70596a9d443eb12afe1d74356ddff517283229f7bdee768bcd301de7103caee2

Analysis

max time kernel
148s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16-11-2024 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware - Worms Stealers.rar
Size

168.3MB
MD5

4c63f98f13b259e874649862c0d8c62c
SHA1

3ef03e2a41670ed405c5fac932cb89308f6a0c9b
SHA256

70596a9d443eb12afe1d74356ddff517283229f7bdee768bcd301de7103caee2
SHA512

915ca74279e74ddb80d0aab1b21423836b2c642488634a668fa6be77aead47d084350abb17937b069093a5caeefcb8d8597b74cea3b33b362e76695f9f6720f6
SSDEEP

3145728:Y146FwUJywUzYYsHTuI20c01UiaPhFuZeOKtqx:Y2QDyRYYYTDl+fztptu

Score

8^/10

discovery execution persistence themida upx

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
3332	powershell.exe
3120	powershell.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Startup.lnk	Launcher.exe

Executes dropped EXE 16 IoCs

pid	Process
860	Dark IP Stealer.exe
336	Launcher.exe
3520	dis.exe
2248	Windows Services.exe
1688	Secure System Shell.exe
4940	Runtime Explorer.exe
3708	iStealer 6.3 Legends.exe
3548	Launcher.exe
3700	is64.exe
2584	UnLimited PW - Stealer 0.40.exe
4620	Launcher.exe
2244	us4.exe
4300	Fly Stealer 0.1.exe
1932	Launcher.exe
2660	flys.exe
4640	res.exe

Loads dropped DLL 10 IoCs

pid	Process
336	Launcher.exe
336	Launcher.exe
3548	Launcher.exe
3548	Launcher.exe
2620	Regsvr32.exe
1544	Regsvr32.exe
4620	Launcher.exe
4620	Launcher.exe
1932	Launcher.exe
1932	Launcher.exe

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x001600000002b1d4-3038.dat	themida

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Windows\CurrentVersion\Run\Runtime Explorer = "C:\\Windows\\IMF\\\\Windows Services.exe"	Launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Windows\CurrentVersion\Run\Runtime Explorer = "\"C:\\Users\\Admin\\AppData\\Roaming\\Runtime Explorer.exe\""	Runtime Explorer.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000024f65-3064.dat	upx
behavioral1/memory/4640-3070-0x0000000000400000-0x00000000004E2000-memory.dmp	upx
behavioral1/memory/4640-3081-0x0000000000400000-0x00000000004E2000-memory.dmp	upx

Drops file in Windows directory 9 IoCs

description	ioc	Process
File created	C:\Windows\IMF\Secure System Shell.exe.tmp	Launcher.exe
File opened for modification	C:\Windows\IMF\Secure System Shell.exe	Launcher.exe
File created	C:\Windows\IMF\Runtime Explorer.exe.tmp	Launcher.exe
File opened for modification	C:\Windows\IMF\Runtime Explorer.exe	Launcher.exe
File created	C:\Windows\IMF\Windows Services.exe.tmp	Launcher.exe
File opened for modification	C:\Windows\IMF\Windows Services.exe	Launcher.exe
File created	C:\Windows\IMF\LICENCE.zip	Launcher.exe
File opened for modification	C:\Windows\IMF\LICENCE.zip	Launcher.exe
File created	C:\Windows\IMF\LICENCE.dat	Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Secure System Shell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	is64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	us4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	res.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Dark IP Stealer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fly Stealer 0.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	flys.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UnLimited PW - Stealer 0.40.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Windows Services.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Runtime Explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iStealer 6.3 Legends.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D36F049-CED6-48F5-8604-86279E6516F9}\TypeLib\Version = "1.0"	Regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	flys.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\NodeSlot = "6"	flys.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	flys.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SCLABEL.SCLabelCtrl.1	Regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	flys.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	flys.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	flys.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D36F049-CED6-48F5-8604-86279E6516F9}\ProxyStubClsid32	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45A5D9C0-DA2A-4490-84BC-2817C57AEBFE}\MiscStatus\1\ = "131473"	Regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	flys.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	flys.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	flys.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{39625F3A-A770-4D43-878B-B776F7881742}\ProxyStubClsid32	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B715410C-4E20-47A8-94DA-410E9DA35591}\ = "SCLabel Property Page"	Regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	flys.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	flys.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FE666755-7DB5-47B5-9F9E-ABC3D730AF26}\1.0\ = "SCLabel ActiveX Control module"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FE666755-7DB5-47B5-9F9E-ABC3D730AF26}\1.0\HELPDIR\ = "C:\\Users\\Admin\\Desktop\\Malware - Worms Stealers\\iStealer 6.3 Legends\\node\\Skin"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D36F049-CED6-48F5-8604-86279E6516F9}\TypeLib\ = "{FE666755-7DB5-47B5-9F9E-ABC3D730AF26}"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45A5D9C0-DA2A-4490-84BC-2817C57AEBFE}\Control\	Regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	flys.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	flys.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 7a003100000000004a58bcb210004d414c5741527e310000620009000400efbe70598c9370598f932e000000d9aa020000001a000000000000000000000000000000000000004d0061006c00770061007200650020002d00200057006f0072006d007300200053007400650061006c00650072007300000018000000	flys.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	flys.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D36F049-CED6-48F5-8604-86279E6516F9}	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B715410C-4E20-47A8-94DA-410E9DA35591}\InprocServer32	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45A5D9C0-DA2A-4490-84BC-2817C57AEBFE}\Insertable\	Regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	flys.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	flys.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D36F049-CED6-48F5-8604-86279E6516F9}\TypeLib\Version = "1.0"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45A5D9C0-DA2A-4490-84BC-2817C57AEBFE}\ProgID	Regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	flys.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	flys.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	flys.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{39625F3A-A770-4D43-878B-B776F7881742}\TypeLib	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45A5D9C0-DA2A-4490-84BC-2817C57AEBFE}\ = "SCLabel Control"	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45A5D9C0-DA2A-4490-84BC-2817C57AEBFE}\ToolboxBitmap32\ = "C:\\Users\\Admin\\Desktop\\MALWAR~1\\ISTEAL~1.3LE\\node\\Skin\\SCLabel.ocx, 1"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45A5D9C0-DA2A-4490-84BC-2817C57AEBFE}\Insertable	Regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	flys.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	flys.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FE666755-7DB5-47B5-9F9E-ABC3D730AF26}\1.0\0	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{39625F3A-A770-4D43-878B-B776F7881742}\ = "_DSCLabel"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D36F049-CED6-48F5-8604-86279E6516F9}\ProxyStubClsid32	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45A5D9C0-DA2A-4490-84BC-2817C57AEBFE}\InprocServer32	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45A5D9C0-DA2A-4490-84BC-2817C57AEBFE}\MiscStatus\1	Regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 5a003100000000006f58e56a1000706e70636c65616e0000420009000400efbe70598d9370598f932e00000034ac02000000190000000000000000000000000000000000000070006e00700063006c00650061006e00000018000000	flys.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{39625F3A-A770-4D43-878B-B776F7881742}\TypeLib\Version = "1.0"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D36F049-CED6-48F5-8604-86279E6516F9}	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D36F049-CED6-48F5-8604-86279E6516F9}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B715410C-4E20-47A8-94DA-410E9DA35591}	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45A5D9C0-DA2A-4490-84BC-2817C57AEBFE}	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FE666755-7DB5-47B5-9F9E-ABC3D730AF26}\1.0\0\win32	Regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	flys.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	flys.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	flys.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{39625F3A-A770-4D43-878B-B776F7881742}\ProxyStubClsid32	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D36F049-CED6-48F5-8604-86279E6516F9}\ = "_DSCLabelEvents"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45A5D9C0-DA2A-4490-84BC-2817C57AEBFE}\ToolboxBitmap32	Regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45A5D9C0-DA2A-4490-84BC-2817C57AEBFE}\Version\ = "1.0"	Regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	flys.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D36F049-CED6-48F5-8604-86279E6516F9}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	Regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D36F049-CED6-48F5-8604-86279E6516F9}\TypeLib	Regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0	flys.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
336	Launcher.exe
3332	powershell.exe
3332	powershell.exe
2248	Windows Services.exe
2248	Windows Services.exe
2248	Windows Services.exe
2248	Windows Services.exe
3120	powershell.exe
1688	Secure System Shell.exe
3120	powershell.exe
3548	Launcher.exe
4620	Launcher.exe
1932	Launcher.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeRestorePrivilege	1612	7zFM.exe
Token: 35	1612	7zFM.exe
Token: SeSecurityPrivilege	1612	7zFM.exe
Token: SeDebugPrivilege	336	Launcher.exe
Token: SeDebugPrivilege	3332	powershell.exe
Token: SeDebugPrivilege	2248	Windows Services.exe
Token: SeDebugPrivilege	3120	powershell.exe
Token: SeDebugPrivilege	1688	Secure System Shell.exe
Token: SeDebugPrivilege	3548	Launcher.exe
Token: SeDebugPrivilege	4620	Launcher.exe
Token: SeDebugPrivilege	1932	Launcher.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1612	7zFM.exe
1612	7zFM.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4940	Runtime Explorer.exe
3700	is64.exe
2660	flys.exe
2660	flys.exe
2660	flys.exe

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 336	860	Dark IP Stealer.exe	84
PID 860 wrote to memory of 336	860	Dark IP Stealer.exe	84
PID 860 wrote to memory of 336	860	Dark IP Stealer.exe	84
PID 336 wrote to memory of 3332	336	Launcher.exe	85
PID 336 wrote to memory of 3332	336	Launcher.exe	85
PID 336 wrote to memory of 3332	336	Launcher.exe	85
PID 860 wrote to memory of 3520	860	Dark IP Stealer.exe	87
PID 860 wrote to memory of 3520	860	Dark IP Stealer.exe	87
PID 336 wrote to memory of 2248	336	Launcher.exe	88
PID 336 wrote to memory of 2248	336	Launcher.exe	88
PID 336 wrote to memory of 2248	336	Launcher.exe	88
PID 2248 wrote to memory of 1688	2248	Windows Services.exe	89
PID 2248 wrote to memory of 1688	2248	Windows Services.exe	89
PID 2248 wrote to memory of 1688	2248	Windows Services.exe	89
PID 2248 wrote to memory of 4940	2248	Windows Services.exe	90
PID 2248 wrote to memory of 4940	2248	Windows Services.exe	90
PID 2248 wrote to memory of 4940	2248	Windows Services.exe	90
PID 4940 wrote to memory of 3120	4940	Runtime Explorer.exe	91
PID 4940 wrote to memory of 3120	4940	Runtime Explorer.exe	91
PID 4940 wrote to memory of 3120	4940	Runtime Explorer.exe	91
PID 3708 wrote to memory of 3548	3708	iStealer 6.3 Legends.exe	95
PID 3708 wrote to memory of 3548	3708	iStealer 6.3 Legends.exe	95
PID 3708 wrote to memory of 3548	3708	iStealer 6.3 Legends.exe	95
PID 3708 wrote to memory of 3700	3708	iStealer 6.3 Legends.exe	96
PID 3708 wrote to memory of 3700	3708	iStealer 6.3 Legends.exe	96
PID 3708 wrote to memory of 3700	3708	iStealer 6.3 Legends.exe	96
PID 3700 wrote to memory of 2620	3700	is64.exe	97
PID 3700 wrote to memory of 2620	3700	is64.exe	97
PID 3700 wrote to memory of 2620	3700	is64.exe	97
PID 3700 wrote to memory of 1544	3700	is64.exe	98
PID 3700 wrote to memory of 1544	3700	is64.exe	98
PID 3700 wrote to memory of 1544	3700	is64.exe	98
PID 2584 wrote to memory of 4620	2584	UnLimited PW - Stealer 0.40.exe	100
PID 2584 wrote to memory of 4620	2584	UnLimited PW - Stealer 0.40.exe	100
PID 2584 wrote to memory of 4620	2584	UnLimited PW - Stealer 0.40.exe	100
PID 2584 wrote to memory of 2244	2584	UnLimited PW - Stealer 0.40.exe	101
PID 2584 wrote to memory of 2244	2584	UnLimited PW - Stealer 0.40.exe	101
PID 2584 wrote to memory of 2244	2584	UnLimited PW - Stealer 0.40.exe	101
PID 4300 wrote to memory of 1932	4300	Fly Stealer 0.1.exe	103
PID 4300 wrote to memory of 1932	4300	Fly Stealer 0.1.exe	103
PID 4300 wrote to memory of 1932	4300	Fly Stealer 0.1.exe	103
PID 4300 wrote to memory of 2660	4300	Fly Stealer 0.1.exe	104
PID 4300 wrote to memory of 2660	4300	Fly Stealer 0.1.exe	104
PID 4300 wrote to memory of 2660	4300	Fly Stealer 0.1.exe	104
PID 2660 wrote to memory of 4640	2660	flys.exe	106
PID 2660 wrote to memory of 4640	2660	flys.exe	106
PID 2660 wrote to memory of 4640	2660	flys.exe	106

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Malware - Worms Stealers.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1228

C:\Users\Admin\Desktop\Malware - Worms Stealers\Dark IP Stealer - by mana5olia\Dark IP Stealer.exe
"C:\Users\Admin\Desktop\Malware - Worms Stealers\Dark IP Stealer - by mana5olia\Dark IP Stealer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:860
- C:\Users\Admin\Desktop\Malware - Worms Stealers\Dark IP Stealer - by mana5olia\mcbuilder\Launcher.exe
  "C:\Users\Admin\Desktop\Malware - Worms Stealers\Dark IP Stealer - by mana5olia\mcbuilder\Launcher.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:336
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Windows\IMF\
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3332
- - C:\Windows\IMF\Windows Services.exe
    "C:\Windows\IMF\Windows Services.exe" {Arguments If Needed}
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2248
  - - C:\Windows\IMF\Secure System Shell.exe
      "C:\Windows\IMF\Secure System Shell.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1688
  - - C:\Windows\IMF\Runtime Explorer.exe
      "C:\Windows\IMF\Runtime Explorer.exe"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4940
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Users\Admin\AppData\Roaming\
        5⤵
        Command and Scripting Interpreter: PowerShell
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3120
- C:\Users\Admin\Desktop\Malware - Worms Stealers\Dark IP Stealer - by mana5olia\mcbuilder\dis.exe
  "C:\Users\Admin\Desktop\Malware - Worms Stealers\Dark IP Stealer - by mana5olia\mcbuilder\dis.exe"
  2⤵
  - Executes dropped EXE
  PID:3520

C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\iStealer 6.3 Legends.exe
"C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\iStealer 6.3 Legends.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\node\Launcher.exe
  "C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\node\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3548
- C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\node\is64.exe
  "C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\node\is64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3700
- - C:\Windows\SysWOW64\Regsvr32.exe
    Regsvr32 /s "C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\node\Skin\SkinCrafter3_vs2005.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2620
- - C:\Windows\SysWOW64\Regsvr32.exe
    Regsvr32 /s "C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\node\Skin\SCLabel.ocx"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:1544

C:\Users\Admin\Desktop\Malware - Worms Stealers\UNLIMITED PW STEALER 0.4\UnLimited PW - Stealer 0.40.exe
"C:\Users\Admin\Desktop\Malware - Worms Stealers\UNLIMITED PW STEALER 0.4\UnLimited PW - Stealer 0.40.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Users\Admin\Desktop\Malware - Worms Stealers\UNLIMITED PW STEALER 0.4\data\Launcher.exe
  "C:\Users\Admin\Desktop\Malware - Worms Stealers\UNLIMITED PW STEALER 0.4\data\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4620
- C:\Users\Admin\Desktop\Malware - Worms Stealers\UNLIMITED PW STEALER 0.4\data\us4.exe
  "C:\Users\Admin\Desktop\Malware - Worms Stealers\UNLIMITED PW STEALER 0.4\data\us4.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2244

C:\Users\Admin\Desktop\Malware - Worms Stealers\Fly Stealer 0.1\Fly Stealer 0.1.exe
"C:\Users\Admin\Desktop\Malware - Worms Stealers\Fly Stealer 0.1\Fly Stealer 0.1.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Users\Admin\Desktop\Malware - Worms Stealers\Fly Stealer 0.1\pnpclean\Launcher.exe
  "C:\Users\Admin\Desktop\Malware - Worms Stealers\Fly Stealer 0.1\pnpclean\Launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1932
- C:\Users\Admin\Desktop\Malware - Worms Stealers\Fly Stealer 0.1\pnpclean\flys.exe
  "C:\Users\Admin\Desktop\Malware - Worms Stealers\Fly Stealer 0.1\pnpclean\flys.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Users\Admin\AppData\Local\Temp\res.exe
    "C:\Users\Admin\AppData\Local\Temp\res.exe" -script "C:\Users\Admin\AppData\Local\Temp\sc.txt"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4640

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
PID:860

C:\Users\Admin\Desktop\Server.exe
"C:\Users\Admin\Desktop\Server.exe"
1⤵
PID:4996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Launcher.exe.log

