df4549ef9359c72f9c2f3726f934b376daa2f0
SHA256e529cbf4105e2d91f62e4a6d125a0da3411b162cc9e94ad5e7e78dd4982c46c2
SHA512472ea93e26919b531ec4116c2076cf06c4036c3977194803992b28d1e5df3d90d4c6318cf8f18bc1e22362c68b8cbbecc4eb0a2711d2795eb18eb4897b1054c7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore.jsonlz4
Filesize5KB
MD580669d4def45bb38fbc43debf548a75d
SHA122a1c41e0180a3caf6e0757dddff9708043efaa3
SHA25639b00faedaba54c005496d3f03147c5aa222e23f3ab9026b4741f6665b9d5206
SHA5129055e28d7d150ec0c1a5054e9dbf44c7fd9379e6676e1e8a45a5c5a5013c93fb793b1a6717c3d22ac41ce370215e02d645198e48c9673aac109cdc217f1072b8
-
Filesize
16KB
MD5eb0ab6050c1f77229b805218e5abe49b
SHA1bc9e9ea152b5d64d638c80fbea1b41494282baa7
SHA256d82a000ba97ab59bb304c0983b574e503344e7553595c6e49a180f1f70236445
SHA512d94c6ef1274328ec477430bb4f6c4ae3a2bb12cba620e5a882cb8f10ae6377061aecbb55979b2e503b8ddd5982fd6d7afb5519e67a3a1a3adc8c4e52fde11916