hxxps://github[.]com/helIrounds/Hazard-Nuker

Analysis

max time kernel
39s
max time network
45s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/helIrounds/Hazard-Nuker

Score

8^/10

pyinstaller

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 6 IoCs

Processes:

HazardNuker.exeHazardNuker.exeHazardNuker.exeHazardNuker.exeHazardNuker.exeHazardNuker.exe

pid process

5592 HazardNuker.exe
5136 HazardNuker.exe
5992 HazardNuker.exe
5480 HazardNuker.exe
6004 HazardNuker.exe
1200 HazardNuker.exe

pid	process
5592	HazardNuker.exe
5136	HazardNuker.exe
5992	HazardNuker.exe
5480	HazardNuker.exe
6004	HazardNuker.exe
1200	HazardNuker.exe

Loads dropped DLL 64 IoCs

Processes:

HazardNuker.exeHazardNuker.exe

pid	process
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5136	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe
5480	HazardNuker.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs

Web Service

T1102

Processes:

flow	ioc
59	camo.githubusercontent.com
60	camo.githubusercontent.com
97	raw.githubusercontent.com
100	raw.githubusercontent.com
55	camo.githubusercontent.com
58	camo.githubusercontent.com
61	camo.githubusercontent.com
63	camo.githubusercontent.com
98	raw.githubusercontent.com
99	raw.githubusercontent.com
101	raw.githubusercontent.com
62	camo.githubusercontent.com
96	raw.githubusercontent.com

Detects Pyinstaller 1 IoCs
pyinstaller

Processes:

resource yara_rule

C:\Users\Admin\Downloads\HazardNuker.exe pyinstaller

resource	yara_rule
C:\Users\Admin\Downloads\HazardNuker.exe	pyinstaller

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\HazardNuker.exe:Zone.Identifier firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 4908 firefox.exe
Token: SeDebugPrivilege 4908 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

4908 firefox.exe
4908 firefox.exe
4908 firefox.exe
4908 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4908 firefox.exe
4908 firefox.exe
4908 firefox.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

4908 firefox.exe
4908 firefox.exe
4908 firefox.exe
4908 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\HazardNuker.exe:Zone.Identifier	firefox.exe

description	pid	process
Token: SeDebugPrivilege	4908	firefox.exe
Token: SeDebugPrivilege	4908	firefox.exe

pid	process
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe

pid	process
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe

pid	process
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4180 wrote to memory of 4908	4180	firefox.exe	firefox.exe
PID 4180 wrote to memory of 4908	4180	firefox.exe	firefox.exe
PID 4180 wrote to memory of 4908	4180	firefox.exe	firefox.exe
PID 4180 wrote to memory of 4908	4180	firefox.exe	firefox.exe
PID 4180 wrote to memory of 4908	4180	firefox.exe	firefox.exe
PID 4180 wrote to memory of 4908	4180	firefox.exe	firefox.exe
PID 4180 wrote to memory of 4908	4180	firefox.exe	firefox.exe
PID 4180 wrote to memory of 4908	4180	firefox.exe	firefox.exe
PID 4180 wrote to memory of 4908	4180	firefox.exe	firefox.exe
PID 4180 wrote to memory of 4908	4180	firefox.exe	firefox.exe
PID 4180 wrote to memory of 4908	4180	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 4992	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 1580	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 1580	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 1580	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 1580	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 1580	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 1580	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 1580	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 1580	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 1580	4908	firefox.exe	firefox.exe
PID 4908 wrote to memory of 1580	4908	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/helIrounds/Hazard-Nuker"
1⤵
- Suspicious use of WriteProcessMemory
PID:4180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/helIrounds/Hazard-Nuker
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.0.843404454\87462673" -parentBuildID 20230214051806 -prefsHandle 1704 -prefMapHandle 1708 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de79080d-a742-4c4d-bb56-15ba41dc7911} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 1836 29443227e58 gpu
3⤵
PID:4992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.1.1729120062\630061591" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f963dba-7f51-422b-8398-efee940a6a3c} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 2428 2942f08ab58 socket
3⤵
PID:1580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.2.470512303\413398042" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 3068 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {271bc095-0440-4faa-9368-e653aea81cf7} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 3044 2944641e058 tab
3⤵
PID:3060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.3.1960224352\1749192328" -childID 2 -isForBrowser -prefsHandle 3872 -prefMapHandle 3868 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {deea3166-3205-4974-b29f-0cc8d09d06fd} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 3884 2944812fb58 tab
3⤵
PID:3916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.4.315400457\1168346786" -childID 3 -isForBrowser -prefsHandle 5240 -prefMapHandle 5220 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea7587e8-4e56-47a8-8ba7-df4ec3c9a982} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 5248 29449ef7258 tab
3⤵
PID:4980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.5.191632556\804376910" -childID 4 -isForBrowser -prefsHandle 4892 -prefMapHandle 5216 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d12e152e-4a1f-4d33-bf1b-8ea3a32915ed} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 4888 29449ef7558 tab
3⤵
PID:3272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4908.6.237737920\1114979589" -childID 5 -isForBrowser -prefsHandle 5508 -prefMapHandle 5608 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25d106f7-7ba7-444e-9b06-847337234885} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" 5496 29449ef9058 tab
3⤵
PID:3964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5524

