Analysis
-
max time kernel
2626s -
max time network
2644s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30-06-2024 18:05
General
-
Target
b1nja_4.1.5571.rar
-
Size
349.0MB
-
MD5
c07c5d896251aa7561760651ec61b597
-
SHA1
37c2272149718130616787ea00e2a8af06690cec
-
SHA256
8513ac042c987c6d67779b532018e46be4762b3a6082348c53ab49ba7ac91b5b
-
SHA512
a25bf9b5720881993c8ca7636390ec31d6f9948c07ebee910ad54e01aac754a4287ea515fb45cce165df794e8e338d61d32543c9ec9cadb4edf5212f71e61203
-
SSDEEP
6291456:xKMOlsABtDpX/VKqtp0tcno1un6UKs/BN2MjiEReOXVAAoggJt8/C2fcikL1G2+T:6VXpX/h0tZonJn2Mznl6PXp+Pb
Malware Config
Signatures
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 3 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 50 IoCs
-
Drops file in Windows directory 16 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies data under HKEY_USERS 14 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 7 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\b1nja_4.1.5571.rar1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\b1nja_4.1.5571.rar"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\b1nja_4.1.5571.rar3⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.0.971588525\1810125943" -parentBuildID 20230214051806 -prefsHandle 1780 -prefMapHandle 1772 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {746f9ea6-f489-442f-bb17-a2adf673ab25} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 1872 24140bef458 gpu4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.1.40284289\415200316" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2448 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b01a3ae8-b219-4855-b6f0-c0db63c203fb} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 2472 24134e8b558 socket4⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.2.662068674\1917176743" -childID 1 -isForBrowser -prefsHandle 1580 -prefMapHandle 3036 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c3b8692-80fa-44d7-a00c-27ac2b529065} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 3020 24144a54258 tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.3.1045833762\30243164" -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3588 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8317d90d-6b38-43c6-96b4-ab22e613e70b} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 3624 24134e7bb58 tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.4.143915904\257415161" -childID 3 -isForBrowser -prefsHandle 5232 -prefMapHandle 5228 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a3f1744-cadc-473b-a457-a1bbcd9ec8f8} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5220 24147b49b58 tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.5.440554481\520762962" -childID 4 -isForBrowser -prefsHandle 5244 -prefMapHandle 5240 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29ae28c6-985d-4f76-ae29-6a1fd350a313} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5260 24147d37558 tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.6.1184042159\1695104253" -childID 5 -isForBrowser -prefsHandle 5496 -prefMapHandle 5500 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 912 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fe752ca-9b18-4710-8903-4f8cde13cf68} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5380 241478c2258 tab4⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\b1nja_4.1.5571.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\binaryninja_personal_dev_win64.exe"C:\Users\Admin\Desktop\binaryninja_personal_dev_win64.exe"1⤵