Filesize
1KB

MD5
86254e7829d7e589b36158ff7c4a81fe

SHA1
feec156a5f610ea4b7ad0cfeb102696f227d45c2

SHA256
4ee6cb3306075a294d8856310408c53a067420756b71542468295ce44a2044ca

SHA512
6d66535eb82c6a29603a43ea3a4c85299c7958c3db513b4119e6a05b386f12b8f6402eee4f4a272c893e644f8eb7f0b14025ce9e99017014574245f619f14347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d0c46cad6c0778401e21910bd6b56b70

SHA1
7be418951ea96326aca445b8dfe449b2bfa0dca6

SHA256
9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02

SHA512
057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
579d86f6235d2f2bc1ff850e642f58a7

SHA1
782a332e9abd097ebb8a213dc8938f5677dd1369

SHA256
65bf7bf580f6b3f25d754d6aab19d51779c265fe732a799b37bd54df38f5a94d

SHA512
5aa8bc3ec6a6a409fc05df76d69364f84bf65c63b0a06ca196b072c148cdc81477f3a738390ca4ad6446ac42b0716df2f68a99204e98d88cad16d8981b2c6b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
18KB

MD5
f9be5bd631d12138ab448009045e2d71

SHA1
ca4f6be77206ad6733590ff2af9bdc244aa2c1d9

SHA256
900c4c476685ab243058e207c7bfccddea881c5afc429f84777e491ab77e0cfd

SHA512
841e3c813d405d446028754ad8f331eb0e7800380d1b09abbfd3e00513760621c76c4d992ea9a256f6afaab8b6c3abc4b8374acc5d7378f3717d689e9746beff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Aurora Worm v1\settings\Ionic.Zip.dll

Filesize
480KB

MD5
f6933bf7cee0fd6c80cdf207ff15a523

SHA1
039eeb1169e1defe387c7d4ca4021bce9d11786d

SHA256
17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89

SHA512
88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Aurora Worm v1\settings\LICENCE.dat

Filesize
77KB

MD5
5180046f168dfd684b5bf268f5a0fa56

SHA1
ac8202ad5c94eb4d9e6227af92b5120e6d1b7ce7

SHA256
4139baa8beebcde4504c33bc88cf13b9ab9f32e4a054871ebeb82be6b84edc01

SHA512
04add8dc053c39a594e7889071b3fb9036fdc978b6f39f769c38b322e18a4ea6e05b6b66d97f0ac40c58f39120c791006a5b732da46ceba799e0db74afbed3e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Aurora Worm v1\settings\Launcher.exe

Filesize
53KB

MD5
c6d4c881112022eb30725978ecd7c6ec

SHA1
ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

SHA256
0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

SHA512
3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Blade Stealer 1.0 PUBLIC\OCX\Codejock.CommandBars.v13.0.0.ocx

Filesize
2.2MB

MD5
cf73808b6f9c7b52eff7719ba909fed8

SHA1
2bb11fd217a52c7c4c35fd48aa5afc955f28f26c

SHA256
3c3bda5bec1868f44fd1f16e9364644dfaa4d196521ac35cb176efe522afc8bb

SHA512
e57a25c41580e3f31fdc4de4f2e704e44ff090d529b30940a99b49b8c0d15b01a85eaabab31c2375ad25fea7959afbfba527eb5e5603703639e9834fff1e58ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Blade Stealer 1.0 PUBLIC\OCX\Codejock.Controls.v13.0.0.ocx

Filesize
1.7MB

MD5
55494584d369f207e6e1b071e7168ec0

SHA1
e5abfc31755947add9d5d88381a95fae3d99c114

SHA256
025efdc63c61b3567dc8eb244517c715dda12cf2aa4bc595e427e8d7b751fed7

SHA512
caa546c6812db875f373f60fd35c80d0aad3b67289719b0b116baeea91a519d82f7c44b66131d145e50f01ef3d19250390c53979533411c7a0fd539ee5dedea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Dimension Stealer 2 by Gumball\shell32.dll

Filesize
6.9MB

MD5
2c47fb71d227bd4cda099450ce13f9f8

SHA1
ef63e8994810742bf2c2d8a3cc9d3b0a27748e0f

SHA256
bc8637e2f6d6e18cd60452498fe48db54ff4742ce7252ee0953cb72f3a4a5e3d

SHA512
37c03d7d1667a18e9555e2990ea1adbba4b1ea02e58a6f5b3b28e55bffc8c9ae1dcb27f7960fd2c49869fa1ee63a4b2897e72b5d5eee1aaea001d1c47611b413

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\FF Stealer Steam cafe\CPFilters.dll

Filesize
862KB

MD5
15fda1debbe0a57d4bc0b3fbab447e10

SHA1
4d4f427a3aa6b86ed1b0d92f06bf2cf59443bc98

SHA256
1145bc19b4fd8a6cc1e6c75f8398abb8c551329ca1d79fe90f66f326085393fc

SHA512
88880bc50f35bad9a2cd38dd7d21295e565f2cccc0e7f531515fa2cb0bc9e45b5f6f76b9bb095769d71a2e207b28af739dce98b1c3055e531aefb91663a280fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\FYI Worm\designmode.css

Filesize
1KB

MD5
4ccdfc58a6eb5109fee61c81cb2c9ca2

SHA1
4537e4a64f58298a1984e7029fe7606e6523c855

SHA256
4c29f2111cb1e13fd486622a58443ae85283f0a2db499bdd06ea96bd38464ef6

SHA512
b0ca253c9de7c2aeb9eba02fddb4775a22d7be3dff56816f74535dce41123d2c6385009a59e5eac6c5475824b7bc9d53c7d6d16569c120b8bf2b5bd0a0c27042

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\FileZilla Stealer 1.0 PUBLIC\security-prefs.js

Filesize
3KB

MD5
c9141db042a70f59057e80c0e57e56f2

SHA1
dff1a4f8899e103e4b50d53496b8d32b4c6635f7

SHA256
23bd66e0601d2eae650449a3def463347bde38ad7d14460666ec4d8aa5d7ea9a

SHA512
d2c0178f75c1edf9077dc5c2af9dd7441071e13f0147a5bbb6d5068e68297bf207e9ab4aa00aed9cadf9d1064e1c5b381d37293d34971077ba19b876d726404e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Fly Stealer 0.1\pnpclean\PHP\style_dark.css

Filesize
3KB

MD5
9354c7f9f6d65edb9f9ac123ead217de

SHA1
34d9b097ede7a9a5bc894e26ddd36c107445aff3

SHA256
7439efaf6277f51325b19ba60723e156172b7b75b4574d9f96571d5509d5ec34

SHA512
165c76302bef5df16987715b6a88815f10796a7343ee125321bf65c8cd01246a8b99c34c4b4feacc748e0a8837afa73229345461f5e6c36aae0e3206f4ea8dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\ICQ Steal0r\WSDApi.dll

Filesize
670KB

MD5
5c51daa27e529b7638d8219083ba9860

SHA1
3f989f849576ac7df64076deffc3add9dd3eee9c

SHA256
6d57b2b3a7256e306dc44b28f7c6f499174098a0bb32bfe8c697a3adce4fa4d0

SHA512
1cdd41af045916c6ceaa13c5af609d2ba111defd6a3b69860ec9b38ea032ef26c570811cb1f1c9e8addcbf10d736cede35e41f9b15765cee9600fae1912948fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\ICQ Steal0r\ua.css

Filesize
6KB

MD5
f41cd1e91b86b97dd2d28ca108f5166d

SHA1
48a4441e4329304cc4e5a615fab7b9683821694d

SHA256
9e56e19db8dc215e6112fdcba75a76ca27ebf3b9fc15a1d5ea4c1c89d3f586c7

SHA512
0c410e67dfff2f215f3f74614ba706ea65a6dc8b978708e07ba2dc95b0dd32034fb3e9c2a1babe571fa058c332966de3de02500de19cb462a2a29c9eedc44ede

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Multi Password Stealer 1.6\manifest.xml

Filesize
542B

MD5
716eaf029431c08c6512aca9cf138016

SHA1
8bf507d14350e66072e1a1e527738c11d0a3a5d8

SHA256
85f29630451868b4d6dfd0657bf8a03441eb66060db7d0f5b86b82c2f76a5acf

SHA512
83d9180af5ca299438b2e07d386a96b929216f97d353ffc38b39e2f20508f8941dc7e5a0b3dfce757b1b915eb4db8d84ff627a561f6f03272b552b4094864d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Multi Password Stealer 1.6\ntdll.dll

Filesize
1.9MB

MD5
023215ac210c95e7efa26097f5e48222

SHA1
339e86a9ec4fe684899284fce7da3884e53be01e

SHA256
2cf67e1cc1e6f43637fda35315ffe16b2ca140bcba149944d5e4b8ecc49391b1

SHA512
03564b7d0c0531e2852dba3c7ddde257917b4c057d1bd564f441728f3e75923c9730540cbf6a6d1ae104ccf960158e0ec0b42e377b34ef0ce124ab0d28ca5e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Pass Stealer 3.0\forms.css

Filesize
15KB

MD5
cc465019eb5c47a1302cebd1e09f0422

SHA1
3501653d9b40114eac8498d62267abab6a0d79d1

SHA256
c85170992c76c0b84854167924bfc4f1e59eed4b11a30fa6e479101865102187

SHA512
728f3c502f04fe550d6436c660afca9bdf2436b7a2c16659dfd8bca77861b3129264bac9f567d9feb2c7c2d06ddfb8bc96af9567c3b00844acb61b9141fa671d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Public Firefox 3 Stealer\System.Net.Http.dll

Filesize
193KB

MD5
e4b20eceadd0a1d030b407b02b913ebf

SHA1
bd1bfad57bbafe2b96fe72fd9fa791d5784290cb

SHA256
f48e85c97f8e473240db925d00ee871be9e2e7b684b313b911d5c2c14c47078a

SHA512
95b5819c9c27b123ff9c6a8a8703b6bd8857c006c67035d62c4ea58acda41266bc8a8c43847a010d28e4dd5195b04cf0d1dc409f0ce7d5bf59b36cd5d6845622

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Public Firefox 3 Stealer\forMs\AudioSes.dll

Filesize
1.1MB

MD5
27d24a33c3a828d2b217005ddf5199de

SHA1
033484cd400c5e13975b4d9e9fa68886a8f445d2

SHA256
40df96a5c95f2d66b73fd003b2061587cea43bb8f173bd8d6b3eabc41e4ff33c

SHA512
0f476122310564840e06b3786ca3b21e4a4e9cc5726de48e85391344cb13bff1ce60a3d1276a914eaabdd8fa52e6141f608aede9275235a468a068a452af781c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Pw Stealer by Killer110\aepic.dll

Filesize
501KB

MD5
2c01e672e09f50818922efa14834b8a0

SHA1
a5ceb381aeaf40d08eef24e77f6f4e0210993105

SHA256
ea90623270d2896b19c6d35f1f56882765c4313318e741c25e1794e6963560a4

SHA512
79acad4c86f6d3000e68b3253c9254ba8c93519e203f85c5a76afa0f0cd2eebc14e31c3bfa80ddb73c0712a64fb042e787e0ace20267a32bb903b03acfe46cc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Pw Stealer by Killer110\xpcshell\bcastdvr.proxy.dll

Filesize
127KB

MD5
eb1e9d853b3a71f8db7de8a1ee04a757

SHA1
175e1d12d7a6466c844d0e6551a90554b1f9c50c

SHA256
610ab0b7bee791a97e1ebb78a71897adcdad3e1db53598a1e1fba0b3cae624c3

SHA512
8987c9afa386f1fe0c54efb7f93e5abe49055568899c16625bb37f8bec4872627b159f2a7c1002b1980e29dcf6ea0757058882e73ce533f1dbf9546f6cbbd283

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\SimpleStealer v1.2.4.1\Jint.dll

Filesize
244KB

MD5
734c5ce8f9b104d8ad3c7b494e96f9b9

SHA1
184cd4152b1b65d9531867b06c2e1c215fb872f1

SHA256
ed618668ae9e7c02c7c2b7332dd09079168cca96432a051044683c996337001c

SHA512
1e3ac0649e3b7bf9e97681aa7b1346aa44afe96d8c86fc77a6e002b8cf5b14b1a57f19f669ed0d4ae9a94d3f65d4eefa99dcffcf5d74afc8731f913c9c9f79d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\IA2Marshal.dll

Filesize
26KB

MD5
d053fe5c775d35499d7e793f57506f48

SHA1
93f5ee3f189e733c6e359071cf985341ca3f936d

SHA256
cf4d65d742988656ec400b3633ff99d7af04a32485605a9fbfe5aeb4cbd2b1f5

SHA512
6587d4a94afd7a9415c253d4bdfd68f60c3c653a1d02bdf6c13f513c9ee74f9d0d7786a6b5849c16ecc13b2fa5784ef0a9696393affe2e5fda51df1e72c997bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\LICENSE

Filesize
30KB

MD5
6a168402790208145f7dc05e95de08ce

SHA1
c4bd17ac9ad5e2773571f900e088ff843651d197

SHA256
c4be8e0ae5c90ef46c5c3365fdf336b4d622dfce3ad01ef5895aa372698716c5

SHA512
07aa1063812b1933da8a40be23f13c71e80bde021ba76716eed5aeabc5a73ee375b6c2827d87b895a112c9760050731f9622f5a28def37a296ad5b767c9afb9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\README.txt

Filesize
1KB

MD5
8d510159c4f82fd845807ec73de06324

SHA1
ce5d33ce8ee9e5d06824b5b10ca9baa40943e689

SHA256
9001d79fe5215a61af121995f75af8ccbaa89f2f6cbde8a93b651b6711c841e2

SHA512
90096ca89e48335a8ef677b90f39c031a3d3646eb5e16e982847bc33c96d4aed68fd085edb11768f597d356f73369198435b28ead2a95d99e950a7826b88260d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\chrome\comm.manifest

Filesize
144B

MD5
ef343b6a28d92419d088288a2450d7d3

SHA1
9b5caa11de37970ccd96adc1e920006f5b6e5f76

SHA256
02852e9f7f3b47b57cd599ea47f25b38bdb3b5cb6dc31f3033d718f4a1a3aba5

SHA512
01dc1c14dde50d850311c68a3710cf21b52783e1c5d0858d23de3c478396a6b2cc3c82966494d8736aa85a9d90b7d5393146dfbbe18264e28d904b63b160588d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\chrome\en-US.jar

Filesize
328KB

MD5
8235abf38056f77805b742590e69ffee

SHA1
3f46dcefd2c786450901a8a3849a11933dc1184a

SHA256
02fc5c84aee63b4c372a925b10ef78df23b12f93fd7ca7455d47b542d5d0f108

SHA512
40ad5ff0269b36f81cfcb7946605d3c8d908e27485bfa0d878222c4c4f375d79a01f4f1406f3d4750cd291382d05d94a59fa2946779cb31d56b050d46a162213

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\defaults\profile\US\localstore.rdf

Filesize
153B

MD5
ea03cc19c2a3f622fa557cd8ea9da6eb

SHA1
2d8aee4b5cbfb5e1c08f2a4c9af2110bc1262b11

SHA256
f72301be0ecb4ce64e26fb8ee57cf4bea3dc8c8f3830f2fd0c91ae893ab5e592

SHA512
06f6f5bdb6609f0e72291ef82aaf55c035fa1fdc0906debbd7807549d6b61579428585b91ceadcb8aba511ef7a144c9636c6216afedd9753bd26e4e72f49c330

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\dictionaries\en-US.dic

Filesize
595KB

MD5
fe2697aec75d3e49e0b43bca59e9334b

SHA1
3580430be7a84bd38e51c5d949e26bc514240f98

SHA256
e869309bdcab27e9c68ca58cb347af9bf78b470dcdb94f0b3c1343e9f07f2402

SHA512
60604316df5b0365c5c60ce637ff6ab5110cc4c98c6f9007bcafda17de8f1d100edd661d50d2a917b13ba4c6dde0240155ecbe12f0bc4209520de77d3aa25e17

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\greprefs\all.js

Filesize
78KB

MD5
7999078488d8d7b57758f775771e2444

SHA1
061770f45f853c9084d3039f35a4a3e071ab7c12

SHA256
2c3b6107a8a8a7a2925906ce540009c148759f16cf87cfa0f99759a06af65ad0

SHA512
990f8592da51c0913de24f26395d3334af88c99db1136ecac4ef73c1b4eca8f7e738aad4612a9e45e956a586058d2eabcf9601d0908673a80deea9ff0e0e7317

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\plugins\npnul32.dll

Filesize
58KB

MD5
eb25396cc147bb66eda80aeb7bc48725

SHA1
eb9a142ee58e3eb88395087c3afb0d5a07a6e5e7

SHA256
549f92fe8bd57dea69ae781579c93d3ec2508edf129844c9333c4145dedbeea9

SHA512
91d8e9b21810d093494827e9f1a0171188a19df6a07a70b4b5c128cd9b68c433d13d379e97b9d15ff827e4792ccd6c4cdde42bdd8e6966e61b54a58ff2080217