C:\Users\Admin\Downloads\HazardNuker.exe
"C:\Users\Admin\Downloads\HazardNuker.exe"
1⤵
- Executes dropped EXE
PID:5592

C:\Users\Admin\Downloads\HazardNuker.exe
"C:\Users\Admin\Downloads\HazardNuker.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5136

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:2720

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Hazard Nuker 1.1.3 Made By Rdimo#6969
3⤵
PID:5388

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:5536

C:\Users\Admin\Downloads\HazardNuker.exe
"C:\Users\Admin\Downloads\HazardNuker.exe"
1⤵
- Executes dropped EXE
PID:5992

C:\Users\Admin\Downloads\HazardNuker.exe
"C:\Users\Admin\Downloads\HazardNuker.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5480

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:5524

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Hazard Nuker 1.1.3 Made By Rdimo#6969
3⤵
PID:3900

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:4636

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:5932

C:\Users\Admin\Downloads\HazardNuker.exe
HazardNuker.exe
2⤵
- Executes dropped EXE
PID:6004

C:\Users\Admin\Downloads\HazardNuker.exe
HazardNuker.exe
3⤵
- Executes dropped EXE
PID:1200

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
4⤵
PID:2376

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Hazard Nuker 1.1.3 Made By Rdimo#6969
4⤵
PID:5388

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
4⤵
PID:5616

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rfj66zji.default-release\activity-stream.discovery_stream.json.tmp
Filesize
29KB

MD5
0c02a0b7913a2fe3bef28ec1cb527b95

SHA1
842e6b97cca763014a630d3df0c6d2bf460ec599

SHA256
92b3eee2ba23a552bf5e63cee79f87987e9c94be5437fbd863fe16bcb7968cc1

SHA512
ce622e14de851809f73556cd496a45f0b125b5e63582c13514fed29c172ecf3e5615d113efa7e9f07f22e0125419a8aad6034675acd14fd13ff1ab6d618bdfc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\VCRUNTIME140.dll
Filesize
91KB

MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_asyncio.pyd
Filesize
63KB

MD5
3a5fbfdc3091114488bc30cc1873365b

SHA1
a4da519a41ce499430f5fea6f731f59b41e8031d

SHA256
a055e2b17cba4199b48db6848e44543399870958f49b1afce10534c46298ef2a

SHA512
00e08a09f7124e3e300a834796cc106ce07f8801749dc2ce451d5397ed822c2b3c602c20344b44c608c4fc0048cac6897748daab91d80a1be877a9c44e531dc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_bz2.pyd
Filesize
84KB