- Event Triggered Execution: Image File Execution Options Injection
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\vc_redist.x64.14.34.exeC:\Users\Admin\AppData\Local\Vector35\BinaryNinja\vc_redist.x64.14.34.exe /install /quiet /norestart2⤵
- Executes dropped EXE
-
C:\Windows\Temp\{1BF824DC-488B-4D97-9690-0E5CF0A5114E}\.cr\vc_redist.x64.14.34.exe"C:\Windows\Temp\{1BF824DC-488B-4D97-9690-0E5CF0A5114E}\.cr\vc_redist.x64.14.34.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\vc_redist.x64.14.34.exe" -burn.filehandle.attached=544 -burn.filehandle.self=564 /install /quiet /norestart3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Windows\Temp\{61C6B65A-0849-4559-9280-FD0E4F2689D2}\.be\VC_redist.x64.exe"C:\Windows\Temp\{61C6B65A-0849-4559-9280-FD0E4F2689D2}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{796C06BD-2199-404F-857A-6F855DD157BF} {29922589-0E6A-4A01-ABEB-941E891CE7E4} 21604⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1104 -burn.embedded BurnPipe.{7AB05A26-9039-4022-8924-ED49101BFA64} {0262AD9C-0BEF-4EC2-88EC-8AF10DE92040} 21565⤵
-
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=564 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=1104 -burn.embedded BurnPipe.{7AB05A26-9039-4022-8924-ED49101BFA64} {0262AD9C-0BEF-4EC2-88EC-8AF10DE92040} 21566⤵
- Loads dropped DLL
-
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{D43DFFEB-7290-48E1-97BF-1DA4E2B7AFCE} {F24CA603-5968-4306-B84F-382658DBA984} 52487⤵
- Modifies registry class
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\binaryninja.exe"C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\binaryninja.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3960,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:81⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Image File Execution Options Injection
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Event Triggered Execution
1Image File Execution Options Injection
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Config.Msi\e596b19.rbsFilesize
19KB
MD5b93ab01989f912cf7f665ae7d35bfc65
SHA1a7e3b92a3cf498954b814b0ca4cdf6204daf2343
SHA256e692367daf639099f4308564ef053b3528be51f885c84697ec8cb117160089ec
SHA5124910e5202afc7e964635e228956dc2bacf1afcf77780d2078eed9e6c0ce83f46b12dd25d2f44a01caa564cecf26ed0ad7619bdfbf26670b85b05c7461c4ccfb3
-
C:\Config.Msi\e596b25.rbsFilesize
19KB
MD5a300068d68feb2b05798fd3519012838
SHA1ed7094c6f7afa42b094b4e78371c72ae0470780d
SHA2566e6c6f7b92c46f72686f8e429b6ef6a21c5021d9aa56ac8f4cfe42103943ed38
SHA5124964b319cf0a5db36f7c9a4906c5fbb542ae9dc3c662dc9c0dac74b68db7dd94840d2e3d5bd7c3021d3fdc230554772d573a00adaf242736c963acb4401d2589
-
C:\Config.Msi\e596b2c.rbsFilesize
21KB
MD5b74360324d7fd220bf5c932f51889265
SHA1dfb94f845089a2309f9c13c531991284074005a6
SHA256a44506aa1f2751a5c3e99832c8edbba01059fbfe20991c31bb88f7a70c14c8e8