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\res\quirk.css

Filesize
11KB

MD5
8d47e93badde73f6505e609b2e54bc0c

SHA1
c6fb9248044af1b3096bd6e7e5dcaff4b8f8a984

SHA256
1a9bd37246fba785a81b72ea8dbdc4ee0ca02451220a60104194c2eef791399b

SHA512
d33231e8810aab21238b7b8e7f3b06843ef15042e791ad43ff9d0c4a0f8fb642b65738e9155322bbb39bbd50c2e98e249aa95f22e53f64f56343bf9d5dd51beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\res\svg.css

Filesize
2KB

MD5
f816576ac602927c1d80ae817cda389e

SHA1
fd16ae9a91420349e9dc151046448b188d5d179f

SHA256
ace13ed2521e2f0a5feef813120eb3450f991742f725422d0139ffe35880ccc7

SHA512
8d128180612d635e06860a721efdc0fa8f2c70d42da118913091f6ee4ef67e986fe0934f3024e55e12925f0f6a0fce5f17d1dbdb7a6a3ecffbe31817b83aef72

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\res\viewsource.css

Filesize
2KB

MD5
3a4f7cba3eac51c1a0f56a559b68d665

SHA1
63c82aea814d84a300a9390feeedad16472de9ff

SHA256
e8328b893483c614131d55cee1c39d94d5b4f5769d3b6b293c947d8053fa9bbd

SHA512
1b77948a58db5764591006ae38d6fbf83d199f63b9b83d5df1db17dfb725cbd32c2dd0d8d56e747a1f89080eaf4cc38ee72144cd6bcce7c6889a2ef5c3c1b65d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xpt_link.exe

Filesize
256KB

MD5
edd945042db0cb97bbfeff026965efb8

SHA1
e899bdd0506c126fc747cfacc2dd5575e5e18608

SHA256
421d44757cfce88ee8bed1910bed0d769ac675a2f6963c0d3cb1556b9411fa67

SHA512
650e990075d5612bed4f420cec77f2f47f423212ab52a3d7f014ee1208b485a575e19b3f62dd004f86c3e24a1db4215911cd2dff8f684d79ec0234437ef80f75

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\AccessibleMarshal.dll

Filesize
12KB

MD5
a18788637ea0fff99681172ad3fb0130

SHA1
4991a090004c9395417c2996b218985479b47001

SHA256
8b1e4f0dc6eae4ed699775dde92caaf727251db037ff12e66119e69efc9b05e9

SHA512
1d32aa216898170f559bac04b2f9f1418b24f27c882b8f871c1868f89456b44aba1aec6be88102cc8484f53c46c508b89ad296d880ef63fd0b94c20ee7c5f090

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\chrome\classic.jar

Filesize
804KB

MD5
582c8763fd808a2b3894337359aa9e1b

SHA1
c52063e8a189f6e91d1568b64ff6a5d6d271cc71

SHA256
cb161abe251189df92ea98c5fc4da217c4a4a0843430f2dfea3ed186df37d00b

SHA512
44cb5b201740e40dc8d1249dd0c05dfab1d609f5dd828f9cf6997dfc0934b08addf3c2147cd795b7806a4a0d75f002515089dbe033fbdd8518b2baafbf92f1d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\chrome\classic.manifest

Filesize
494B

MD5
57474c8924edea9346dd15459284328f

SHA1
8a8864d0a5c952baf679bdc323743114d71da2a5

SHA256
40bbebe40860899ce490b959b99f1b1061939bc2e33e36e531247c5cd2109b6b

SHA512
ec9572dbf55a57c93808a16faaf1e5dc634a3dd9507a46c03a2bfdb88cb4901195086fa1f6226b86c4045191014dcf00a68e98a6fe5478216d7728dc987481d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\chrome\comm.jar

Filesize
39KB

MD5
eae2d89128c58225f6576e503c33e823

SHA1
89b23f714111f22adb8287df2f4f39533c48bfbf

SHA256
35f1a7c24801c1ac8fc640af90fccab01d5dda67d92bc470900f7c1b70355c59

SHA512
caa4d6629a374c39f9f07bcf217f206249e3f66df791a889bc630c03b92d870ca64002291f791f5d26c40f241a5200e51b28d7bce39043f235786766f8f50f09

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\chrome\en-US.manifest

Filesize
722B

MD5
81af26d2e0a342d45f034f9feaea9244

SHA1
81a9e8d037188819e3c7966fa6dc9fd8d0aacfd0

SHA256
f0ec864dde4f91a6eefb5e0581f14139293a12cf9df803f0d3f62901d570498c

SHA512
c387a982ab72ee34e7413762e858a41f56952e32211783853640d13999bcbd4041929b50ce77d1c65ef74899057610abc7b463774deedfe6e5cbdd42781976d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\chrome\pippki.jar

Filesize
273KB

MD5
9cb2124a294ef0ee06d988435bcbb3da

SHA1
4079eb2a1493032d77f945b79b185434e6439cfd

SHA256
f4fe38891356df20b77abb845c5801d3808a3db3bce1b22550bedc39f6f0d78b

SHA512
f3e50ca97600ede58fd1d8775d95affa8767412fd6fc8909e84e5411887176414d358f6548d981a2dde0163e726440e92e943e856994e7e563ef3c85616751a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\chrome\pippki.manifest

Filesize
69B

MD5
433dbb4921ce78024add72a778754702

SHA1
4608e7571ad013787dcd68f23ae385b29c5691d4

SHA256
c249df4bc8fadcceed1dad278a96d7915af54f0ae97ae0f23fc8eb4175731880

SHA512
59cd550765f633b2a94443c31edc3740053470c4408b31c9b28bae307b27d030a1edaa3c6974eb82fb454704eb0e46286cd454e7401cead18b1694f81bc5344f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\chrome\toolkit.jar

Filesize
2.0MB

MD5
c5e330a8b417093592d5fd6229a29c3c

SHA1
822492e278d2ea87556de401200d21fa10b0968b

SHA256
6da5158747a40cd7c4dc8c6fed92b7d9057f108850f1fad16c1610260b1df185

SHA512
5ece4372d7dd5fdc3cf728b8619ac5ddf4d14d67c53a54dff290bc7d0efd04287b0b1fffa072a36e88ae1ed517b3bece192ad1cc0374039593c856d93acd7e16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\chrome\toolkit.manifest

Filesize
560B

MD5
f730f2d4b0342a6c1010facce56e4173

SHA1
bd020cbcdbf17bd89ab53dadf37ef89babd75d2a

SHA256
fccb4c33ea0bb4a8f85fcc5596e6a4ff85adf522cc352f5fc9fa685ab0975ac9

SHA512
6f2416b16a0460bfe5e5d3969fe25854a1abcf81ad9b9d1f5a06e23d0946a9a95cea798aa53f8036b6abbbad367c9f6f4a628005d50a65bbcdb1a9cea0fdfd31

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\FeedProcessor.js

Filesize
64KB

MD5
f8742a00521aa471adf4ed2f1dea9435

SHA1
40f25f2333a9473828245a27da5c9ece4c840a64

SHA256
b4c68f24bc49a29292fca16ba3d1f9e718e629eadfddd46c4f296c3885502e72

SHA512
e9900e8903bcde358773dc152766b128bf2882ea97c2eb3e7f88aa5e97af5e390ccb9cfe7cc8719b26fe9f2b4237e4c5e04ac4cce6713d5670fbc1e00f2c5626

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\GPSDGeolocationProvider.js

Filesize
8KB

MD5
b1e9ccf9cd7af35d9b3cb72f85cd0d69

SHA1
3f0f41ade27200b85e54d757070d6299452b4d91

SHA256
ca85240515baab2d3ccef4db2b353e2ee030c12b6ed76b15af55b09bf0a5bf8e

SHA512
a411aeb2d29f440bc3d35657ccffce655deea248cb4d8fd11c63009561a1696ec78719c03acd62e8325041e22d318022fda3b361cd61ea8f5165e829e70acf6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\NetworkGeolocationProvider.js

Filesize
11KB

MD5
67263236692922b20d4a8e3bd94205af

SHA1
7687b3873eb2be10aced513df412f7278e156770

SHA256
54710e63344187685fee08ae915b3663d4a4f6ce4f487a94fdf89f5e5b35badc

SHA512
8535c54ccae5998ae7fc79723793d3c2d90f12ce821465292244cd3e02a9dbe99fbfef32d67dda7ccc1af31634c5bdca2ac820af22ed99644483a01636ee39f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\XULRunner.xpt

Filesize
353KB

MD5
9c8db1d7366db6480bdc21ff38290c49

SHA1
ff5e9de3765dc4ee435a9a2051422074de663003

SHA256
611d4b5a5993f69e0f2944f34a4a9b3af41a4fdbd524aa9ce9d7456e9ed62dc6

SHA512
50664f3d5cb9a38e3b2612194f0f55bae5d04f3bfff436e4a989ccc0878467d45b0ddbccd635ee2193ccd907729edd8fb51907c6c720a0589be10ee9033a0936

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\components.list

Filesize
794B

MD5
c69aaa67d1d317bfe0311eaa52e5873a

SHA1
6f561e2c64f9afc349f3ec9b8e565d4965f3c9c3

SHA256
955bbc97018b3ecd989c9543a01972cbc8a0bc0e49363056e42d2c062dd8d2c6

SHA512
7e61ff8e8f5ab638f9f3f1e6b6c9b5220dce9435bd8a482c615a4b9d807f401d8b8326f1e29409b73ca633f411260e23e328410a437fc83bf7096ede76077c49

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\compreg.dat

Filesize
134KB

MD5
20b0e9f93e80b52d7294a0470e78a96b

SHA1
847ebcb3b5bd5d6d08f4aef1c9dfe2923bdd0ea3

SHA256
64bca09687f58a6f1dd79c7705a7de1319f09221754c4a02b787775ec99f0130

SHA512
16eb8e848474296eb138a8a072e6df141f8947762c3d52961b46b701b7f8d905ddc392849a4e23bcea0931e3f2ba28e1ff76ad8984d33acba8db09f906babc6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\jsconsole-clhandler.js

Filesize
1KB

MD5
9f08edba184ecfe8b808a1b853bf8285

SHA1
6a2284ab4b0bfdeb0bbb0dfc268f19db99cc4147

SHA256
5bdd9d827fb1e05729d5da6c411966aa4d3b8c87645a0d1e41cd8b459553d513

SHA512
528ce76447c21e63771703c073e009e1773f73083ecc81fd779b1d4b62bbd9bd976fed2f86142742d542a94c67282d2b9880527b92206a94eff2c0dd69f27933

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsAddonRepository.js

Filesize
11KB

MD5
239a630c874dcd8fdda1e09c3f2d75fd

SHA1
36afa383ea69e6f59fb788b4d0149dbb32484a7d

SHA256
94213c99df6d715e2c892b3b98f1410c6c66e64ec24c09e4e546cc10f3bb2ec8

SHA512
2183318a7bcc77075ada57994847138675bf9b2e401081aeef171fc4cda99e70a6736bd07e5086da8de3a4f9773123ea0685f91a909cb92b1526dfdfe758369c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsBadCertHandler.js

Filesize
3KB

MD5
b97b9d92df3f18712f05f087e66ce7ad

SHA1
d714575a8ebf250c10c69ecb9d17095df49a8e1e

SHA256
7c0926a6cdc600c9913d7507049e26848d7cda7926e0dacd87e659d12a510455

SHA512
7e3d939230a56a4d5af43b77c0ae9d517ea6ace43cbc5cbf7546a84bfeee8b14a47f6c76c8c7578384f35aa7805990f4f89cbf8836c9b02bd5bde3e3e8b5760d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsBlocklistService.js

Filesize
33KB

MD5
892bb4f9e2c854997baae7b947a8574a

SHA1
d4bf431775fdcd2f8dc2dd8a013106f6b2bf08c7

SHA256
cc53fde52554f31d8c7486407d7c2373a6dc5fb8c4f2c4c8e0ff337097b1d33a

SHA512
e997d24e8eef9e1f7d6517295c163b830ca876d52575467604762e07087ddac09aa9fa6fccce439e35ef1fd721c374f2bdff5aa35ed6d5d3cd675b11f0210d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsContentDispatchChooser.js

Filesize
4KB

MD5
9c5bf9003ebc1287cd9b3e6d71294ee4

SHA1
b4c331ec16134d7b32386d3fefbe292a2f215815

SHA256
640bd3c5544cd5348343b27a3df1282c61d4ca5e13938b446bfe68b6dd0e6518

SHA512
091fa3331be019c98e865c2e579d548ffa3f05ba8fedaea2a7371adb78ee98b03a65bebf9b1c6c6c1416f909059a2149deb87b60f12a1051640454dcfaa80898

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsContentPrefService.js

Filesize
32KB

MD5
17599d1f69c93f120349c16b856d2dbb

SHA1
66d64631fc6d6ca837eac668d9f53ff08b8b7fe8

SHA256
304ac8ba9f5fd46d0d2a9eebdf8e9342afaa0c85e730757a60535e5726baf935

SHA512
d0a84e193ae0e883e9d3ce04bbeebc2ecf00b191f3b4c8179693c70f1e30236dc893717081092f03fad285dfb9dbf5f6f8c89c28972834f7e916d6f93b5a1cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsDefaultCLH.js

Filesize
6KB

MD5
7a93046b9a2ee644c8e56e7893870d4c

SHA1
d1e442ac64122e0348fd702ab17bc9327c0e606d

SHA256
1bde6ed887c1a56ac460b9d8a305effa1a5a071ba2869c140db4dc425a28c6e5

SHA512
4b6eb0af5a50600fad2aa5177868d7ffb56bbf863c72518a9833c1ff33fc30cf23f5ada9fc96b03ffa9f108afad4f35bf98463d7e9fe8d25700331dd54cb78ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsDownloadManagerUI.js

Filesize
5KB

MD5
7d606f968bcc700c4e69ea5daf7d1f11

SHA1
b8f77bc163b300d9f162a2948f62a686974aafcb

SHA256
4810304012164bc2d2c0eb248551cb8c31e9d010a7acb0667891c0333cb3cfe2

SHA512
60b7acf06c4bad415e5bf115527df0a46d68886b20c67a4ae445b1324f22ca72292100108929b91897bd0ce1d241671858ecb3f5b8b3735e06b0aa6e895880a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsExtensionManager.js

Filesize
310KB

MD5
e7e637fa1e2915638f469f91d081254a

SHA1
f64a897806f360ef1f1129275e8cf760fe2e7cce

SHA256
52470c6c2ec49de6aa53a662f999d1fc287b3fd786e0583ca2044bf2472b71d2

SHA512
0054f6b44d6e469fdecd9a1d1f2f6b6548292397659b46ee15ae7e666102bf9fd6d43a6bbd19c9cb102b69f227f992a31ea7b4a45fdcf64492e45ab0cf519aa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsFormAutoComplete.js

Filesize
18KB

MD5
3e9d9157492b4f8e598efcc12d68b579

SHA1
f0a2a91f738e5e4e65e8f9f8063268a26171454d

SHA256
23ad7ec0dfd4938ce5a032c69a1d7a48f2be643010ff6d40b50fd85915fe35be

SHA512
9c48b3ddcb77905a1892a4a9e7023167497c62d660213d88dca4a88b405c7b000f5d71ccec4baa114030fe013928da2d501589f4000bd69b8897d77b59390435

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsHandlerService.js

Filesize
52KB

MD5
aee643c742615b020c2e2ac5fee59cbb

SHA1
9ff8b9ecfb889db7e7c99c686e5d33c2261f317c

SHA256
9c1e3301532c83ab66e8cfeff66c18d7387c0992689a6e9a72db5ad29206e1c5

SHA512
6a4e524e71f6a9653f40fe23590059c18fb3093345708fc40a9742c89bc2dfe21aa3f5731e503c7594d6398818c06e79f5e343f9ec704a9fd9c5855946b0d17d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsHelperAppDlg.js

Filesize
43KB

MD5
dd0c3b8950994fe7c6417754ccc03106

SHA1
26b409d9cc9c41340995053d5141c3f154cf0980

SHA256
503432981e4396be62cde066a0c3ba6419e5556da2df7ca115afc64d3a4fbb64

SHA512
a9621a6ae9199fb435188402e44a080997191bf824c5ae6f53f3c6ac60e46419077ca77b01461cbc5c3755448fa57fbfd38573387c65a9ed941d54e9a484645d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsINIProcessor.js

Filesize
6KB

MD5
e50e946f51597685fc8a7c0f90423414

SHA1
b6f4fa545e162937c0937a1d82a6ca5b2f7559cf

SHA256
1783c8003f2b0365cc9f700c8d4cb6bba0c3b81d88d6529e577ade8368e68d25

SHA512
a270d4557da1b2faa7597f14e767d750605984b80319ea412043d3f8339b9158056e38ab490ff85705555952f5327c419d9b0cad97f62216d40edc80e30dfb73

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsLivemarkService.js

Filesize
36KB

MD5
503b3628fbf5fa3f5dbf4e1d2237e468

SHA1
d4598645b1b2eab393963407cfe5e78b960a95d7

SHA256
98560c501c84cc1a44a5c7bebbe873c83df0b08507e82bfdf819e8d625c234ac

SHA512
b66e21b951c0b794cda798dccfd16b207a9fe8f3233e4055743b4ee58743defc81c6e7f5b8511eac8a2590290afed04812aedde9708ac4334af093535a4c051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsLoginInfo.js