MD5
5a8b3602b3560868bd819b10c6343874

SHA1
73a5ce4d07479894f24b776eb387abd33deb83a9

SHA256
00d2f34aee55b473bcc11838469b94a62d01fdf4465e19f7d7388c79132f019e

SHA512
2f2f8305fd8853c479b5d2a442110efc3ad41a3c482cd554ebcc405fcf097e230f5cd45dbfb44050b5bd6fae662ce7cac0583c9784050f0c7d09a678768587db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_cffi_backend.cp39-win_amd64.pyd
Filesize
199KB

MD5
c5c914f86f24711cf7e3a4e60274076a

SHA1
44c82230ae4b239588bd72ee724f7417a5f47e4b

SHA256
9339bacdf118a85eab0344ccf85bc3851c69d1b85d43aba46e4c67705a45668c

SHA512
e972490e592b0e10b46f82d167fe087f2654755fd8409e8d0830226d3d289c09a7e1d565fd527dbd8d12b5f560932f9d3b5cc313cd13294a65a8e75c5d9105df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_ctypes.pyd
Filesize
124KB

MD5
e1ef9f5c77b01c82cf72522ec96b2a11

SHA1
e83daa56a104f6ea6235822c644b6554c3958cfe

SHA256
a79cf8259890d5843cf8eaf29db8dbd4bfabed50f4d859756f93ac2b30617023

SHA512
4231ec5b06effae6497bf62853b79420529cabaee6b58f519c3c30bdd42c925e85979c29c2db0747dcff3f99f3b19dc02ece96347e08cf49eb0abb1e19238c01

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_hashlib.pyd
Filesize
64KB

MD5
8f7edaff246c46dbf09ab5554b918b37

SHA1
c14c33b14419f5d24fb36e5f1bf1760a9c63228b

SHA256
9154b36c178d84a901edad689a53148451ef3c851a91447a0654f528a620d944

SHA512
1947a1010fa1b07671aa471d5821792dee7f2b0cd1937d3f944cd0201a299e6cb37a41debbbd1bc6e774186f6d08ad6264055cba7652b0d5bd22691431cb360e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_lzma.pyd
Filesize
159KB

MD5
caa58290ab4414e2e22cc0b6ff4b2d29

SHA1
840902aaf7db40da17018776e5c842014c3a81ac

SHA256
185d407bcca7399c458133f2ce1efa938352b8093b2de040c91c3c3088ab173f

SHA512
a82e380ab1676424e52a36c08eabd572375dd36a7fe2b9df51d48c368aed6c04b0b3674bc6a9787efedd0ed70bb1869ed1a2f3a1f4238485710092b9cbadd00e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_overlapped.pyd
Filesize
45KB

MD5
60af9df3c5d25c193d73a566e763b0b8

SHA1
a87c3285ff6f59528611f42577d30dbf35827b45

SHA256
c63632bf1b28f7f1007ff093a9ef3d034cb9480fc373c29e06a407b223b6ddff

SHA512
57c33929ec284013e88696ab7c099d570d0211d99f8e2027f1d8db9ae66810ccba6992959a2d543929f59bfc67cc4d1cc9264046e02df9cd119c3b1d2ec41a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_queue.pyd
Filesize
28KB

MD5
671a9ac9b34f07ada65bf1635e4626c5

SHA1
d4a6e478caaacdbdb52f57d12e16ba96671d30f2

SHA256
3f1fc09b3f0a5c8c7aff4223d002952ab26f462aa390940a9f00454815204739

SHA512
92617258ef747f93ab2c378f5c9a2aac14668d834df15939c1ef83a555490b9ee3380d7341bee60c33057482736a595593749b8794ddeaa9649339363095108c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_socket.pyd
Filesize
78KB

MD5
e71c0c49f7e2bd39cafeed1dca29455b

SHA1
22cb314298c6c38e3246f73dc7277ed00d6b8449

SHA256
3b0ea76a2b0caabf5b8994d3789778575ecbf2831acaf4d53d274e265d271622

SHA512
4c09599c7c93427b30a011cc39738983c79f0835292e5c0e7e19f6329f33810773d0e97e20f4698d22b6d0b8b643521bc3ce318c890366872ed26b6d3dab5c05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_ssl.pyd
Filesize
150KB