SHA5124a9535b2ab6dd1bfb7c884d7e86447d587b662919c3b6a0295098a73116e1c66f6c64eb796a2d628ef30a9c272cd67f19cde103d3dc2e914d6b4a5ac9f3c4f40
-
C:\Config.Msi\e596b3b.rbsFilesize
21KB
MD51c849d2fef0a6de2046c6db485c5f54d
SHA1e3881ea1dd651cd85810cd9bdfef2ff0de67eb2e
SHA256af5870f58812d1dbbe6870929056c1f6d0b0b62481bc035a64b64bae6974eaf2
SHA512e63714c2e304e03e6896693502c002cccc0a20aa15ec6d1c4131610e70b9a9e3e8b25113518b8c1c1c872a8b16e276296dcdbdaa80ec3f3f9a0a2072d98b17ca
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\activity-stream.discovery_stream.json.tmpFilesize
27KB
MD500106a8385620708f88f051333284114
SHA11e7e3bb26cc5aaa8d7cd2d8b6e292b1d97f0d70b
SHA25622c82c96f9551b3565efa51102faca9fa39117f7827321a8da11ad72ac0a8903
SHA5125e5c56cad501578981f1517a06215d0531adb4e1b6cab8ace0a78929851a567e572569dd7fdf00dcbd17d4d1d041158388deade3b96b9af41411b6664b66a601
-
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240630181500_000_vcRuntimeMinimum_x64.logFilesize
2KB
MD5663a8af822acbf62a627f470fd766f93
SHA1dadd4f722e33b7307f3810665d95955eff177c10
SHA256e9491a5f111445a3d17ab20623fe98c8ce1b82e2c6de48debef4ff663d06c1f8
SHA512aba26610d27c8efa9412b3357e297281ab1e03ae3e81b68af2ecd9a14ad21c95dfa097cd69dbe557feb33f76dc5634407a62da6d9084d79a2288c2e247500e39
-
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240630181500_001_vcRuntimeAdditional_x64.logFilesize
2KB
MD55311af008c183a211834ebc0fa7a12a0
SHA1aaa8ca4fd9914f60e31344da40c408de789e3656
SHA2566c785dceb53191fb8c662bf52848a8dd14cf62ba0d9191ba516b9887f4fab58c
SHA512946323cc2b1a22727a91ec2486ba69242ab97430ab3ae720e5e1d3d6d3e4f25cbc535b575ad932495a60fda47639942b72b1f3a7aa0b106dcac51f28be4df86c
-
C:\Users\Admin\AppData\Local\Temp\nsjE636.tmp\System.dllFilesize
11KB
MD50063d48afe5a0cdc02833145667b6641
SHA1e7eb614805d183ecb1127c62decb1a6be1b4f7a8
SHA256ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7
SHA51271cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0
-
C:\Users\Admin\AppData\Local\Temp\nsjE636.tmp\UserInfo.dllFilesize
4KB
MD5e167f9a565781a30c03ff10370033319
SHA11858758b076946073de375c6eb1bec9867aa3689
SHA256a912514823df595ba3a048099d3b89e925a4d41742afc67e772060952892f312
SHA51296d8f5ac8e2c0961ba71075de52d12515e7a058cddf3fa1ec14e77545b0b5f4e29324a13e2eb287a447f1d24dc9f09e0a70b0a25401b0ef8d90e6e4a96ce6c61
-
C:\Users\Admin\AppData\Local\Temp\nsjE636.tmp\nsDialogs.dllFilesize
9KB
MD56e64e5d5f9498058a300b26b8741d9d5
SHA1837ce28e5e02788da63a7f1d8f20207d2b0bf523
SHA2568d4b1c275fd1cd0782a265080b56d1aec8d1c93edca5ef3b050d1d20d7b61f33
SHA512f53514d36021d79f85df2494d403f03589b3ad848889b9224f962cc932ef740f127131a914c7171ad8136ca1ef631285ea1c80576db18ccf8ea56940eb00ea1e
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\Qt6Core.dllFilesize
5.9MB
MD5a0e1974d44b567a5d996f02cab676876
SHA1ed7e9b3f52fe5191e35b6906a359b67d3c5e670b
SHA25683bbf9f90caa9caafef9ddcbdf244c1839e0a2e1a9481940695ff4cc2238bd4f
SHA512d3593b2e1815e0acd04fd1e928f8c7145122608fba942980bb8665180197d0774c51e3e4871315d75cf6842c38cf3c05ffd0d8309917f20a270e9a26e8acb7b8
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\Qt6Gui.dllFilesize
8.1MB
MD5aeb9886b7aef5f8e933896eef9764b5f
SHA18e214fdce4b25383f19d318096a5e9e1fb3197a4