Filesize
4KB

MD5
8bfb4ad5a2eb5be70629047b3ced5e18

SHA1
0c2ce572ef0a57c5828facd986936ee3821c81c6

SHA256
a290a012845765a502178b42d8d164d2594bb8a5596340c8d6fb6b3bfa4a4fb9

SHA512
1264cc423c3bb19deee6981807a6f54e9ab0732a2bd3f63ab70f1d32bab1da6dab8852848c47d7da1729261c987f2c9a5596148f6de05a0851a5f89fc68a2217

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsLoginManager.js

Filesize
50KB

MD5
4c4d1af902af85ee5448901776f133e6

SHA1
8d5eba91dd481808c91d920e8a9cbd30b456306d

SHA256
042965602e612e66b7b7390bfcb231d920f885165bf82f5d5b970da675721939

SHA512
4b438067c725ebcdaa13494aa8d7718178d4096d5133a3821e4fbbd38cf5bdc73d0ce74adcee542699d9a5e1e4d92e173ffa063be2566195591a7b2a6a7e2da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsLoginManagerPrompter.js

Filesize
50KB

MD5
695b2818df57e55370bef1c7cefd2c6c

SHA1
2c69aa2830191d6d75182a5d7ac8fc8b0483539a

SHA256
dcf66d8e79641db19d0724d75167519552108fe85d2787f38cb53a55a559ba6a

SHA512
5894ed91375bdcb23d11373df57ba36036c82c1a135276e1ec76ae5b5dc8842f653076bba178ad0a388261490d2cfe97872e1980bd6911ddfe4ab9d2d51c4582

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsPlacesAutoComplete.js

Filesize
37KB

MD5
55904ebba13d096aec70f1a1ff452704

SHA1
8e7754affccffcb26fb5e3342968d8bc7980a63b

SHA256
e14db63a29dc1b8ec2b7f2f9438257bc7e1332ecbc82a4624f1b17e4cf79daa0

SHA512
c17e36ae1351342daee1e933eb35e852a6d2f04aec7e27ec7c0fd47d9c02ebb6e81d1fa93bf1d348f832d1053a27ca9f4d240d835f8c950f0ff6545d9d1ff7c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsPlacesDBFlush.js

Filesize
19KB

MD5
0596891c456afdbfe70b0f563e4cb7bf

SHA1
cfdede4f741f9a827a79702eec80040d19f67be2

SHA256
d47bcddfcf1f342474e4aee070f0366a3405e3983486d301f63ec490740969fe

SHA512
5f58405dc2999cce84db68c28316f97a2241e62cfc2373419c27c1d39633668b817c3b98daba0573d5e1bb2ed83b77f5afd151820df2e9c67a251c6bd6aed6f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsProgressDialog.js

Filesize
36KB

MD5
1aaf35ae17d913e5494683ab6900b773

SHA1
f0d1603118a21e05e51fb6c46797445b63c3f70a

SHA256
fdeb315662596aecbb76a54b37a72d588658da932fb56e1a670dda6f716850c2

SHA512
274588e1e72732bd264c4d09089edea3c90a93dd9f0b98cf72e560346876199f9140251ef9b5916f37b24ed84570c8c6c117c6f2624422a0abe003956dd899f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsProxyAutoConfig.js

Filesize
13KB

MD5
3ef44b84f79d73123510e9a7aa1cad31

SHA1
0a69826656acdf5870943b1822689a70cebbfcf4

SHA256
564d9b0607926961a6cd83aa00b96d2e847f56f4f3ddf0b476d4cb74d69a0b7d

SHA512
35b21c466928394ff5e8f6e44d223c890513f8c674473775f41ee4910609be01cb14b8470b70ded6ee4f55011be0a7aa63f0caef8fd4c3afc4de7250faa8e88b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsSearchService.js

Filesize
126KB

MD5
4c1fe8d8aa6ec056f3951413aa27bd80

SHA1
e79bd52ffefe27956eee2fc93b958633320da30d

SHA256
94fbe071e42114bf122d364265524bfdbea3a69a73659350dc799fc0b506ae1e

SHA512
4dba06a1428ea5634b3ac4618b3b5af3561b1f9957df56f0d4da10dace02f5458150707fc98eed314343bd2360ad747367c71287c1f56e9ffa531ec6f8fc1cb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsSearchSuggestions.js

Filesize
23KB

MD5
2e669b43e26050f5b7b6fe9b1110b2bb

SHA1
3fb1448b22d238f8f46a48147e7eb2357408219b

SHA256
52ab423652e0d6ae42bd18047fc1b3dd98a81e4e305fd8edc166421ecc5606b5

SHA512
fa8b8769f9e924c9807a0c92862221289f612328c6c6a89672e4f1ea3b73102e1b148d045f3e07138ee8b690bbafbd25dac09910c3d333bb75a31c39b6e7595e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsTaggingService.js

Filesize
20KB

MD5
1949bfc9930454015a9ed80962f267d9

SHA1
9a61d1f48e6695780f0998ae19e5684799d9189b

SHA256
b170c848c02d34965cd3a3898dbcbff8e15a8c5425454a78c4f84a2a63c9efb1

SHA512
cc0e4c6201acb86802592e1c9a14676df5b68dc17b66a932a38abfb125d2eba90f21bf7b006728aa6242d910f61dafa1dd1be18cd13adf5ef657bd59a34d8848

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsTryToClose.js

Filesize
3KB

MD5
d33e557c3779c5f9bf1701cbe39dbdb2

SHA1
9a38b4a70a05975689dc58b3ff6a969e7661fe2c

SHA256
a3febc3900fdf5090a06e1b386472d20c94e192ef730a35409ea2c2c4d8f77c0

SHA512
69ded932e0c1e3b703c925e4a6111f3ff530b61827470a6ee497e8184ed7aaa46b14eed9db1c739bddef6a6f569a449ca875871b3fb65587a8d854e29b775805

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsURLFormatter.js

Filesize
3KB

MD5
8397400c3d26d568f0f4b931beb00bc8

SHA1
309f46b8ce70da7c2daf1b121378c6a0c8377aff

SHA256
c8ba90c5d3899a6363ec3c45a6088edd43fc9ea7406b374b6ca60b5a77d3a192

SHA512
17992c5a3425647a7e46235ce2541374eb3adddede90599d8ecd48496c2f6b2929c0558d489ec04d42473d297b49d16b2b2448a4df64506d1c7a5aacf09f42b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsUpdateService.js

Filesize
91KB

MD5
1dddcde55133fecc02b6b5ddd9112cee

SHA1
e964ae6c601e6b3d8f8dbfc2e79e0308219ada17

SHA256
0801b9d47c8d27deb86ebe156d33d80cc364994fcac445263514646efcc86f35

SHA512
494e56365ca7e05e019bffc14af39a9109444d6ac5f81f67700c3189a7a05d8d3d042c0f603ab515877400048dff23dd935d38688031b8bd5ce3c06e445f39ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsUpdateServiceStub.js

Filesize
2KB

MD5
d64d6fd4d6f63f3d60187bcfc437cfc1

SHA1
897ec11bc5af0f300653175a503f7a574474f5b4

SHA256
33abc08b6ed6fc1dfc8e1dce58e9eebf6c45dd48e5a6b6b39a05897189a159c2

SHA512
91faa0bf1b4a1c493f3cc26e8ee448140f5c65ef67a26a0a3e211dc2ff80888bebb2596480b57fc47056f6f307c44739c0ed4ab968dfaa271bbf7e175fd6b81a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsUpdateTimerManager.js

Filesize
7KB

MD5
7a0c7b80683ee6b3d299b1d7a55160b0

SHA1
dbeef900e1e61797b1550a4ffdce867611f839b3

SHA256
230d8e67ffcae594c6632fc19601336f509176a1e4ca279d8354004771e80e3d

SHA512
1572d259f3165311c5e6d8787d99d61bbd36f9dd5face5efd8b38a68adaa17a7ec5eae3d6837b7adbc1b6865691d516e53122497637e05f3de4a720256fa08c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsWebHandlerApp.js

Filesize
6KB

MD5
30c94dec9f1d817fd6b0f35f5fe8466b

SHA1
fd314a65502ae138dab5a8e16b9ff7bd1938db3d

SHA256
3b1f4e14a5c3998cd297c34806bc54406b73e8e4dbf66a6ed43628516b7cce01

SHA512
061f2a261c8127d4a7355b56ce7edd6271761b2268ebb45101394c5a533fe822b60b28f4fcc8b60daa3bb7c14f0401921fab674f2edfca122d332fade7feb97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\nsXULAppInstall.js

Filesize
8KB

MD5
3497f2ad18dd265848871a48666ea84a

SHA1
b90c13bafee53fade9a8ef4bf67a81017821c10d

SHA256
0acb2d8f24a840534ae9453768cc68bdabe4b7acb61274067daa1190dcfba322

SHA512
0299fc864dfc0d13891c9ae4a45732089f446b297d9e8ed4a703f36f93c91fbb6466e97e24c7cab23382d4ed1b066b4e3c98853f0437506065c87aec38bcd8ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\pluginGlue.js

Filesize
2KB

MD5
dabe425fd6cfb9c1e09a9c7ebbf0d4ab

SHA1
250ed09d4c02631195bc27a63da0ee1e02f9ce52

SHA256
793dbab08d499e792094ee32b6ed6279d64e6e22dfd23e511569d5c4f01719a6

SHA512
4afb0bdd27fb5de30d9229323d26bdcb03304dd133935f068f8c14d8eadd23e777b0aff447ba4ffca1815d1f46cff3defb23074a726eb868f65b8717250b4681

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\storage-Legacy.js

Filesize
52KB

MD5
6b0abc6030ee18be2170698ada8006ee

SHA1
5e2af256856497867fa537388427b2bd641e69e4

SHA256
6abc168e06531ab7cc5253373a32c1f38829ec1478f5037c18077b07274aa56a

SHA512
03f0d74905c00c1c8c85a33a0cecda19fa903d57c0d448641e7ac964f2e3d6f57b95bbc42d2fb2981240a443bea79eb1f3380e382da1098e0feb2c1cc94b9a06

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\storage-mozStorage.js

Filesize
55KB

MD5
86a6cbe10fbf80f7192d3bbee8f31b35

SHA1
10c27e93ca4c7a8855364957d2820d5f9133ee67

SHA256
7acf0869fd5e097ab18c20561cfb3a988d63b075cce3cd423b3903e4e0490ffc

SHA512
61cbb30f1a4636dbc636cf4b4cffb6b7ee1c02f3efd83efee3fe71862ae818a150660c9aa309f7f4c17a4f95170276943f974eda40b5be2b820dda9d9e1b4ad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\components\txEXSLTRegExFunctions.js

Filesize
6KB

MD5
253083afbcfda77ff5c41a0a75620a46

SHA1
ca433b11413c905db0535476d03ade89cd846edc

SHA256
03cb10ee95a2f6188b9375828cc12e35fb8d5722fe25145b801cb884edf62a71

SHA512
79d14cf51621e57381fa91c34218802798e2423bfd0b1efcb749e4e199afbed856c48dfd0e9e3d6bfbd992f649f0601f0cbc0e5b5ef27d739fecf6a71ca24ac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\crashreporter.ini

Filesize
3KB

MD5
96ad532ae20e686c5d08ef6f5051067d

SHA1
805d633ac2be7568fac0efc67f0f3170b990f7f2

SHA256
5004522091405a3d7892d48f00ae172e87db22ae29f9b2492de458867092c7a1

SHA512
d48e0ead499e62239f8fd95489841e7383e8872d18acb9d4f3a1919c50bf1f42474d7da684c98f080918c1821ea0e306a0c96f53959149297c519ba14a413d5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\defaults\profile\chrome\userChrome-example.css

Filesize
1KB

MD5
4788fdaa51b0a238cb21f5c2877ef06d

SHA1
866b51a43c76c9ee058f7b507791c86e5df8ba5c

SHA256
bbaa6de3247c9d5c9991f8d14b9022491578e603a6b2e2838e760a87c658a719

SHA512
3e628961b1d55dbb795cd08508a3578d2affd8dbcc68a4ba336e0d02dfe069a747cedb05d9093b52c36c21ec9f8e9123055e679caf6f13b2c6d600b4cc5be748

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\defaults\profile\chrome\userContent-example.css

Filesize
663B

MD5
d3765c7d2de5626529195007f4b7144a

SHA1
257aab5a68752a4de9375aa50809f3faa8b83b26

SHA256
10cd5c7d7fb1f6f1123893530099888822c6cb8a4a41584534c2d2eba38f5ba9

SHA512
ca8e87d31f8df9fa1f9c46a51aa2960b980949c4e5b360c82297a5ebb3a823f7c63fc8ada7db53f8e7fa25cf409d33d492f573e5ab061ec7659204577f4f0545

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\freebl3.dll

Filesize
244KB

MD5
05b26247d9a73de63404b8bc60d8a469

SHA1
253937ecccce440d19bd3e4b6fca291be138a877

SHA256
dcdb578333d76566b6597d5210f20f61f808efa19d5ac8d8f77b9fd89f85b34a

SHA512
eaefb7aff46f9aaa41c07172b436716349467163773f418928c227f92deb412a329c542c3edc070e796c61c9aaf97077ab6ea9d353f66fb404852ee56a93dcf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\modules\CertUtils.jsm

Filesize
2KB

MD5
da539881610350a8eec2b06c1ca10298

SHA1
41a080f39f42d413bf9d8a100a335aee513b8ab4

SHA256
227247a5c0a5240f7d0d7483c3d88af003b02448b71d53be66f9f4170c609906

SHA512
b6c316840982f0fef5c9b9993f314cf3fba82cefb11bd5aeccad8221f4579ab16d02dcee84daad1b742bc949b260ea7d51c683cb16772720b307aed662b3d2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\modules\utils.js

Filesize
68KB

MD5
cfb29417369701aec017d482796a3451

SHA1
b0001b07a96d68c130b160c16ecbf2594f26118b

SHA256
83c365463d1dac75dcd3b680a27029153fdb8d604aafd1ea41505f758432603d

SHA512
3a124c0056afaf958be14f40c9beed9da322a8993bedb753180c61b651adecd35e2b598b89a5db3f5525d53836c2e50a081722552caed981c72423b6ea36b332

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\nspr-config

Filesize
2KB

MD5
ae651571becc04d7911fd37a5f76624a

SHA1
999da1534663656a7a7d8c3f031e1a4b8791c4d6

SHA256
032a87e726733424fba222bc9483b77b1003acdbbf9bc4f19754278a10da8616

SHA512
d8f3a8bcdb2d48f95800ab182998d77fac9e1c368b9fc0044927d9248f7194f0a5dd6c660d27c57fce6f9dc434bdf40380f9e2405248deaf8dcefbcca9a23b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\res\contenteditable.css

Filesize
11KB

MD5
64683081fe6eb8ccad5636483b8b7441

SHA1
f247f8b2d672a04d118dc5567e7aeb43ac593892

SHA256
e2e376b60c6dcdad000e4591f20c17e03be411ca1049b5b68d4cddfdd111a679

SHA512
b4e1732aabc6963178394091a944ced1615e92cc376b57b09a2e26324d6c693c387fbeb57d3c150853d5821da49b7c7d4af00d83c911b867746ff35a9197d27d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\res\dtd\mathml.dtd

Filesize
62KB

MD5
38a0a46cebdf13e3abf3b38186657b1b

SHA1
5993adcff475c9bdc0c5b8e4112b7ff05359f1ac

SHA256
023c4cc8cc7578b37e46196f230d8bf84b99ec47f308a523e791ab7593b46260

SHA512
764d3800ddac1fdbdeab5dad5ba509fa7a260c34f30f5d6b73943ab2528f9bd5487fb17d53279c97e9f28862da99e65f520b03a1d10cab6adc0e102912d0e98c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\res\dtd\xhtml11.dtd

Filesize
8KB

MD5
7f7b2f0922918714b3cadcb21eb30de4

SHA1
2981b43e6045ff35d34a1027516182447531e0d6

SHA256
9d595acd4edcc171ed84213328736337d3a8265ad22eba3b28f09fa514de7ffb

SHA512
ef3bb75471cdf8e02e17405d04bca3e6707fc94e88987efe8b53e6718419f5596e78da4b4855e1b12c9721fe340504fbbc774264ba689874f45eccd5d77389fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\res\table-remove-column-active.gif

Filesize
835B

MD5
cdeeb11aaefc565b7e2e6de6c5122adb

SHA1
67c0bbae8ac6dd12cb66621f3539fae6971d91e0

SHA256
1ba095a2abd0fd53efb16480111e199cb06cdc0f7205c73691ce83e302af1c03

SHA512
b123401eaf3d0407638c1e0f3a17d102987b769139d83f2af346d5f5c3a1f16a7aab17bd9c046583542d15fbdcf11d24206a4bdf62885bf87b2aca4ecacb77a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\res\table-remove-column-hover.gif