MD5
39919e97dc418e0099b2a0bb332a8c77

SHA1
f04c9d78b3d5e2a95ea3535c363d8b05d666d39e

SHA256
b38b09bf0421b1f49338ded8021d7bc56be19902d9b21a9b6e9c8df448f93eb2

SHA512
f179ebe84ae065ed63e71f2855b2b69cdedfc8be70dace0eb07c8b191768eace1312562e27e77492481f214f85d31f35c88c2b1f7a3881cee9dffffa7ffc668a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_uuid.pyd
Filesize
22KB

MD5
0803ad237eb9e6370d71d0c500ce6493

SHA1
60479ffe844717a7ccd451ae1cfa5208ed003177

SHA256
fc5dc4af3a540c97d33cd300558488884417912629fad2e36baeba6ffca9faac

SHA512
1f8a19fe1c228a5f7cde873a89d3c64e9b3c9b2d9b360bd893b86ac8558bae76a5f08b6a6ba093ff369f0f04e72ec10260d1d2299b796b2c1433ae11ae8b6e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\aiohttp\_frozenlist.cp39-win_amd64.pyd
Filesize
67KB

MD5
f7c00c9bbaeca63a0a8da67ab9e3fb7c

SHA1
a86a7636298ae5043bd8950138d10e91063b381b

SHA256
220cb66b74d61e687c7d0a98bc0d3ad6733d7ab82424e19c18bebcaeeebc047e

SHA512
3c43d38b87970abebb901527719399e1435b491da9325907e55936cd45453d3d4680533b5bf834213febf12cfa6ec1f519d708d35826e6facbdcdab04ec00a1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\aiohttp\_helpers.cp39-win_amd64.pyd
Filesize
48KB

MD5
7938d35fb7c5bde9dd9822111ecd2f87

SHA1
e7152a50fd8b2317fc20028f6c3f7267414b45fe

SHA256
4f7367d7ea4958438262b6ee2d6df8f9aae5fb4e2494bdc4a02df5efcd6a68e4

SHA512
1b232ef1d3b708fe4206825bf8680cbf5497800c3dc72eb0379169bfb0a34bb41a6c263974814046847e69658948dcae68c520fc9e50648194e12feeb4818b73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\aiohttp\_http_parser.cp39-win_amd64.pyd
Filesize
242KB

MD5
d381dbb43288121be5d102f3d61a865a

SHA1
cebb68cae502b1bb922aaae4c571303ef9b91989

SHA256
dbfd67c208bbd93e9a8e0313c3c260ea3256d4cbe96f5bed3a501447580000c3

SHA512
739870998f916d66518d5d1fd65babe6a1540fe3acc2eb5408f88913be76a8d461e24324a69fced31cecbff95291c670949df67261e9c9a16c304b8c06d8fda5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\aiohttp\_http_writer.cp39-win_amd64.pyd
Filesize
43KB

MD5
40dd6fa98985becc0ba809fdb896c222

SHA1
bf3529145b60c284ac295b26a703880a8c96e337

SHA256
1fff6c5a7803d1a761e28a2df10d50f296971d4c456e48c221c813619668c989

SHA512
96a8b7fcaa17c27c309bc63f462023f30609a9007bfb4d03ad780ca98f1a2a4ed79503e2f69f7aca8aaacd11a724fe88295d0b19f44840b2002fd68ae8fb783c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\aiohttp\_websocket.cp39-win_amd64.pyd
Filesize
29KB

MD5
8fc5b699af22528f41a313419759a692

SHA1
8a05451af1ad08a906c41e19bd5a36803b4127b3

SHA256
1714079e7f4f0c85467cc07ba78bf2d9883cdad9a4a369b381a394ab05272c11

SHA512
1235e28f76ffe7b44209e6c8265eac78c6ae296f1c3304b186cae0b1154c39b35094e64cba8cfeeb222a2177d9c9a4ba78fd78f71e7e9c55b3edffed723afa3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\base_library.zip
Filesize
765KB