SHA256192c5bfd621d58610faf6736f993be378fcbcfd809a39ef4d8c9f72bf4feed4e
SHA5127ab2bd20afbcb89feb9296369192bb46b353ec1f30b04957ba95e9ae760703361170b0728c33f05695968571bf076c84cc9e995699b7963dd6f473bf5aa729b9
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\Qt6Svg.dllFilesize
369KB
MD519a2b8a9a41d022809b466b11fef2c1e
SHA1ac90eeb70b2c8dd916fb735391fe944c69e94942
SHA25673db4f24d83f312a6de049fa199c4b2c30378a7e87fd6e8e095bfe004baa15ef
SHA5124231d34983ff1e59dea40e0f49e0b2c5d260e1a4fee9e926e765f08730d76c52d39c9a1145e5fbc3f87a41578b23a1ce5e27ff83412464b8ce224cb4983fe1b8
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\Qt6Widgets.dllFilesize
6.0MB
MD57886edbba5544742678777b5e8110ea0
SHA15e88f98867c7032b3448dc754a959b411ed485ea
SHA256a5f96aa7416bc2a18bc75a14f55f5fbd35af36a944be263b42544eba7e9c17d6
SHA51244f8b43f66ba07b25560695421ab32759438bb2707b225e2bb6c78c04c004fadc11f3f017359d613fac1e47165e849c22b1c62a62a62a038670ba69e8231af08
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\Uninstall.exeFilesize
258KB
MD5df829de1f997497c93567914f633d0ec
SHA10036aa7a004dd44fb93d6ed84406b27dcab210a2
SHA256b0d85b9100bec0fca8e66a219ee5f61d3c8d2f82380f2260444218e0c4099ecb
SHA512fdaa8b81ec6f2ffc7151207d852293cdb7a9fe5cb53597a611c0ce5c6232a736784bce31e6b19d5f1b24e4bf32af8ba9b0875a74eae493285434519227fd5d24
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\banner.bmpFilesize
150KB
MD5d86a52db82581ed078b2d9d00d51b4d5
SHA14ddfe48aec0b82378c3e7c7e6feaf781e3c45cdd
SHA2561e92d6afb12182deebf30fbf9e63975dcc5dd062615e57e474efb3a336fee822
SHA512aa9e24fa32e7bb75ddadd2bf833bc3cd4bbf7e47e5ee58711b17d52acfb2f99e3facad8c21d7db5fd1ebe572f8ad9f08fd3e2b6eec52edbf7b166297be56f161
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\binaryninja.exeFilesize
22.5MB
MD5a64582a86f200c2dc55617de3ae2f9a6
SHA1a791dae399f74d3bd51621f28ea148e8d1d3bbc5
SHA2567a4710a1e1d5c832f96078dee68774a124a7c24989f151ac268a5fdcee37beb8
SHA51281dd37bc848e5fe368091da3daf3d482cd185cb880f3a9a335b206d6f23e63e4087114dfc246f319564cfae022655aa1ea547b2ffd4b8ae8fae74b27b806eebe
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\binaryninjaui.dllFilesize
13.6MB
MD5794b52fa0909259bfe46fb7df38d0b23
SHA14dd238e2987b22dff5d27328d0a0c1c067f283cf
SHA256cea13b0b62b3722295022c93c1a37a1cb260557e7294df937a8566e8de5e7082
SHA512b5b489332dff3f2411ed1b917b2c4c3fb2b2d82c30f5fa789d3812a6673cfa9c9cbc382284e1497217b20fadec4a39fbde169f39b7640ac296453298b4033e32
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\license.datFilesize
1KB
MD5e76f642922b35b464756eb881741b1cf
SHA14fc3e5f2e3415e355137308868c10ff2d2132d71
SHA2569e7068e303e2caf7387f730003a3b8d9090557688b8a40e53e762996bc707abc
SHA5125bfecd0d86ab27a5dd0f2162db6ee73541bc03e524584207a73e2b8ec63daa518f9fae7f68c5a5431da17ee355063668dc91edfee8f888bfd45a2b475eb92251
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\plugins\arch_arm64.dllFilesize
4.7MB
MD50c4526e6bb1ac0b4e67126db02923685
SHA14188e47ee12c3436816a59991c2ff8d46c2bdb14
SHA25648fd9e5ad5dd5f7d772cb5b917a876be52daca2cf0b9364c11da558392356115
SHA5126edbdc42cd6b3fd2b8a8633b9f06136617bd0499dc0524f53516270f55ec3a2b373ec4001aa3d05749b28799825a54206807e67fd599c82394162dea3062bce1