Filesize
841B

MD5
f6f8b831f31c8a4081e61403b258d944

SHA1
389daf6bcd0ba84a413dce4aff02ae9800eb1061

SHA256
f19d34969cef9b58e845f4f3630ec3df5a3cc054831f3880c1b68a34afa431d8

SHA512
01bb9b06927083d052b11a76ce147073bc25d7c95308d189dbc5598776f83ba26c22a260450f41c2d18e4c3ec86aa24719a90bdeae1417ebd4b1066b80c8fbab

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\res\table-remove-column.gif

Filesize
841B

MD5
90ef7ea72f363d421c608e37141f0e29

SHA1
891c963cb3c26628dcb18db5653eaca5275b0f9e

SHA256
dd6549e0c43acaa44bba371928f96cb02f71440149f6ae4d2e9ad4706cbe2231

SHA512
6a05229fd5e33ccab5b5e4f185395fb77447384c83b2d0ca5379106e3a06296a6e372acf8c3be7b7d1e8046d5b3002ec5c4c4c22ea186fdff828acd2aa5702d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\data\xulrunner\res\wincharset.properties

Filesize
2KB

MD5
daf08d2c812f7185c4e2472febc6b8ec

SHA1
f2e30f66a696051452e49245f1be3f72161ee5e7

SHA256
abeadbcac63ecceb67c2f692273f2de230adfce1b83322e6be1ce04ecaf69599

SHA512
b5a34f22737934e918289097463cfee97628ee1831f7e2496859d09329df8383cfbc8b8cec23b1035e1dc739772d717b67970740d9dff7aab426ba3f0518652c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\defaults\autoconfig\platform.js

Filesize
87B

MD5
e3c0b603d8720a81116319d44ee421e6

SHA1
6b7554f4fb3f1a4f22c1b09f0d1e84eb9438450b

SHA256
a319126b701f722a192e0653d2698b8d855e43d56153069ad1255879a0affcb7

SHA512
b398fc5f36d54ac60f6487bf950298c03ba9a01821164973c1b999d4d63b280e2271749be803bdfb9593642b79fbf6a8546eb15684b1496bf0432deab21afa6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\defaults\autoconfig\prefcalls.js

Filesize
7KB

MD5
8ac9c167aca54fd39b9c9fa93fe8303a

SHA1
913d005ee6be899338d76441d353d6a19b53093a

SHA256
46114d2f6ca42f5f3a167a1e059cfcdf3604f727e6e31bec930927c980a34873

SHA512
016b3ee068de0f9b47ed62e914b45e4f69d43b9f53189e8e211b717c3fc469f23be7c4595113df072a9445e65cb76bbb075e8a01d75affe52dafc328cff6c650

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\defaults\pref\xulrunner.js

Filesize
3KB

MD5
a451d6a2f4c405889e96ee8e7d6e35ca

SHA1
24633902121dd7d732832fba5e6128969b81fcb8

SHA256
f9abaf838ad497d27023490e8042a5eaae36a09b72d38ac4ec9758a68555d8e1

SHA512
d8f9326d5d4befa8c2c5f3e565ff2bd32c6018d42d5040ba41b7410cfb54c294e20fced5f3453dc606391903630b5324dc12b13f17a72b4a34a5266a65e5aad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\dependentlibs.list

Filesize
115B

MD5
e4261d475a1a2f4b2c86ae81933d9810

SHA1
e4f3947898ddba59ab0007427d3f0bbb51f72f85

SHA256
fb35444ab95f2c82eb6fc2bd44b747c4448f9231082e12717b3e93de48e65b75

SHA512
f08b5e042c99af5582a3a83327584eb4dda09ffc3fb5aa18ba1c7bbb8ca5967114496a0ce5e4d132f221b1ae349b9c1f7295849af0a95a62bc6b77051463376d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\dictionaries\en-US.aff

Filesize
3KB

MD5
1d47ab1b6a07fdf04c34a78c00794077

SHA1
530f8a33f34f45ed9baae6b260f2f5e284990a78

SHA256
548d96ccbdf66e37ba45cc7e977e71228fc31daa50cc1d93932f1597d9a19c64

SHA512
272692c91e6d8ad00aa92354f8a9ec34dd01609f15cb16d6767c32d9e72bf693bcd0a462aafda80892d7f605be74536ce0e022e90f675c42423efb7de1657deb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\freebl3.chk

Filesize
478B

MD5
d953da6b65eb23ee2f36976fbe33f62c

SHA1
ab2e8e15a6a29803f910abd7571595a0a7d69fde

SHA256
f85acbc95d072b27ca5b333f7a5bedc1c3d7391cf62427baf6b27f3ef85ff73d

SHA512
047bf87b8ce8cf7315ee657324a3301a7226f19c79d1ec91a6a6491e97d91cbcf9684e6eaafc2d8f5e6f574f0474d661b9b8445a832701c710b43c18b404fbaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\greprefs\xpinstall.js

Filesize
83B

MD5
f4c2658b08d06071c5785835f52e5f7d

SHA1
c2f964f30d19f1b0e47231cf77d8fe30be622970

SHA256
61e7d1fff0b7118ed783916561690671e0889da7b1ca394567450c76154aafa3

SHA512
558ae73cad8b57afc41647ad7958cef806cc41f7d60005b98028549f634f505803bd7bc5b3c29852f650e58b6e242ff38d8b8ed3a36ba9abc9ab59de256f187b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\javaxpcom.jar

Filesize
5KB

MD5
f1cdc460b4698fe14c95bca15b5854ad

SHA1
ec358f62c711c144d85eb9e8bcbd37ecb39db5ac

SHA256
883021394264ebbf7718e418c71c8349a74438425f7a787796d6dfc5d8b18d3e

SHA512
d239b1c341dfb5f7e055130e67ffa5f429459febbcb59f422223d01243d901fe10abec468376f53b1b5426eeb5a534dc8818f9e863276b5294534c3f7d8c18aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\javaxpcomglue.dll

Filesize
13KB

MD5
2ed1463df4e020230d47c98499af5dd7

SHA1
6512e294347f427f82365e7c58ec96164760d088

SHA256
95d3db713846e41fb31a79173f0f7976362441769318a1e80a64d5b73fb50834

SHA512
9bef4d108ca4a437b748c5ad57f2e7098f86e7085b4175da0180a14d73cc2ae082db276015ce3d4fc4a18d7758a3c418a69dfcea910f0c481d839d944bc9ebf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\js.exe

Filesize
1021KB

MD5
4496891e5fbe826ebf237997230be371

SHA1
66b869076903aec862690593e6f6500e998694f3

SHA256
8cc835e500665935d80c8fed08dbd0abe99ece5e3e0b7b851e5caf1da6a94e83

SHA512
54e73013234e43ba3ed4e246354f2baa9dfd9cbf4778a7b678237ee912d5ad0475ce8a3eec2e468c2edb32faa8b7869e4934b96c082fde4c2a659f4700201004

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\js3250.dll

Filesize
822KB

MD5
3677f745bcd0a2bfd15afcad64a5ce06

SHA1
66381be4ace4283b40a75d3f2269073a13b26736

SHA256
c32f70093cde7e9705ff27dbdcf89289af1e2300db06f68875a49d247598e8d4

SHA512
e2bc1440f3cf278f5d43630c16d080624eb5525b31e3f5bb9acbe532383b7b4c46a209c5ca4c653e83a7c4084b7832a515327fad71d56ce1091aa940bbec1ebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\CrashSubmit.jsm

Filesize
13KB

MD5
1d1487a2499a094383ddca9a6410a2b2

SHA1
db69a4095b7a33fae4fe963c48d901683e5fb30e

SHA256
adbee3da63833956e7577e80caf648de55fd0d8f422e95431877daf5f47292c8

SHA512
20edc1c739bb1b17faaf251bf352f43f362fe4acec5aab82113fac2cdfe520b92a8a1e172b04296b9d1db39fc05f0eb7775d680eba7a237f4fe4037428fdd496

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\DownloadLastDir.jsm

Filesize
3KB

MD5
1d963b4e2e19294aa07df170c232cbe3

SHA1
ca144de87b6af60d2754cdab2ca386feb1d61dac

SHA256
eddbe163ece6c374b73853ded08be356611c190cd67ee85ae0eaf850fcf504dd

SHA512
46f8b384675a648f6bb16fe2d1acb666132419b77971a48d091f2badac7a88ef2a1c889378eeb12ac47a515bc9aaeee929ea170669b58f68684de3659b04312e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\DownloadUtils.jsm

Filesize
17KB

MD5
cd82e6c3a0dd9067bbd5dc15a3ef4ad0

SHA1
adb20fa34d3e0d42ee1dd86c40703f24324eb6d4

SHA256
2c7fbbb95bdd2172a2f279a4c451bc296a78d23c3791bf137c3dae6de325f527

SHA512
e1ecf85880bf57afd63d1007784d27fe2a23f5a1db3f9d51c4d28580885e7231dcacad9c327617df56d926d5f2755c26397cece37e74bc03352ae5944c73f343

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\FileUtils.jsm

Filesize
3KB

MD5
fa4e8dfa42bf3b89b81101980eafee61

SHA1
746212faa60d00ad77d13e1a72eac30ea2306059

SHA256
f1e9d06f71271e350742a4bf2c3d1bce07f760e28886e72dfc7fd59775dc3a2d

SHA512
2e9c9915cbebec2af498b44cfdc0efe620325f103e2e8a0a282b48d5d36d364d1167d8a974fea5a8f3c615110f175c9231c3c9d2a38319c1a0c125bbcb5c5547

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\ISO8601DateUtils.jsm

Filesize
6KB

MD5
f8f9ded330a1b66d5256ad4785bb9dfa

SHA1
15d025e45f158ad3e213e9f3251692bb53dcaf0d

SHA256
318e4979a794b3bf48cccebe11b08b2633f32fec5d6d7cfa8279cebb0809f863

SHA512
47936eb16be9978e26cfd15386fc65bd3458598cf10b1cb2d508268f4e5f412315fc0cec7b37e66f2bd0d737a37fb05c5c2230369ab01f0b91416679eed2d6c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\LightweightThemeConsumer.jsm

Filesize
4KB

MD5
d9c4fa4f8b0e88d1b952dff8d43d0982

SHA1
e11d123d4e9408dc573e14a9a119e19182352067

SHA256
f0468e60256799c3d8eece7dc88fcadc0d3b414df6232dca88856eb27e9fecf3

SHA512
3d5aadc80e2a65fe459b87e1fbd8fc3f481736d4752962accca75ee911d529ba1fe91b45285289fe935c0e1620a679b7d651e2ee75e66b763e6a1271a9877c8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\LightweightThemeManager.jsm

Filesize
11KB

MD5
b0f33226bf534d012160a88c99b2810b

SHA1
7108a3505875cdcfd6b95ee3c2ae953477d27a42

SHA256
181ad2c7a36e803d9e053a01b8dc6161907c42fb6be3fc33d455e62e7b2a8065

SHA512
9dbf77c57cceb6a9f470dc6727269c09059278a0d8dd43b2a1d578a2d60c99e8d452d357d020333cc0b4b4531f6dd6a775ada22da6b32df7b7bac6c6845c36d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\Microformats.js

Filesize
64KB

MD5
75e75d348fa7ea0a257c5c1ff0cda3a6

SHA1
27df319be62cfbb368569763e690da361fb5bfe1

SHA256
3ff85027539b41b2bcc39bbeada008d89daa67a7c99c4d00aeed439eacd80611

SHA512
b8f44a893f4b81e1a28611cf92510ac7a8af4e3c275db996c621943943ff471f61a1e7591437e6e011c97260e704c08236f34e6d64f047ef46430706823ac8ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\NetUtil.jsm

Filesize
7KB

MD5
b458d001855cafbfa1357dd5f78522e3

SHA1
f1a9733823ea847b034d6a5dccc5576c5099b9c3

SHA256
27e0d54b541e1085e762c1f6ff2a6afedb168e413e31225c400084a1d6bd48aa

SHA512
d3ac098ae78ab6ac2084c4c3e3e4925ed2237998c0c7d67aeca193cab6b494afc56a066596b47e1e571aeda3c7392cc385eeb1241251da761b987c6012d32e65

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\PlacesDBUtils.jsm

Filesize
28KB

MD5
b45e6e2c7787f7b5746fd23d09f8d611

SHA1
e7cf88da26ec77191ba3155a92b3c10f297fa057

SHA256
3ecc69215612214314222eac104c9c39fceaf746e365bf280273edebc64cc357

SHA512
ca895f996fb741d1181db81feb64d16266eb93718255e9d0da25446badfd24ecfcc51c0e6f11e9e4589be7c6f303cb23aded790979373b40289a9ac802a3ec34

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\PluralForm.jsm

Filesize
7KB

MD5
07c4655dfd8727c8a8665de9b870f712

SHA1
feea478d9e0941abdcee09b5d2b92e6fa8793a59

SHA256
1285367db2610bc378c7cc9d7ce983b8b02fe1c2be631fea0ad945e4421e2bb9

SHA512
5091c7e1218fb5238c5c7f691165558a5d194f887ce3b0298bc1f83e1ce93f2d346bfefe3b991e91ea9e44ed08215171d6259c621556ca7202ee7865f37d76ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\SpatialNavigation.js

Filesize
15KB

MD5
6ecb6a5fde89e80af4a1a2300baeba9b

SHA1
8dcc3d6d2075601bce55ced96c93b42bc7abbf52

SHA256
e80a814b4b74af71b6dea6d1dd4446b518ba30f627c122486fdfea141a59fbbd

SHA512
fc3d6c419f17835c0d135028c89adc7ebe725ad88771e376623b2f45850c8cf34648009233a189246d921b4e313d79c53bbeb7a4d9ad3145ff39aa3f7041c82b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\WindowDraggingUtils.jsm

Filesize
3KB

MD5
88cb895ace01fd146e2c02142c698e1b

SHA1
1402793138f36cd00bd4b10699a895c19035984e

SHA256
abe7a250fb737bb10a247841d74ec165906df47a05eae1695f79b0ee853da51b

SHA512
975577f90028051344caebe7724805b694546c0649950c99b62465eda269b492ad02c8436ffc71e3bec12444bc341285c46b56e2a4b3dd83b8311fea087750da

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\XPCOMUtils.jsm

Filesize
12KB

MD5
0b00337f832317bc0abdeacd380557b1

SHA1
d75ae8e5a5f3ad6ac061abf8c94d6d7ca8cf2cda

SHA256
e990a1cbc5449f055a836ec8898828dc9b42c4d986e1360a081a289807fa7c6b

SHA512
60666edbffddb802247038f8c25791a55eeac34333d37ed147dff6d49122bf7bcfe35632895d735d49553c431f8544a6070f0bb6bd5c4de3ed20673b9ca7d612

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\ctypes.jsm

Filesize
5KB

MD5
db56c65d16cc503d7f27d256c0c50149

SHA1
56badbfa9649d108fdf8ec3da232cacb27dfb656

SHA256
33990789e6795b19696a9f0cc984872d5de52a85c48aa6846a2ac07ac3acab2a

SHA512
d459e9f200f471cc5ec6a4f3b6f6388e57dfaf7b348ccda3f7d8c5964657af29dadb4047fa0b6b72d455f39261f4df845053cab33c6adbf15e68ced8ea32c22e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\modules\debug.js

Filesize
2KB

MD5
19a9cd38934edae5f867d4f7d8316e47

SHA1
9b55bd391db2c845cab5e205e74a5d75c8b6d14d

SHA256
7e4c6e6846b8a24b50437d6a384c4bfe87c2ba3e15e67f6d9e57d6e206788d98

SHA512
fc7238e5db9e1c57acd6d61e8b3d7344a4d93ad212868d11da5a1c2e02a5bb9baa1dc29e0c1bef65e4d4b7737a47356abe79e947d91039b210f3390d787f3cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\mozcpp19.dll

Filesize
696KB

MD5
3b3be934a7192652d241a1d14256601d

SHA1
606999bb34bd9611e8de8769153bc072f925a41b

SHA256
7bacbabb538be0db42c3f338b4a43600e6e81e4ab3f074175e6980ad65b22e20

SHA512
94f549db1ca12c269e3fe08ca91b0b32481383546e3599938e676b63ee30c6ad27e6625271af827040c4f3c32203b8d4bf968e839c8b5c08e25f8d47957808f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\mozcrt19.dll

Filesize
696KB

MD5
bf3a07d543be2a28dc37907101a916d1

SHA1
5fcb0fe5b4e5b543d6d5dfdac9acee537943dfe9

SHA256
a19a70222a7799d089b398935a7594bf24180a0b1c8a29d992d10d740b5a9c58

SHA512
b84211180968fdb23722407f94ab32f07de97dca7aef4353ff3d1ee8eda9835f5fd5604d1ec75ee83c5777ac4903e5903372e1f4b426d787d460afde1ff490a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\mozctl.dll

Filesize
212KB

MD5
b813f998d0498675d1baa702b21d8537

SHA1
465e64f7e8f44e147987e9bb35335deeeb4389dc

SHA256
c0e67525ce4adf05b5fe368fa025445f649be765a2fff155e33d501887b0b802

SHA512
565af2f9b49e3c5fe9e3e7ad8147c02902e76d167c832d9dd78346767555b94d2a504fe62f7cf59d5973214fe309b3f36a9caf2f9a44f6a87ddb89335fed21be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\mozctlx.dll