MD5
d0cd1e5f99e0f011bee4c441cd50d210

SHA1
71312237e5b0d5fac3985ac78bffbf9e20340819

SHA256
e1d9baeb94f2bc2410719ee41780e0ef63b5f68bbb00e95e431462cf70486afe

SHA512
d07b509216c6550bf36d36aa59fd941a5dcccf65f830ecae1abcfbe6ec720788eef8170fa8459de18a35bb7eed062e60703ad92c27585f372e298fe63b8f4957

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\libcrypto-1_1.dll
Filesize
3.2MB

MD5
aa811bb63dbd4c5859b68332326f60b1

SHA1
6e5584d5c59d2f79cbf60c6c71a92ecd7e4e0977

SHA256
00a1eeb37372d11559bf44c9e68af9c841c41c95a173f3dfec4e0b5923d0cae0

SHA512
dad9b14f501fd63824480f8801acd4004dd46f7a6965ac8ab91e573676236a11099f4b7cfdf7b3f6c0cc52a3b2e5d9b50f715f53a1f4f858ea2a5eb15d5092cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\libssl-1_1.dll
Filesize
673KB

MD5
2335285f5ac87173bd304efeddfa1d85

SHA1
64558d2150120abed3514db56299721c42c6fe58

SHA256
1b57a201184559164dedbddcb43bb110a18cafa19ea3d00fc23274ccfc420e94

SHA512
82737590d5ec7315ce8485c4794c01bfcce176ce443740a9f0cf5adfc3c3ed31a714556d33c1ca56db486636111d1ad855f606c87e5f322a505c535187ce2bde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\multidict\_multidict.cp39-win_amd64.pyd
Filesize
43KB

MD5
1e2c9dc22ceffc071f32c2c80d060af2

SHA1
7624db023f4b5c70c36429d7dc03e5acdcb797ce

SHA256
22243fd704b56d0df0cb59353b2d800b04079d55e0582b367007ef8823be2f4e

SHA512
8a433b04e1fd9e09177e54ffeddcdd9d8eb3944a61ee74aa1bb04123621a3e2009d1b6b98c1b0e526499a2cb75a05b02e9b104dd3c5a70be9f0a555e14458944

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\nacl\_sodium.pyd
Filesize
336KB

MD5
f2f8c186dbb91b3dddf6aa7b44ee05d4

SHA1
95eb61564c5191e59ca5e359646e9564d77a6f97

SHA256
ca83a6731e6d49ccb86d94601b148bd4cc36ad89f9cdaae6eec46481047d13ec

SHA512
ae2c2ef8abf304cd9132add4cc2f08c4c5486ad96058351fe101788d014a04cb554dec5fab779f9a2ccb9d13ffac45dca3db89e36de163076e5b4c9ff171738e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\pycares\_cares.cp39-win_amd64.pyd
Filesize
147KB

MD5
859fff535b211a1ec91b427d328aebe3

SHA1
c225193113294216ff944c3029bf88e99b01a9e1

SHA256
4345d221b04268f0cb94ea0221cc6d5a428a882a4fe11ed0327543edeea29248

SHA512
9c9cce3195f6632701b3b66489b79ec1e6442665433a22a9ad440800d4c6a7f27067906c872c41f68e45d1905a104c64d9251519d783814fb2c6eff1fc9a723f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\python3.dll
Filesize
58KB

MD5
c4fa8029ed8439203120d3e774aadc01

SHA1
3ef5714d25ad62efdebb160f3cb93e136dd1f581

SHA256
962dcad9911d6959d7320b2214ade633b53e5555e66d7e82f3bbcc78e2148e0e

SHA512
7429e7463f38767a3627c5a75b16d8856281063fcec42f977d069445ffe56c3edc78142a95047617de5082dc7142858a837596ead5179a8e583545b7754933a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\python39.dll
Filesize
4.3MB

MD5
088904a7f5b53107db42e15827e3af98

SHA1
1768e7fb1685410e188f663f5b259710f597e543

SHA256
3761c232e151e9ceaf6c7d37b68da3df1962e3106e425cc3937d1f60170f3718

SHA512
c5edc25fd9a37673f769af1a1fd540b41e68351bc30b44bc83a1d0d4a8fb078888bbb31173a77ef47698631c9816bc05637b499c20d63e3d65457d9aa4bc2c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\select.pyd
Filesize
28KB