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\plugins\arch_armv7.dllFilesize
3.9MB
MD558e2f5a9ce74e91328c1d16ccc4b5455
SHA1275ddf346007287c299d650bab4fd481dd5f9255
SHA25623c4020447884262945abc6b87089f96b0b83f26cdaea23625c43a8084b378e0
SHA512d0a3867d53e37779ca834ca93e9f3b4f3c153aeade4c9c1877d6e80de2ea19329ca50e0b4295754a004bc6b15c0fe9d68115a8fd266de3d149494cb42022822a
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\plugins\arch_mips.dllFilesize
2.9MB
MD56cfe3e14081aad57d75df9e9710d252b
SHA1a64cdd9f1e34d6575054da54f8b6d5c9de959b9a
SHA256028c69ce3249931e139341fa64655eb2387e06e8edc5dbdb7b74d05d58165f93
SHA5122622ad63d7be2ece6a71081cc1481c9104724558ff6313661431c5cb66f575dd853e858d9eb4c9f85b0e36826e1610520d3f2b88fdf9c06fab039c8e78bc8c3e
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\plugins\arch_ppc.dllFilesize
10.4MB
MD50006307a63a911ac23d17fa683a876b7
SHA17b83e4b837d0677f597bdc9bdef4716fc9407858
SHA2566590e59d8db80ad2c91279892311195ddf5cc2d4c6547772e2fb7f93b9c06811
SHA5120d15cd3bb8d3e502c4ffbd292817a35d3fb177dfe1d3cc73d8f312bbbea73ce78c4c96be102b88fcc41586bd3e615ff782341a58471cbcdd15bebdb190ba100e
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\plugins\arch_riscv.dllFilesize
278KB
MD50119895428a89c13503caac50eab3561
SHA1e65b59fa0f0cde2dea4b5934b37dfda4df158438
SHA25694e3c775a672bec767f3601911c7ca9d26ee73999ebabe2ef7d2b2ed9b1597f5
SHA5124e14b22a5b309c92270fc03ada71e7d80611c7ce3aad065e944a9b1fcaf9370c4863bd788b828fa46faec452eaa39a600618dd0d5518e550f37e2ed357c0275a
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\plugins\arch_x86.dllFilesize
9.0MB
MD5d2017f91f1c253a1d981e578ae7e9985
SHA1d5001828a497ce27cd5ae203eb025dd4e5db8053
SHA2565ca194d6c682a2fb985ca7db7043ab25ba4dded32176549d1765c416d8d4e2de
SHA5127c840c1397fd2b8fd6ebe7f1b53ad701d3df00a5233843b64e07124bc33511c4572359c8073040eede8cd2fed00529c713c754f3b35b850b3882d868b12851a0
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\plugins\debuggercore.dllFilesize
3.3MB
MD5e75786a74deea85e5580d6da8abe11f0
SHA181438b909a85d59fe789824a344567c04efe6bb0
SHA25698b78ca84baeb02ac217c52d39e91d8f18ef23876956108bb597517d2e2f2c42
SHA512130080037d9b07d4b1287a6c69cc765ce20e338a35d947b17eb2d75cad12e2f3df28310a9e9371bb88c632299be6feef2651df8fdfe8a622a5b1b0091f690b3e
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\plugins\platform_decree.dllFilesize
2.8MB
MD50dbbaffb7efaf66483bd7c00c603acff
SHA1255093282f1043f42e78f772bc2dbdb6f028665a
SHA25614e234a8610daabc41f6936f9bd162a94ec5f01055241d720d8c3899d1c784a4
SHA512913ee5ee0fbe2efd61933e207dc7b1f48b6371b8f40933aef11ade47d766afb788ee1a984e0539c774309d78699908dca1473a20ab073506cf6650668446bad0
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\plugins\platform_freebsd.dllFilesize
2.8MB
MD564bf7f0dd2680614a97f20ecdaf53e28
SHA1e6a43ce8b2bbadd0f8c5de0a4b794614b3ba04ae
SHA2566ad11a0af9f3b7bfaf2fe0aa101be07a5de47f93f0f57c8f58199ed16bda5b56
SHA5120aa780fea1ccef6a7a2fe7ec3086da6fed86827233ab3b8a230c81c0a72ad82988bdd03c96626c57775a430021a9bbd0e41e9193bb96830f2e11ae83acf6c414
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\python3\PySide6\metatypes\qt6qmltyperegistrarprivate_release_metatypes.jsonFilesize
4B