Filesize
11KB

MD5
1833abb635496acb020b547bfb75086a

SHA1
38a371c397bae3cd7ff55bec99bd93fef62f8213

SHA256
35bc8b35b4026bda49a3aa526342f6a51d2f3b3edf95e8e9dee7b1c0ec4e98e0

SHA512
582e4b7e4ce721a7a2d18f62a9cd9bb13801992ee736d311c1162d2d071ceeb5252dc4f9bf98fea3e7f4dde72cbc94cd34cb3ef97f6fe5a55a1d2de2e3ad199b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\nspr4.dll

Filesize
164KB

MD5
0f2b5f018e074a852e0b32e91a071657

SHA1
ed989b151d545c5953392a0a202fac190cae8801

SHA256
74d7cc148a297d941a47c51fd17dcd293d6daf154a8555050927f34788aa37d5

SHA512
0df30f25ab58f7eca4272230fb4f78b41ab2000bba9a16790d4d7462d6eb7d9818dde31e5d347e25cad88c902eb07fd8eb5aa7f21c22d323139bedebe54587cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\nss3.dll

Filesize
624KB

MD5
79205b44312b4eebb1758bf7d5a8c7f5

SHA1
3628c0bb32ee7a5825da8c4c2905adb263092988

SHA256
498b69750abd9dd96cb2b401e6ff311cdac91dfbd8f81a3c7cb3337269a24792

SHA512
777eb16565163758835e9a0a7bd66f907a8fc6f518664e47f671793a6c8f9ea975ed6a1bb7b761428ff3c3ffa790ab442c92bcff0a95c3d34f1cd448613298a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\nssckbi.dll

Filesize
328KB

MD5
f578b8b1b175006222d25c08986a1aa0

SHA1
79cacacac23b731f2138b0311a02ce08cd2e8413

SHA256
b730d553246cf322d2c4765f819e7e1333ccc04d1a85f3cb5b6d1b29c1c5da32

SHA512
0f9477805d580b09b200a6632be4b526793f3af91b58c5357105ba5eca87332421f0284db8399a7a1bd7dc2fd090219c473f957b7474112e66769ce3fe59df0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\nssdbm3.chk

Filesize
478B

MD5
570dd3eb2622519fce04a6786c97f62a

SHA1
934abd99b8b1dece71e51adf1607eb6482437f8f

SHA256
1fd73d162e192be94bc34b7ce28952b89817a77b62b707a290f9054f8fe62892

SHA512
7f7a7ba5452d24552d42713773efa684dbc5585761fdc5a85efaeeb0f52aafcf836ea1e8697b9645daa1daeb0a3f1c7adbd05504e7253dd1924cdd67e0d709d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\nssdbm3.dll

Filesize
96KB

MD5
9ffeb4bce5b4058031c08bd88c178f5f

SHA1
056c47c2c9e91c46a2b3f72c061a2bce979d40a2

SHA256
dda0b46e1da02e59f8f4094d0d54946121a00af4a324a13d6c79158b11f0a098

SHA512
a11d39e0833bca89ce240472527d11e52194379ec6be4e1fd26bc31db372031ce1558d5fc927bbb2ab07c2674ce8f29ee8fd9642863fdf38a1678bfc6f95eb39

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\nssutil3.dll

Filesize
80KB

MD5
a8d9bae05b7cc789d62871c47a1e2b61

SHA1
90db5dbf0e545a0ee78b09741f7c69ad8354c40c

SHA256
6f4dce0ca5441a16c15917c3523b474f31757bec6b4212d069c98ad548264471

SHA512
d1db9dee48c83b8bc2870b61f3913cc952dbd416b453e658454853f3e04f4a51015b68e39ab85cb4a599fe3e40e6c561854099035819ab0cf56a645da98e4d9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\platform.ini

Filesize
142B

MD5
7f9c58daf86fd04711e60f75c1331f1f

SHA1
0193d9643b1524bd0b9d5c69b3e6af6a9ee299a5

SHA256
6e572dd2acc4b2f024d39c202fe80ffd9ede7ddfe514e784776878e10a834cfb

SHA512
8854a99d5072508a25cbf0df611c52e3d05dfa1651459062b85e3b6b65b50bb0758d82591cb050063b7c65a4124a9212ba01cd3b34bf7fe8b312d3545578c335

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\plc4.dll

Filesize
14KB

MD5
523324ca8a9fa67ab83fffbf1313e218

SHA1
f668228b0cade83d818981c89ed431a2fa5f34f4

SHA256
061179e1f85bbfb36bce76e677983413a1433b5aebcaed840241ab560e425cc2

SHA512
9d88b91812338c439d09ed85a03f906da1c29345a9b7099dfb216b2a1bcb1898d90550f362bcd68424c8bb810133b5f91e49ee021054bfa45e076ee420cd8d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\plds4.dll

Filesize
11KB

MD5
462f11b562266e8f3b344bdd30bcf71e

SHA1
fbf677344edc5aff74757671335cac2307264f14

SHA256
ade874d055718e6037b4bb0e3fe06b61ad096406f8daf5cedb7808156ca0a4ff

SHA512
a5a1494ec975e3cc73c14e2093b916c8b9ee2c78707f07cbcf8ada2dd38669f9bf75a991d7c8cc56bca2167ebf69e7b49dab27929aad7e015a21d9c5f32e8449

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\EditorOverride.css

Filesize
10KB

MD5
5196388791ae40c89985316a4ea6a4f2

SHA1
8089dec8ecbba3c6af0db3ee8062eeb2668e0891

SHA256
d22accf236d1a0ec52ff1697e8a0366df53e864b7b9f0908a63ee33160bddca5

SHA512
90994259e288d5af27f199d9ebbb4b3dcbec9f8cd231966bd012281f6ba64f6151ec0e3cab5dc8c6e062f8cd15e05bff38fe12a594df05ca143c32cd64679672

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\arrow.gif

Filesize
56B

MD5
a8402374069ffe8e23326ae4bec08a66

SHA1
25fb498bffc0956f61e3b2990686d71c03791de5

SHA256
dc17b7231e1c28d6ff700142bcac0498f7b9b828e61b828f661332635e1af423

SHA512
9f4514181b02dddf5a4e653bfebf57254a5c55b4391378b93f949d604ffaac763ed76c4a6a44ff219c911d6ebf29f8e24dda083cffe94ac6254e167852c9abf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\arrowd.gif

Filesize
59B

MD5
6bf2d8c5ca467c97888ebf8b03a4237a

SHA1
dcbc2be2e1a22ba0e534f0ec9714615293e862d4

SHA256
93b9d62d87a3b5e9f4072fc949d531cdda99926ee427758db2a130f769e402d9

SHA512
53d1aec1968d330a501a1ead86e3c73c05745b81405c58fbe5be29688a067f6d360dce91802a72e5daeee68a5be53148c7fc628dab01900d95e7d3a17d567f9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\broken-image.png

Filesize
253B

MD5
ebe41f9931f2208c1377f379b63608a0

SHA1
a518eabd47edb20612d1181326811967578e2652

SHA256
cf177a93b9f9ef6da0f439a6819e099a20aaecdfc0bfdea73e4230d6b5ef3281

SHA512
f52229e8ab2efede5c1021963d8c1f7895287dd24c4e86b0cf057f30d3a4a97d9ee0c512bf2bcee48b34e95d292b060665d86a83203ef6cf6e590decdc24f77b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\charsetData.properties

Filesize
9KB

MD5
22361437135069139485d30d805a30f8

SHA1
fabd2c7394b4847e35315ed9c86515ccb848efd1

SHA256
c89c4bd0df426696838422f156969b6b7b85ccd4ea2b11acb98d66a95fe6c19a

SHA512
25acec221aede0ac8ff1521fd83ddb5753d404e5c472ec08dae23724030a01a3cacae68a900f00a32e3bcc958cccafe932359557e3c094e6ce5f658dc41854ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\charsetalias.properties

Filesize
10KB

MD5
2d329762947c44fafa719bf59a6581f5

SHA1
db7ca416a29aab720482edf5cd7602393e9fc6b6

SHA256
67608a0be0c41c9a404334a58b838ab24cf15ad35d950fc802d48d3ba9a1a610

SHA512
f9c79cdcac255fe917ad68bafd4c2836eac4923d67965afd5a742b853082170f8cf50acb8ce9e2eca9fc5a5abfb42ebfec9ac49d4d04854812a7b063fba2585a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\entityTables\html40Latin1.properties

Filesize
3KB

MD5
4ba94eac1147dd9ad4b427351b744775

SHA1
532df7db5f7f0e656cb79007edd48fb117836825

SHA256
23966db1054a2e3241d2c65b093825588f2e42ffcdcd9dcde72dc01a5c7aa7ef

SHA512
2a7cb38e91bba7641221b1327e9876475e9d79027902a46cb769b6be301c180529e317d692843295cf4e8f3450a231287412d5ab404810fcfa31bd22b9f6e0d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\entityTables\html40Special.properties

Filesize
2KB

MD5
4a451270086e7a7ec3ab34946922bace

SHA1
59b7eb9d49626e5b6daf102e4cbd70d889df63e3

SHA256
3b2a1670bf5858c1a357b4a06a5f8e01078fe8cb010b4ce50297da615bc34180

SHA512
3977e4d6ab94a95373effc47d3cb78e263c5cf1267c222177621dd9af33e020619b6ab087490a32061d5f842a6b298acf0abf8c5a1eaed37a88c46beb953b8e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\entityTables\html40Symbols.properties

Filesize
3KB

MD5
710ac52b998e1711e516320c0adcfc85

SHA1
374927a30f80ba9ee2a005b6f31182c5b19c0404

SHA256
be0cf2d866828cd4011e597db57e2183bb61ca5139cdba7390a3bcede4604bb5

SHA512
5270d8dcbd9c6a56c46396c1db1855c61c1c6ac459a5e8f01c3753e7a3e8bd25854139487881082a727975006b178b92e0480665eac2c64e28da580129602ab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\entityTables\htmlEntityVersions.properties

Filesize
1KB

MD5
435964b8ff8ea502582e163172151c1a

SHA1
177481c2b5ce5618a40d6fc8c6d61e3eea492d76

SHA256
ab8bf8597577462ee2356d6ed647267dc881e596600a0605a834b8b61166d4ac

SHA512
be86de0afc4136f3d9e98040695050552c6e27ccc6a0ede517de1f208c40e31c8590ae5bc71c23320021453ed9e1466964b86111f922a5ec8707d612a67f4987

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\entityTables\mathml20.properties

Filesize
29KB

MD5
ea0609b3ec57139f68b0a5a7ffd69c9a

SHA1
021cffa78310b691125ef5d93d4e222d67d88555

SHA256
b97bf7f7f62c1e2000e5a7a1ed7e0be5888412ab5b79be466f57bad64c24533c

SHA512
d9806c46befc89c9af69faab1f82632addca582e3ae98fece247ab1b04b07a0706aafa0d60339ba46416b5b4d50b49aa5cd88e241161e2e02f692f176fdeab51

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\entityTables\transliterate.properties

Filesize
39KB

MD5
659a053805bb40b32269678568dcfb1e

SHA1
9f93809f14f0b16ebe11a1dbc252ec565143c48a

SHA256
9052d661c7d11cd615b094af9ecf513423bbdbbf1ee879aaf391e0999c6a3312

SHA512
fc799cb0a938ed34d17b1767aabbe33aee47f95d7b91b12f9021f490beac33d95c3644543a00f2d37ccff5590a7459432769feb732ada1db6b9eb51da4a3ae43

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\fonts\mathfont.properties

Filesize
55KB

MD5
241c5c7ee3aab3f4302373fb177607a8

SHA1
e528fd1d2e6d795012a79b440d280a30c3d16424

SHA256
dc97b72c8cc65998cf11528ba493d91568d56c4056e4ebe0c25521494f626f2b

SHA512
ee35eab455a234a8056476b282cd11ce4c3249c4272d4e55d84c74141ab4b3e4a81ffc0fbedbc5cc3669c1ecd2aa509fca0fe6804956c0d22747417eb948293f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\fonts\mathfontSTIXNonUnicode.properties

Filesize
5KB

MD5
893bb388ce13875019216800e03f0059

SHA1
7595a644f04cf66e3b15b757c6a3e09aeeea2b20

SHA256
0cece07f878b6f6a28eb756f9bb0b18703e8791dc7e6be81ad4aacb1206c8038

SHA512
4289f074480ca120455438657496cf402a89b3fee031834cb8b390c7eb51dc789b9a26318cdecdad58ee9da018549a730579b7c264bd097967a114eac4c9e254

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\fonts\mathfontSTIXSize1.properties

Filesize
2KB

MD5
33629de320c6079c56c97790aa551294

SHA1
0c9730ca418e52c38f0feacc68bcbd3fb15b87e6

SHA256
cc9268633a64de64dcafc8778fe7a43e644e3babf2bf4162a7bbf1d257629f7f

SHA512
c99c7ecb2a1e0ad40dab43ae4a87a1b5a4e3c6d27fefc7a52cbb2be75730a56779b077e9be68235b780804ddf00fc39352c1908d749461a7121a0f6770380655

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\fonts\mathfontStandardSymbolsL.properties

Filesize
3KB

MD5
04658e1816d47725107230d71ad671fb

SHA1
5b7d219dbf27ed68c0a325b6fcc937eb9cb2e8fe

SHA256
e292b669e55428cfefd7738437e9f614243674370a057464c1faec2d362999dd

SHA512
529703fc21357ca3e30cdfb3befd61c7b200e06454d0de13259f73024f8eabd3f838268644131940b60fecdf6860cd5cde1acc5a1938f8477fda5b459a59178a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\fonts\mathfontSymbol.properties

Filesize
3KB

MD5
2e3f363a88007b6ce0d2d8704d3015fb

SHA1
3af5df2fbaad1dc0a7557996fac7e36ae7fd7764

SHA256
6b08a00938d3647e859317e9e5f137e48f4d45eee4d9d82ffa6c6c5019be5a96

SHA512
557a7d49457c19be0941326a4a22e4cf09e0b2ba718d3b8c5c6021dbd8239559adf7e33b94bcde3719d91f7f17d6e38338cffe9288b54084a00d88d9c88b7eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\fonts\mathfontUnicode.properties

Filesize
6KB

MD5
823802eba2d10ac9a5a3a174ccbe09c4

SHA1
32c3ede1c22e9832e65938a0e3cd5f341509cffc

SHA256
7b4d453f9effb34ff33369eaf029e549bbd0aba5820be8a6d7f58ccdf6f40d9b

SHA512
e49bc9e34fb777d9d4f1bf3c43f05256674827be87547f6dac3f62999dffed9a5501c679bd6c511d73421a46f2f6956b7e5ab9ce7230fbc5e280cca929ae4aaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\grabber.gif

Filesize
858B

MD5
ccf39b06aa3282d0a1f9e7582418583d

SHA1
c0b32c82d1580b7c9a6fde4eded9612530d284c9

SHA256
f281e4469914b472b2371fd402e02dca347577b7803ca1ae99fa1beee5ae85a0

SHA512
086f1bb76afe867e5713d71a3979656afe4ff5d1f68952f2209f2e000b72566f4163f522cd1e9e7eaccd789d69f48718b6601959e4c4d78df8f8926bc7f030fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\hiddenWindow.html

Filesize
117B

MD5
0c016c31bf6369424576eb280c105866

SHA1
e3345fb059be0a17fec9f212f97eace0fe4ae119

SHA256
f3683ebdfe930d58f109e402c188eee2f13ec52640d20ef07bd238f6f72ba457

SHA512
d9bd1d20f690165f3f79f7515afdc97aa5275c4abead33919b30856284c0bd395c718e5dd1ddf73e3170b89a1f088ed7b1e3828828b546b45569de83be7acbd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\html.css

Filesize
11KB

MD5
c1db70980f5618e5fe044057c0d984fc

SHA1
cd69011765aa76dba81ad4a811c4057149a52dd9

SHA256
4958f0ab38dde8f064e8d98d5240b82a29accb5e663d3360d0dafff83071f167

SHA512
f460c73169993a9c999b0281c40dac04abd8cd4a18726879c0804c435308f49c6f0fe6f2e72452dbc542c7ee7fcbbf942ff014ca5309f0f9c255661ad38219ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\html\folder.png

Filesize
619B

MD5
61eb7640f39a196c27f0bd7bab7708f1

SHA1
d0f65d49ecee7e5fa4caa60b112b7a29b052bf0b

SHA256
2ca396c879f8296ec015e6fd22aeeb0db730843fd8754183bc8687026270efb1

SHA512
9847bbbeedc8d93abef58b4892bc9ade959fcd797205f79e237856e8b2110b89b2abc37c02d459ffdfcab4f4e0c702d559f80f29d106fdfd6156ed295b4ca028