MD5f17c6890ce3e5d805aad7ee46da00fd7
SHA1855ca7e4e0c1c862e50b76ecfb4184cc39df46fe
SHA2563fbbd4c6d76130399b0c79cdf41758669224a91e05b7b216953f0c9728750865
SHA512eeb77c599dbe5da30338cf5a7b9dc16f5f4493aa68ce5e9953553434541551b5ea8bb9f5289fd0ee15e1ac4513c7d2888797b3d72438defb196270483608fb45
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\qt.confFilesize
140B
MD55b2b53ca62eec3846a3647277fd5df85
SHA1fc160b8d94e025b60934c4ff2fecd7cb4ff9e491
SHA256941b4a02b8794e0787817a0fb015ee9ea2b9da4de1061fbb784d9ce1ff077a79
SHA512e828068e1032c6d0f90ef393f5b631abd14bcb8027ae7e8b93f1da484258e8f5b82e720963bb1588a6f2a3ba692056e078e065e0b2bda3dfb15504690a9828db
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\qt\imageformats\qgif.dllFilesize
46KB
MD58cffcf9b2898c01230b51accbc83244e
SHA1fb886795f77d439e924e836cfb9bf56f523d230e
SHA256e0102a4fb68d6516d98c721077f72c90a80672efefb8aeaf2434554be86466c6
SHA512a21e6d524f47e5a73dfa95a3142bdb60e0ce6f3a6debcfc74564b8cf8c372a39b555e88675640c9711030a1b1ab4a01ae4b0e6fe7bd55ed230c64b76c8e1cd3a
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\qt\imageformats\qjpeg.dllFilesize
615KB
MD5ea0c5d5eb0aa2a2d60666d200464c005
SHA1843246ed8887e319ad497d24d116ccc7b130c999
SHA256aeb8391c50cd4499b24f3212afe58655475e4f0327c301a0f07d8ba9b8d98831
SHA512a539ac588a6c79ab1f728dfa322bf92a47268577a32ac7cca57dcef4fc80b6400d9cd1a8ffb55f7626e802d695be1d4085cabc39b026b6c74f5ba18170b87b3f
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\qt\imageformats\qsvg.dllFilesize
37KB
MD5f3194c219c6e4eee90fe08a98b0b7caa
SHA17417b5ec8018d90cc1822938cdb90906d8abc7fe
SHA256bbb1dac7b189f577ea73be8e1e83cd9a65cf44dbb5926ee924431c21d532a369
SHA512dd9c59a749e6c4dbda18cff1009ca146c480b4ea3e64976f5fbac690413d63735f2f9eb18c87f849eb165bcd706b396f1f13d950e8d73daf9a277f0468547869
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\qt\platforms\qwindows.dllFilesize
852KB
MD5220c2f94cbb884f61f4f65642b1b0ea1
SHA16eb700ce8f73fb378c6db3fe1cb4891228523f9a
SHA256c1d48b54cde919cfb600a3b73e5ff2fd3ad131fb463d9c8ce28d5f6efb618fe3
SHA51262637fcb7b43edba524aaa12953441bba497264742ea2bdd671c6a43e60fea60d1c56406454098c092c10f5e6c0d1ad68430802dc0d3f8d34cf507a65c83b1dd
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\rust-docs\trait.impl\binaryninja\architecture\trait.FlagGroup.jsFilesize
187B
MD5d758ec0f72929c2123b5408a155ce078
SHA1e5ff82a7cf89535bdde1355fa00a96e31caadc52
SHA2565b1f6255dfc366257dea1be3a1aa6f7cdc27fbcbc5164e92ef45439223cce80c
SHA512bbf58295a92342a7d4f223d5a9b79708be46c7f69e7c221bbdecdf7e0b23e56f4fad1b8d88501a38cb6df28162c7fb7cef46c67f76e2cf3ce4d4f14280097682
-
C:\Users\Admin\AppData\Local\Vector35\BinaryNinja\vc_redist.x64.14.34.exeFilesize
24.3MB
MD5703bd677778f2a1ba1eb4338bac3b868
SHA1a176f140e942920b777f80de89e16ea57ee32be8
SHA2562257b3fbe3c7559de8b31170155a433faf5b83829e67c589d5674ff086b868b9
SHA512a66ea382d8bdd31491627fd698242d2eda38b1d9df762c402923ef40bbca6aa2f43f22fa811c5fc894b529f9e77fcdd5ced9cd8af4a19f53845fce3780e8c041
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs-1.jsFilesize
6KB
MD5e49b215b3248ea851a7abb7896be5100
SHA19a6183ac28c2c4c5c9e64fcb7c4b75aaeb1457f8
SHA256492f48397d0e258d527effd860469776e6860f5446e0472e8b25e261418bda5e