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\langGroups.properties

Filesize
5KB

MD5
7c05d46f10eccb94517a6f9c742ab346

SHA1
bd41d6514b279e478afbb1fb376e2fff7d26511a

SHA256
f941ab76bfd1b77b0ef539d100936b085d291fabac4bf21a00d681b17f154e7a

SHA512
0ed164126b5fd2d2870a59b87ff2d658e33189c92585735e5c75c86e1d16b83b29ca3debfdc389691dcd7cf680a754d72eaa73312b45375479af2b73ccde7ace

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\language.properties

Filesize
5KB

MD5
417cbd69d28cc5d69dc8b36ee0f48043

SHA1
074b45c48660c86c99d7bf8c51bcd1ea3e018c09

SHA256
2d8406f2775f7645548a064a8f6b6bab5da7fd1bf93adcf8b7a853bd4bb37530

SHA512
5a6af893017ae451bd8869ea7afe99feff742b5e76b044c486a075e6818784ea8c43209605acc1936030dce5d94adfd64d777f8ffbc8a271774973974dc6d75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\loading-image.png

Filesize
268B

MD5
4e034e71f488fd65d9793938aa7d5f46

SHA1
fdabd4431087e4b4472fba611b8db09d23328661

SHA256
33d66a16ddce9ba7ae7a14f66a70aa79ece223e03dfafd44817077de511d0227

SHA512
21b8fe5d6d15746ca90f67af7781c74dfb3dd7971d7e06028e1eb0ff7d1a3d0f6613c77fba73e1502b7fcc07930f8642b25f9cefd1f5ad0e7c91dd735ef34425

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\mathml.css

Filesize
14KB

MD5
672e2b05f3967067be9f6fcdc0bd0704

SHA1
238dce2f2e6b2406c3df3065004cc084a241812c

SHA256
c6b58e7f7067175eaacdeea3d06af52e0613131fecb14a5081173d5b5d90de76

SHA512
212d09e56dac449fa430985e0610cef7ca64abfe7d096c16eb830ecf06651efd1941832dabb955194b73f5e49581a96a4db06e701d725f9b5bece8a57ea9b3cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\table-add-column-after-active.gif

Filesize
58B

MD5
55291a8dc9802ce8cbbc5d92aa98617e

SHA1
ae968f5b8766fd895e7097b3a40de7f1c594ba26

SHA256
d2701eb10b21db555251244ecffdf20f79b0372ba19d85ac16471e06a004d371

SHA512
9910745a007ae92e9ebc0e4625a86246105cd8eb5fe95110e95dff7efb415a2549ffc32b54fb06cad498f88c1848cbfd072f555c5c4c7090111e1135ca4d825a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\table-add-column-after-hover.gif

Filesize
826B

MD5
0c57685fbbd85c5eb8aa186019576972

SHA1
33675f50d10cbf4e7de38068a8c35692aa1de8be

SHA256
5b25b7884bf6be16aa6cf99875ceecf33c40d03c9f3cfec30625b8ad17bfdb5c

SHA512
6173d16da9ee4f8808df8ecd99d9acb147e09fd0071b311ee80f38409e92bf9d07c936d501d893f9c21279ebcdfc2dda07a8eed42f65cc4b056dded440bf8c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\table-add-column-after.gif

Filesize
826B

MD5
feff9eba20bc5ffc063c0b659ddfecfa

SHA1
bffa6ac37f2d6aa9f030e7b428bc5ca5ca55218b

SHA256
c4a26dfcdf51f779b80ac85fc417f9c71bfb4544da6fde889de6180db5ea1b32

SHA512
09d5f9f1944554fc245d69625dfc5d98417b953ae3233ec48b580a1efa999d7a8ecd84289f285df5606ec544996297a22a0e1e58ffaf9fcb4e7517c8c4ab009e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\table-add-column-before-active.gif

Filesize
57B

MD5
220ac222b8234f8965f35732044dac31

SHA1
e531178014d8dde3295ecf51e0d4de28c9df7595

SHA256
f149f7c1cf9e31ae3918cc9c467c1f6feaeec6a94a8f12e95ba518c0d8f47309

SHA512
ffa55ca88d9658e7ab976978b57916e196da6480f14e1e514979c6776647c759d1dbaad15bc042edf2b279b6253e7ab92deba387171bc8063a12478741500c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\table-add-column-before-hover.gif

Filesize
825B

MD5
db5b629893e402162b24764d509337de

SHA1
6aa75faf4e9d7ce0c743d9f014d1349822efd64d

SHA256
ee08fb30bbf7a2bc1fa0351276c18d87315f43d1dcd6e721a076c7f4850d8576

SHA512
85ae25cf42e6acd82339d9e34792d7b9de16d38ab08e424beca0dd3129b64006a957074e3599b14402bf65a11f43f43e27023215c230fa2cff32be5f896d51fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\table-add-column-before.gif

Filesize
825B

MD5
2915b1ccccef8f1b4efe358744fc4a35

SHA1
d07472295c783f52842c727abe8e568bde27bc58

SHA256
7aa10dc5f73e868a1cc4790fc4c0de63f7c8be43d9557b5e3a63089fc576aefe

SHA512
6c5831a948c9f56c505b82504541d99b46c0baf475717f4629b12fac39f09ed47ea12bf8b8a2a6d8cc354aa49d573f4a0d50feaf78a4215a9919f0399a089195

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\table-add-row-after-active.gif

Filesize
57B

MD5
344e4cc9a285d380f55129af513192ba

SHA1
8d20541ad474eeff42515e77e81bbd91e5fcbe88

SHA256
6ff130978951266493cbbdcc6be6e0a4cfe249b6bc31c4dd0223849bdc493421

SHA512
918f9828ad4fb25effcab899d098e1c2767e35aac89407ac2a3ddf2fad0e3ba9f36780a49cfe4056716e0a3ef3d724f38bf2aafde97ae9208db47d10a7354130

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\table-add-row-after-hover.gif

Filesize
826B

MD5
73d91177fe9ee5a7d6f27f950fdaed06

SHA1
6cd76a918b50021f3baf7d0f535f1e7588232f52

SHA256
7f95f83b24a702e701808d2d294827c37a260c4cab54970d8a89cffca311aa3a

SHA512
2b03039a595bcf8e3569888682c016f599bbde90ae1db9b4abd0f5369cb388f3b71458e0f8b341dcc24faf7306c161eb937904c4b21a98628d3dda66afc14758

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\table-add-row-after.gif

Filesize
826B

MD5
86ea7058408e6573f06e35a22c381e5b

SHA1
9f55167f4843d25452419ad8b6856c491a7919d5

SHA256
4314043ba7acd3ff7d7b068c01039306a6162a706ed9e74ecb4ff9f81512b726

SHA512
b20a349a6d9b652b0a1b6932c7c8664736927b34529c44ccf2d4959d5b4a08c16b0ae568dde8417b0a4859eab54da3488b80abdeae4cacb33578065250c3e78f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\table-add-row-before-active.gif

Filesize
57B

MD5
e5a008df8ee0987d63554f36c1e4eecd

SHA1
22b4dcaf09843d1a4b73f3aea4de9a988fca277a

SHA256
b3364df0289ecfba9920e101b8563d36702170ce75fca5d4b8c7963566bf08ce

SHA512
548b046e705e0b27d775b89047e35ecb3ba24444ddb062799752be62e0717a16b2db972743f1b95448ece41f5911f5e1f9eb9ac40112d014ca90b7ff115dc829

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\table-add-row-before-hover.gif

Filesize
825B

MD5
3effbb21fc1ce4a3541ff129e61b6360

SHA1
226b23cd455176340c8c72f21481d6fa0ba438c7

SHA256
82d2c0c94973797f588c41cb17f5965d2979d42032b87a74a66b19b4ca881722

SHA512
e5e381b2ebcde5ca014634f44ec0463ad7a4ef44098c856e23c112dc84d62f25750fe4a22428617543bcd89424ea8b0e22525ecd11b98ecb49f06eeab846add0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\res\table-add-row-before.gif

Filesize
825B

MD5
3bca4df18e26d1d22adfdc990fcbbcdf

SHA1
71d14238f799191d3196f662de97445b2544e56f

SHA256
48a964d88c52616ebd70d146fdd7d98bf585c8488b997963842b0ecb5ee16cb3

SHA512
a900e17d2af8883f6ce87c334a2d806abcb7104ebfe34ef80a2230072b931bd013bbd55316bbdf5b9279842c1f13776ba809722aeff130be006d5a0fa8cab278

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\smime3.dll

Filesize
96KB

MD5
55bfbb5ef6fd782f0ade7e5cf9441809

SHA1
82a40446868d953f64752c791db620fb7651e36e

SHA256
33885665eae856dc72a8d0d7aae6c06b9429a116b61679e117bda31584c92ebd

SHA512
d8710f6c44071f92041ae35a47126168603748f2d15f75066e3601b54353ff4b9ab4bd874ca655a3a8b226770021953e52dcd2214bced48968c61d2424decdd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\softokn3.chk

Filesize
478B

MD5
4721cb146b29419667c27977c7636234

SHA1
23f7a120dbeef4d9046d4c232da6aa71c72b8ab2

SHA256
b07eb4aba44ad04a6e8d00181a47160892f1f374e085cc265c5cc3d8f5f096cb

SHA512
344f7fdded8a53ad56c9d63e17a86f0d330c7a3bfa8051c6c5bb6b9c688e54e557282bbb5186b72e7c1cfec12f580d53bdcebab3d7082576fd3d42e6459511ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\softokn3.dll

Filesize
152KB

MD5
3963d86d76170f9ad35d476131bd3090

SHA1
7db93ae95fd9351b5e5d664b630d1839199c0f09

SHA256
6b40d1205ae4dcecfe85f88ce49b88947b9d12833badf4c265c18c0d3132162d

SHA512
462495a6b058b0a478f27a148103fb0f418711379ec1bb05491484cb9045f6ef77a6ff1b4abc388bfe7f095b0be3a127ebcaeb5b8d54d95701e5b8fa012cbdb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\sqlite3.dll

Filesize
474KB

MD5
eead7ed1d8a9dc04bd0ccd22c56190c1

SHA1
28c376b9616224eb21710450380d6cdc0cbbe524

SHA256
ab2074afb4e6a55987771fe7141ab8857ae1cd6cfc609a8780cca3e1a4d77263

SHA512
20e39a4a9c2d74d0af14d421a14951e5656448d16120ca0eb547399c13cfc28bbc296c7029f686560d63437f52c748ffe8a9986b3d862cc2165e5e6f2ea8c2ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\ssl3.dll

Filesize
132KB

MD5
2ec0678d5e6ebffe0f713b36fd424f16

SHA1
a0cc17a30e463cd54bf61465b1794fd64c134660

SHA256
c6ae3047c84a075ca4ca129d83082f5dedceb2878603d27b677d01d3ee950734

SHA512
698cdcaa92c00cf0c580d28be34e8d5871da2981c235e7dfd2b9b1841dc5e3e97503bfcef178358e950e800ac164a77dd52f029c2322e6906db119183e5ca5a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\update.locale

Filesize
6B

MD5
23f38e64f6a28b3814041cd8aa7313d6

SHA1
c4ab0139ba70da52253a49b551097bc31c4b99ae

SHA256
46ba6aa9d3d54156cb3b8bee34671df456b047b63ed7bdce81f489e741ccbfc0

SHA512
ef618fd85e9b4de387a7611428582fe10a03e6763e3241956f95c0fbaf55166a6a4c2bbd64d2b78955da7a894fec874edebc5e5f75672092bc7a020cfc7d34c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\xpcom.dll

Filesize
12KB

MD5
2af39dce9b54a7fcfe23ae360e77a262

SHA1
d9da848b2060e1e67b159daf5c6f2311f7973d02

SHA256
fb1b54e5b681f1a40fb543e598d94a1c5b98cdadb0ddefb0d86ca2aee87efd49

SHA512
5566909d2683a968c1295e0b53063f56a218fcb01e32cd065087299ed489a8392ca7b4b342d3b2b1ec403c7ec4f7a2122da12fa3178443b3c7d4a45c877f4e00

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Spartan v1.3\xul.dll

Filesize
9.9MB

MD5
0576529a6eed5836749d31697caa3f7f

SHA1
ad6c90e73d27d46fa4a5f562ba495340a2e3cc0a

SHA256
08640d7cb587667fd757f24d185265278c0600489b65745a46735f287290787f

SHA512
57bb1fbbdef3f00cdd97025c0c87cfae1b168f1a84d0f965aed285fab0851e823430e014ae1d7805c4ba4689391e3d7dbd92d344a4263a92aa064b910e227d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\System Stealer 2\LiteDB.dll

Filesize
347KB

MD5
25b242d00c6c32e1f437eb2064ea2e29

SHA1
3712bd78c80a237dd804ec77c64498defde12e94

SHA256
e72acddf47586bc0999d598e3bd125a254bb6f4ae151c076993304f6e31fbbed

SHA512
f1ca54008290f67825f4aa0c8f78476d0e4ebb3b7f50c338f51c87a96b0d25457496fe6062aa57e401c444f5aa80df8e6b97c2e681e699905f3dc39200d235d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\The Simpsons Stealer 0.2\RESOURCES.dcu

Filesize
7KB

MD5
8a76a5f85dad0e4e8eedbb336ba02ad8

SHA1
42846424fe8438a0c7a8aa05e8c0d00946bfdbc8

SHA256
5cfd6e45222cb9dcc36a6caa6593c2aa22696a2295d5a8c1ec340e7d2a210fba

SHA512
628b39a62f377b1a52b96e27982373bcde8c5639c36ed76778cad86933b5737913d0f7c5d5c767eaf73517f9b34e9ec492348283652e39f3eb84a0c80e0c08ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\The Simpsons Stealer 0.2\platform\xpcshell.exe

Filesize
198KB

MD5
a064bd90e97de4de11ddfc72d89b05b8

SHA1
b985a9e7d3cffd3b4be3b561c95b6f6584acd1c6

SHA256
9e61fd15953a3bb5efc43d590bdc7653c58a585c167ee4c42b2b7d3ae7eb2b33

SHA512
aabfceb72300f5274359ecb5cfafe3e3dde5afabd6ee53fd2ff19547fa41ab3605b9cd273d0e16aa8863b33201735e24166a12d197406b68812cb4533378c485

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Ultimate Stealer 1.0\RESOURCES.PAS

Filesize
12KB

MD5
3f747ee71a26f04c8bb91ad40312c337

SHA1
4041b65eed5bb9494e983b696be080c83de7b9fb

SHA256
150396225f91ce8a4bf09e145206329deeb868bb595f787c79cfa2ef72c38cc3

SHA512
be52e30e5f9f5ba75f5a816f704af8b569cb598751760e5f1e6f3a8fe2a117572effd828712f381164add1194c86e225d4fe7af35317d18851fb268fdfa75a3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Ultimate Stealer 1.0\plugin-container.exe

Filesize
182KB

MD5
68bad35d495b3a13233e86ea7a1bd4ad

SHA1
726cbd3fde6a020d92a7598a76da1d24063610c9

SHA256
adaf3500145d8adac9673d734851d71d1eb3ddc817de38f0e7a92b78fd9dcc2e

SHA512
c7431f2718e4dac2386717f93e7e5e69438e0576e12d8c797f2d62dabdf4a4334f43de325a71654d9ee7a2fd604c8cdf13df09760602f8ec571d8a423d151d68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Universal Stealer 1337 3\redit\mcbuilder.exe

Filesize
92KB

MD5
d76efaa44d4b4cb0306e3d3141960f4f

SHA1
5e90eea2551d4ccf86b119599a2c9a17d55af2ed

SHA256
f98c4339da9c0d4ba628fcb9ec02d9407fda4cb22f8c1f0ec2b9a33bdee6ba4b

SHA512
50901e98d24e1408adaf71a9526ced8ef619696df2cc5769a8da16f21a1ce17392958d05dc394fce4ee4644f8a7576884cf3204776662c5e16ad250280392e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\Worm s2\d3d9.dll

Filesize
1.8MB

MD5
00a77dc70009944164236c684ef2f5a2

SHA1
500a78419f1b5c108a7fb0100541788bad7cf872

SHA256
e155998af14b356811ad66def369c44a10c63125df140ed45489117a8f111246

SHA512
ebf2e40fbc7f6123a5cf8582c3442f050c1c8991f48c6e3aabb0ec281dcb88c94427876d1c18aa75828dce20a200d2737c393c9d2d470a376145921d75da9036

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\iStealer 6.3 Legends\bassmod.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4682988\Malware - Worms Stealers\iStealer 6.3 Legends\node\PHP Logger\style.css

Filesize
1KB

MD5
5ea854107536dc420ef2150b3537be86

SHA1
c78244fb38d57e894ef22068164a0038878797f8

SHA256
be6a30e64167722570fddfceb8094524a37fe87e7a98ed03c761c12943d9ee63

SHA512
e81c0a9037431a2a60214219b59a3acd3fbbe221d625853d88d973110e21da05214e2404a1d3eba9b15874a413243bbeb8ae9930e4132ac4837804ec78aa3dd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lybzufld.q0u.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\res.exe