SHA512cdb41504e92c9f306399780d3dcb2c27a7dde4604c56b1e0c21dbb16f7e595d8ec6098e0bd50f7ce12898879a4844ea0566be377f8a7e475dc1d6101c2032f1d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs.jsFilesize
6KB
MD51993a95e5df85d51df347a61598cc22d
SHA1c4e3bd9704c5c4247d6fd64a8bb3eb8c7b54e7e8
SHA256fb13debcfb30f6a90b4b6622845f03323ba56aa20ab662ce1853d07980c3d0bd
SHA51286922417faa2a3282423f09457a389f5900426eada5dda3a6b29dcc73d337cd3228dcaa8928a7fde867efb83310b24428e105f4b4bf64184cc19f88ad5d45046
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD5658abcf72e106cbff0045e9743af7037
SHA14e3d01a045990a9ec6ed40d9a8132cf9fd9c0918
SHA256965e3c3461e30dbd61dabe446e186cd6233b80ec934478c1561ebe330188d7fd
SHA5128cc16ffca0271b286483a12edc773f8e026a38660528c1f9776f5bac1231c934569a7a7a00dca402035fe1dd1ff8dcd6b493567a2402f44996151e0d33a653d8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore.jsonlz4Filesize
641B
MD5cdf552c948aafaded992f408e7dea345
SHA10e487511cef5984e5e5c1d4a98ba8f44fd740326
SHA256da82bc2a4e0b3ee09c81a36eb430916d39c98f75f8d6be4a1bf43fecc58b0e1e
SHA512b980e4f723bb0cae3c0db5abf0f5b323706ab5bc303ed417e662f4fcfd7f3825c79dde60c94852a3a3c16463c8d7c4a4ed65c2825a6d7113b5adb10da6cd20b6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
192KB
MD5058df786c387debe4bca196f2d406e0f
SHA111fa2d330feab1989e1bfd44e810c405449e9642
SHA25697e26ef8ca3a71131771605e3174d09d8847f6ea950fcde1a91c463cd1c40f5d
SHA512a459f6f713eb224fda72b7e647b2b74e7238591ca2c4413e6809c8e14261377f1bb83cb55d12f2d26ef3d0c7fd7d3391c73947d31e7828d69e5357e37b9d33dc
-
C:\Windows\Installer\e596b27.msiFilesize
180KB
MD5c214a9e931bbdd960bb48ac1a2b91945
SHA1a640c55dd522e01d0be4307a5eee9a40f779a6cc
SHA2561dbd3e4e71c6678e640c289c1c64bbb12c70f65f52b27191680a9e4141d64b11
SHA512d25fef3bdd3cd18035892618602e27621e9fb3a913e7972ec7bb624d593ae4b766e718fd2e2c7342c589e9a97beb03d2fedef22e824c6b539b83f199cb967933
-
C:\Windows\System32\msvcp140.dllFilesize
566KB
MD50929e46b1020b372956f204f85e48ed6
SHA19dc01cf3892406727c8dc7d12ad8855871c9ef09
SHA256cb3c74d6fcc091f4eb7c67ee5eb5f76c1c973dea8b1c6b851fcca62c2a9d8aa8
SHA512dd28fca139d316e2cc4d13a6adffb7af6f1a9dc1fc7297976a4d5103fae44de555a951b99f7601590b331f6dbb9bfc592d31980135e3858e265064117012c8d5
-
C:\Windows\System32\msvcp140_1.dllFilesize
34KB
MD5c385ebc3a83d842489021e48e23bc925
SHA10a992abb2e424da981196edb280e7821f2033d9f
SHA2568e49a6d937ee6ac20d949629b54e28caf01aef312bc7184063280346b35899e3
SHA51285cc4c9fbeacddc934d46d907354c1fe93dc62b1bad7a6ccdb7c9101e820d01717e863fab39dd6bc062f38a100f03d49ebe2b3905146bcedfc6c014703d8c3b3
-
C:\Windows\System32\msvcp140_2.dllFilesize
192KB
MD54b27f209925c247252babeff90d6cd2a
SHA1709dc2e8a03a9f261c64adf3f1c0839de62ddf52
SHA25625305353c51ac72f4646bd549493becdbd6c997605f70c937e72cad3f962182d
SHA51230e8ef20ec13abe50a13319159eb2ba1ebb117e1e4c438e24de48331acab34d8af3531e051cd93597eb5bede0af81ae223a06daa072ff226d79240ffff68b7a6
-
C:\Windows\System32\vcruntime140.dllFilesize
106KB
MD5870fea4e961e2fbd00110d3783e529be
SHA1a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA25676fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA5120b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88
-
C:\Windows\System32\vcruntime140_1.dllFilesize