Filesize
324KB

MD5
b8f94f2026b5b536c88d53f8faeca96d

SHA1
f1f8d4dcafba36f59b6de8c40863de79979986d8

SHA256
ffb07a07b3971154f2dbe3d210d18f9bd378b23174643644ab997abdac18079f

SHA512
f93fe1eb2e56829b0df21a032c309438dc437361158daa9ec44718b12d0c2d28c8e0800e6c2daca88e9ea5704809a75569de45274951dfc9f6745872b47ff0bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\res.ini

Filesize
287B

MD5
49e90ff2f6174ca3f407439a88d22e9a

SHA1
36415847d148e956fab95ae07943b2193d4215de

SHA256
f16b8f94c64af6fb53c11a4a5d359b0c176c1a39821e0499ad3d05efee7e82d7

SHA512
07a031af62024c9fa339fc75b926171ad036df9d44af8d745a2c78cc99c9e811d6f4bf37d2e1a3ba11c6178bb34ad721d0765d9e8a0e61af927e6b2db1adc7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\res.log

Filesize
271B

MD5
841d94f969afbb85f56284909850ebfd

SHA1
a44f8c0b62467633a8cdfc440ed5032b73e9b0d2

SHA256
38153d40fc231b14a3f9a7de30c279fc3f2a996fe3a82068527be131c2a5ed9c

SHA512
9e485d15c732dff8d6eec05cd0fc37f94307ff2dbbd368ea8e17aa37eac0511c0887625f6c3efb3530415eadb527a88d5c6c52c9d53b50aab16946183dd046c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\sc.txt

Filesize
193B

MD5
70c384600f8fe4fae26f6ca6054594e4

SHA1
9eef5e4f4c08881b0fa95810d1099278cad7a867

SHA256
4b7490f0652edc69b7a7f4878a9e5321f209e2fa0947f3669e073c85c0386a9e

SHA512
11865454de85dda1ae93b2d8d35e8d055fee3d628b33d12a1f841028a0acea5f63792afb013d1a2713aa4109e0061f7f3bcd08ad4118f722befa1a308230e068

Download Submit
C:\Users\Admin\AppData\Local\Temp\script.ini

Filesize
173B

MD5
1f8de05484507b0b8c788cec48f6ab4d

SHA1
f0fcc92e5bd50301cf81404fcaf5a6799821ee1c

SHA256
924dafabdecb0068579a1480b8f33fa915c925c6a677ef21534a5f7f0c34bae6

SHA512
48b3dad4323596dcd4c37258a26705cacaf4b8ccf38fce76af263b9c021f2ef675032e566b273831d586982e03f8259c7528a9a299c992191b94c8483f34f855

Download Submit
C:\Users\Admin\Desktop\Malware - Worms Stealers\Dark IP Stealer - by mana5olia\Dark IP Stealer.exe

Filesize
361KB

MD5
d9d93828d267f05cdebd22b7288ef69e

SHA1
81fb56001646e2296ee0a0a5e8009b034852f7c0

SHA256
f13542a4a1606b5111cfbdb249a3dd0fae78f156e3ad649d74df1098346fff49

SHA512
683e035db6661de51322b4c7048e545468400b2d451713b0eb195e3a976cefe29f98751dfb69d7551dd8ca76acbc63a802e4712984ca8497a3d9007b64276b38

Download Submit
C:\Users\Admin\Desktop\Malware - Worms Stealers\Dark IP Stealer - by mana5olia\mcbuilder\dis.exe

Filesize
384KB

MD5
4d1141e904df9cf63a162d0deea4b0b4

SHA1
4a38e629f04d31bb6284bde8baee46bbfb17bf34

SHA256
6e6f76b530cda4f0b9ad2c0e7652248a221c67a880271fd2a50650de4542634e

SHA512
dbe027a67d8b0a6e2d1f94ade918e299ce142d589245fb8d8a5330035b938943bbec5dee88593ed3536abc1c39e05cbc1a199c565e172d6e510cd69d8c8f9546

Download Submit
C:\Users\Admin\Desktop\Malware - Worms Stealers\Fly Stealer 0.1\Fly Stealer 0.1.exe

Filesize
187KB

MD5
77e2237aaccc60e3a33d5a4c194d5d41

SHA1
32ef63b7a5d358decdb3cc2033c84f62cdc7f25d

SHA256
4db31d8d077c7099949677e1d6b85c075d51e3f603d1be74eb555c8d642ddd6b

SHA512
2c8c4485711cebbc868382fea6f843532693ae53d5a849010c25150413ae9527250185ef5060360b555f8020534c5ccb25c0f1aacbfac61004124372bd0fdc15

Download Submit
C:\Users\Admin\Desktop\Malware - Worms Stealers\Fly Stealer 0.1\pnpclean\flys.exe

Filesize
868KB

MD5
9169e8f436f78c767c6e179fe5031ed7

SHA1
083abec5e5f3df1586a23dd093c62ecad429232d

SHA256
bb654ed6c7ae629f55f3d54a9112700a1081e69878af045c762094e6c278b1a9

SHA512
b0324c825310f1193d051b0da1c8e3aca8dad717e924137df0cc3d6e18f51a379f87588ce75e66ba6b80ff71a087336fead42f00f583b2db9a7d8a9a473e3c10

Download Submit
C:\Users\Admin\Desktop\Malware - Worms Stealers\UNLIMITED PW STEALER 0.4\UnLimited PW - Stealer 0.40.exe

Filesize
190KB

MD5
53294983b81c1d0aa6058f8ccbf9a32c

SHA1
461b778433b2b0fb9416249310446fe678e0bc77

SHA256
869a4029dcf0cdf8805609da73f43696c087d0c958ec7712bb9a730420f5695e

SHA512
5c44f8820a4d1483d8e7961757786694f9992dc0b68e887be268818d8ebf17670b1e3adfb7de87afb1c1e2d4e97ca26b14ab256fccd6594db808ff9cbd1cea9a

Download Submit
C:\Users\Admin\Desktop\Malware - Worms Stealers\UNLIMITED PW STEALER 0.4\data\us4.exe

Filesize
3.8MB

MD5
22a67925be10e36abbb5ced379ee0870

SHA1
f8fec97d111feb382f5bb68cae4417b0aff6e663

SHA256
2739a790637df58eae66126ad4d00cb6e3460b86cd58fbec5e17bdf09781f9ad

SHA512
75004b5b83b6f5047883917635a68a2bf50d46396c04e5f56006849b8f11f00700503f5920f919bfb84e4237b35e29423508f63b1654173d91c06cc33d89c81f

Download Submit
C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\iStealer 6.3 Legends.exe

Filesize
186KB

MD5
70f442284753dc5ac3d4368938f9e1ab

SHA1
c19d1f81da4ed406fd357585776c4207d879ab0d

SHA256
846c60bee7b0751178d55f668938eaf01af9a9ec5d5e18f7e4c409a572af7871

SHA512
edfd1be9e17290d361fa3d171c3753f1e2a9d70d843ba895315052bee8627dc79bc50809da11adaf86ff412ee0080676752bd2129afc9861cd0822f7953f39e0

Download Submit
C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\node\Skin\SCLabel.ocx

Filesize
36KB

MD5
649bd837a3739460ade06c99aac4bc38

SHA1
c8fc335ebdc5f8da615fcd5a606ca9b7de49cfd0

SHA256
d6dc827c724452cab90b4151ec5240051bdc6a75b664e7126b1ec9c21f741ad0

SHA512
1784e7cf52b93287814617162caf1817e9c7cb4c37e3f3bd9112512c8e86868b9995ea54034e126b16a16c3bcd669477bc6b174d8d4fbbc3688bd31106e0c294

Download Submit
C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\node\Skin\Skin.skf

Filesize
276KB

MD5
8bfc40d34ca8fdc3c5f2856ead6281e7

SHA1
0f72a4853e481cf37cb05a3616a47e342bb0d309

SHA256
d99cbccdee2ca043669079ce769968ae2bb8646fb32b48b4bcc39223ad4d6153

SHA512
75a708188e69496fe3aba00e52b1ffa2145e492e40380a9d1b5e22657d939cb22283ac01b109154958e16d2c2108015880590c3546328c116cc7201130681916

Download Submit
C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\node\Skin\SkinCrafter3_vs2005.dll

Filesize
564KB

MD5
b5acb37197211dc215907499bc105745

SHA1
9f49f51cd716de78439617a10dd640b7f8f3a669

SHA256
5aaa62566d7daba371fbf221f0d93402b6560ef6032e23aeab55cacb1462c8eb

SHA512
bed50c385a3c1535a855720c616eb8540cf49a8f36793a43874416b0882f27ed4dbf11340ddb48308f9a0933d53add24e0392af53e692af6337ba951d9fa93f1

Download Submit
C:\Users\Admin\Desktop\Malware - Worms Stealers\iStealer 6.3 Legends\node\is64.exe

Filesize
1.6MB

MD5
3e6dde21e8d59ecd96ebb077a5b4ae3d

SHA1
951f04364f97007021b17664a8ddea32b52ad126

SHA256
f8579c9ea94eb95984697aef58f91166d93baaecd14bc5a16c8510db8b2acec3

SHA512
b9b9c9d5e598edbd49fda45c18659d167c16420ff5c7936daba0c5e3a96497ce043cd8e25fde7a6290713cf5bb7cc9ea2bcf16fa703b8ac04a0197d5ab65d176

Download Submit
C:\Users\Admin\Desktop\Server.exe

Filesize
56KB

MD5
5a12f58a54eba3fbabe63eb61297411d

SHA1
68eaacdf024d1882c1e1fda1d73d9c52a198450c

SHA256
b0d5a7c9565889dba6f02dab1618743c2ae709052dbe587fb638b78da31cbaa5

SHA512
eea9490fec5342c64c62f99db1feb46fa7966b4fd15971efd5648d0d0d261eda06e071d9f16a2c9eb866e44eb710d125c22499b6b067b48751145a657154f300

Download Submit
C:\Windows\IMF\Runtime Explorer.exe

Filesize
152KB

MD5
03f5e0141f4519f0c5ac26ce0b036a0f

SHA1
4f7a2a230e7a194a898cc9f2d563ac8777fe99c0

SHA256
78a408c628e33e3332645f480ee7ce01b5dc24fc96cf16ffa0868d43f3d421ef

SHA512
86a68f040654006e06b51c5714e0d7168d0d1bef7f3c39843632068104f773f771d21be4bc251d712f3e915cd1058f89ad31d9e3f3d9e7cf6da6785cbf22d8d7

Download Submit
C:\Windows\IMF\Secure System Shell.exe

Filesize
45KB

MD5
7d0c7359e5b2daa5665d01afdc98cc00

SHA1
c3cc830c8ffd0f53f28d89dcd9f3426be87085cb

SHA256
f1abd5ab03189e82971513e6ca04bd372fcf234d670079888f01cf4addd49809

SHA512
a8f82b11b045d8dd744506f4f56f3382b33a03684a6aebc91a02ea901c101b91cb43b7d0213f72f39cbb22f616ecd5de8b9e6c99fb5669f26a3ea6bcb63c8407

Download Submit
C:\Windows\IMF\Windows Services.exe

Filesize
46KB

MD5
ad0ce1302147fbdfecaec58480eb9cf9

SHA1
874efbc76e5f91bc1425a43ea19400340f98d42b

SHA256
2c339b52b82e73b4698a0110cdfe310c00c5c69078e9e1bd6fa1308652bf82a3

SHA512
adccd5520e01b673c2fc5c451305fe31b1a3e74891aece558f75fefc50218adf1fb81bb8c7f19969929d3fecb0fdb2cb5b564400d51e0a5a1ad8d5bc2d4eed53

Download Submit
memory/336-2892-0x0000000006C00000-0x0000000006C7E000-memory.dmp

Filesize
504KB

Download
memory/336-2888-0x0000000000C10000-0x0000000000C24000-memory.dmp

Filesize
80KB

Download
memory/336-2953-0x0000000006840000-0x000000000685E000-memory.dmp

Filesize
120KB

Download
memory/336-2940-0x0000000006860000-0x00000000068D6000-memory.dmp

Filesize
472KB

Download
memory/860-2878-0x0000000074D6E000-0x0000000074D6F000-memory.dmp

Filesize
4KB

Download
memory/860-2880-0x0000000005480000-0x000000000551C000-memory.dmp

Filesize
624KB

Download
memory/860-2881-0x0000000005AD0000-0x0000000006076000-memory.dmp

Filesize
5.6MB

Download
memory/860-2882-0x00000000055C0000-0x0000000005652000-memory.dmp

Filesize
584KB

Download
memory/860-2883-0x0000000005590000-0x000000000559A000-memory.dmp

Filesize
40KB

Download
memory/860-2884-0x00000000057B0000-0x0000000005806000-memory.dmp

Filesize
344KB

Download
memory/860-2879-0x00000000009E0000-0x0000000000A40000-memory.dmp

Filesize
384KB

Download
memory/860-2885-0x0000000074D60000-0x0000000075511000-memory.dmp

Filesize
7.7MB

Download
memory/860-2910-0x0000000074D60000-0x0000000075511000-memory.dmp

Filesize
7.7MB

Download
memory/1688-2980-0x0000000000DA0000-0x0000000000DB2000-memory.dmp

Filesize
72KB

Download
memory/2248-2968-0x0000000000D80000-0x0000000000D92000-memory.dmp

Filesize
72KB

Download
memory/2584-3032-0x0000000000E00000-0x0000000000E36000-memory.dmp

Filesize
216KB

Download
memory/3120-2996-0x000000006FCC0000-0x000000006FD0C000-memory.dmp

Filesize
304KB

Download
memory/3120-3005-0x0000000006D40000-0x0000000006DE4000-memory.dmp

Filesize
656KB

Download
memory/3332-2912-0x0000000005A70000-0x0000000005A8E000-memory.dmp

Filesize
120KB

Download
memory/3332-2969-0x0000000007400000-0x0000000007A7A000-memory.dmp

Filesize
6.5MB

Download
memory/3332-2984-0x0000000007110000-0x000000000712A000-memory.dmp

Filesize
104KB

Download
memory/3332-2993-0x0000000007100000-0x0000000007108000-memory.dmp

Filesize
32KB

Download
memory/3332-2982-0x0000000007000000-0x000000000700E000-memory.dmp

Filesize
56KB

Download
memory/3332-2973-0x0000000006FD0000-0x0000000006FE1000-memory.dmp

Filesize
68KB

Download
memory/3332-2913-0x0000000005A90000-0x0000000005ADC000-memory.dmp

Filesize
304KB

Download
memory/3332-2941-0x0000000006A90000-0x0000000006AC4000-memory.dmp

Filesize
208KB

Download
memory/3332-2951-0x0000000006090000-0x00000000060AE000-memory.dmp

Filesize
120KB

Download
memory/3332-2942-0x000000006FCC0000-0x000000006FD0C000-memory.dmp

Filesize
304KB

Download
memory/3332-2972-0x0000000007050000-0x00000000070E6000-memory.dmp

Filesize
600KB

Download
memory/3332-2906-0x0000000005540000-0x0000000005897000-memory.dmp

Filesize
3.3MB

Download
memory/3332-2952-0x0000000006CD0000-0x0000000006D74000-memory.dmp

Filesize
656KB

Download
memory/3332-2897-0x0000000005450000-0x00000000054B6000-memory.dmp

Filesize
408KB

Download
memory/3332-2896-0x00000000053E0000-0x0000000005446000-memory.dmp

Filesize
408KB

Download
memory/3332-2895-0x0000000004CC0000-0x0000000004CE2000-memory.dmp

Filesize
136KB

Download
memory/3332-2983-0x0000000007010000-0x0000000007025000-memory.dmp

Filesize
84KB

Download
memory/3332-2894-0x0000000004DB0000-0x00000000053DA000-memory.dmp

Filesize
6.2MB

Download
memory/3332-2971-0x0000000006E40000-0x0000000006E4A000-memory.dmp

Filesize
40KB

Download
memory/3332-2893-0x0000000002260000-0x0000000002296000-memory.dmp

Filesize
216KB

Download
memory/3332-2970-0x0000000006DC0000-0x0000000006DDA000-memory.dmp

Filesize
104KB

Download
memory/3520-2911-0x000000001B1A0000-0x000000001B246000-memory.dmp

Filesize
664KB

Download
memory/3520-2917-0x000000001BFB0000-0x000000001BFFC000-memory.dmp

Filesize
304KB

Download
memory/3520-2914-0x000000001B720000-0x000000001BBEE000-memory.dmp

Filesize
4.8MB

Download
memory/3520-2915-0x000000001BD50000-0x000000001BDEC000-memory.dmp

Filesize
624KB

Download
memory/3520-2916-0x000000001B180000-0x000000001B188000-memory.dmp

Filesize
32KB

Download
memory/3700-3029-0x0000000000400000-0x00000000005B0000-memory.dmp

Filesize
1.7MB

Download
memory/3700-3021-0x0000000000400000-0x00000000005B0000-memory.dmp

Filesize
1.7MB

Download
memory/3708-3011-0x00000000009F0000-0x0000000000A24000-memory.dmp

Filesize
208KB

Download
memory/4300-3044-0x0000000000530000-0x0000000000564000-memory.dmp

Filesize
208KB

Download
memory/4640-3070-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/4640-3081-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download