48KB
MD5bba9680bc310d8d25e97b12463196c92
SHA19a480c0cf9d377a4caedd4ea60e90fa79001f03a
SHA256e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab
SHA5121575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739
-
C:\Windows\Temp\{1BF824DC-488B-4D97-9690-0E5CF0A5114E}\.cr\vc_redist.x64.14.34.exeFilesize
635KB
MD5848da6b57cb8acc151a8d64d15ba383d
SHA18f4d4a1afa9fd985c67642213b3e7ccf415591da
SHA2565a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12
SHA512ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6
-
C:\Windows\Temp\{B0B70801-E3C0-4AEF-AD85-011DA59E2721}\.ba\logo.pngFilesize
1KB
MD5d6bd210f227442b3362493d046cea233
SHA1ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b
-
C:\Windows\Temp\{B0B70801-E3C0-4AEF-AD85-011DA59E2721}\.ba\wixstdba.dllFilesize
191KB
MD5eab9caf4277829abdf6223ec1efa0edd
SHA174862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA51245b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2
-
memory/4740-4354-0x00007FFCBD6C0000-0x00007FFCBE12D000-memory.dmpFilesize
10.4MB
-
memory/4740-4371-0x00007FFCB6FD0000-0x00007FFCB72CF000-memory.dmpFilesize
3.0MB
-
memory/4740-4373-0x00007FFCB6910000-0x00007FFCB6C82000-memory.dmpFilesize
3.4MB
-
memory/4740-4374-0x00007FFCB6630000-0x00007FFCB6904000-memory.dmpFilesize
2.8MB
-
memory/4740-4370-0x00007FFCB7C40000-0x00007FFCB7F0C000-memory.dmpFilesize
2.8MB
-
memory/4740-4366-0x00007FFCBA9E0000-0x00007FFCBACAE000-memory.dmpFilesize
2.8MB
-
memory/4740-4362-0x00007FFCBD3F0000-0x00007FFCBD6B9000-memory.dmpFilesize
2.8MB
-
memory/4740-4323-0x00007FFCC1C80000-0x00007FFCC2279000-memory.dmpFilesize
6.0MB
-
memory/4740-4357-0x00007FFCB9C50000-0x00007FFCBA54F000-memory.dmpFilesize
9.0MB
-
memory/4740-4375-0x00007FFCABB70000-0x00007FFCABE50000-memory.dmpFilesize
2.9MB
-
memory/4740-4380-0x00007FFC98F60000-0x00007FFC9931B000-memory.dmpFilesize
3.7MB
-
memory/4740-4324-0x00007FFCBF1F0000-0x00007FFCBFF89000-memory.dmpFilesize
13.6MB
-
memory/4740-4372-0x00007FFCB6C90000-0x00007FFCB6FCF000-memory.dmpFilesize
3.2MB
-
memory/4740-4368-0x00007FFCB96B0000-0x00007FFCB9980000-memory.dmpFilesize
2.8MB
-
memory/4740-4379-0x00007FFC99320000-0x00007FFC9965B000-memory.dmpFilesize
3.2MB
-
memory/4740-4369-0x00007FFCB7F10000-0x00007FFCB81DE000-memory.dmpFilesize
2.8MB
-
memory/4740-4367-0x00007FFCB9980000-0x00007FFCB9C4B000-memory.dmpFilesize
2.8MB
-
memory/4740-4365-0x00007FFCBB020000-0x00007FFCBB2EB000-memory.dmpFilesize
2.8MB
-
memory/4740-4348-0x00007FFCBE130000-0x00007FFCBE518000-memory.dmpFilesize
3.9MB
-
memory/4740-4322-0x00007FF788AC0000-0x00007FF78A13D000-memory.dmpFilesize
22.5MB
-
memory/4740-4321-0x00007FFCBF1F0000-0x00007FFCBFF89000-memory.dmpFilesize
13.6MB
-
memory/4740-4351-0x00007FFCC0070000-0x00007FFCC035B000-memory.dmpFilesize
2.9MB
-
memory/4740-4345-0x00007FFCBE520000-0x00007FFCBE9CD000-memory.dmpFilesize
4.7MB
-
memory/4740-4342-0x00007FFCC13B0000-0x00007FFCC16FB000-memory.dmpFilesize
3.3MB
-
memory/5228-4266-0x0000000000A60000-0x0000000000AD7000-memory.dmpFilesize
476KB
-
memory/5248-4265-0x0000000000A60000-0x0000000000AD7000-memory.dmpFilesize
476KB
-
memory/5684-4228-0x0000000000A60000-0x0000000000AD7000-memory.dmpFilesize
476KB