MD5
1e74ba085eb08a3affe5f5fabaaa6caf

SHA1
46e3efbd21dc0a2c7650ed949bc7e7e91b37efea

SHA256
36be2a85c1989dc171bde986950b81d3e9cda21f1d1bf2f81f7fe15ffefad511

SHA512
517a109490c3724a630a85471e28ff3c4f96c9810b96f5baa9b66473ef59ed4055e331c8da064a53bc12892fb674f417b3485e96f16015e1437cbd2ca67e87d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\selenium\webdriver\remote\getAttribute.js
Filesize
6KB

MD5
e6b3169414f3b9c47a9b826bb71a0337

SHA1
d22278a492d03863ce51569482dcfb30a0b006e9

SHA256
1198a9999dde24dd2da0d9877cc2e8f8dd70bfdaeee0b5012b24e5474b50e88c

SHA512
bf9e48caf03e19274b5020d5eae6a3d6d75b611676f307346cf28117da71410e6022a72da0f82a8f2c6ca06a2c503c8e6528c6a164c4fb488c5195d6aa3e3819

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\ucrtbase.dll
Filesize
1011KB

MD5
42573631d628bcbb003aff58813af95e

SHA1
9644917ed8d1b2a4dae73a68de89bec7de0321ce

SHA256
e188604616dccd066abd675883c8c86a4d2bd6a987c57667de6a644652b63443

SHA512
d5311a560109feca3f22f5df96f203c644926c27f456902c9d7f062da68bcc0dd5735f6872e765cdfa5119374eb5aa40883809a4608b7a3c21e798a38a3fa680

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\unicodedata.pyd
Filesize
1.1MB

MD5
06092dbacf3b009ad11376dfc5ed2acd

SHA1
2597d23469d65936fca20906ef41e1f999944210

SHA256
2f9e76a8148029ade3e8f61d014d79a9b1c154cc9b5d6608f50fc478170ff676

SHA512
c782ebb9139a6b358d6e55cca3f018e421747984245fafbd150696b152763f2a6d08a21a0185f49df867dfabf5f066631a55f324abfed4e8bece8f85ead81c85

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\yarl\_quoting_c.cp39-win_amd64.pyd
Filesize
83KB

MD5
a1d5df5f4e1e7d3a77ee882c5cca2e5e

SHA1
dee100d806a7f5217eaf7a8fb9975aa60ba44f7d

SHA256
1fe80a77cba86672fb9553f28b1aa42becabf48cb7d12d028dffc0996cba3702

SHA512
d10b7a9f9b00bb69bcde4ccac3f5bcc1285aeb7ddcb6c42e799f2601f33f88899dbf25c747d693f582d995d399d3495e8d5e8e926d5a843b6b09462a1b6a538c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs-1.js
Filesize
7KB

MD5
075d943ee4aa01d1b181335e40d13500

SHA1
00570a30fb10bf34c77c71ce903a7093c489884e

SHA256
4d4cbca58c4bead796405125106c66f0f297da1dc8f4e74db9889c1b28f45a28

SHA512
a7bda31c25f95fa0f722eaea94a721447484cdb945390f720b4e0688cde59bc637e3f2324329cc9e3d7ff7966c8090586070c74a7ef927dc48d1608058d557f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs.js
Filesize
6KB

MD5
8b71bc1745f74721422e34c89a4d2b1a

SHA1
843b25144f0d3058c4f894b0a76c91ab64f98579

SHA256
cbf7537c0d8947a74ebe796d8e32c44d5ab7307b52ad2ff9970aa790fc53df5e

SHA512
ac46d3a5f912c95eccdae1bce96b0c24faa91a71e4f992b531395a55f15b579abbfae2e20063e4ab1c3a293e8c6ca8897860db4a24578ff0f65d4fc11c714d53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs.js
Filesize
6KB

MD5
e4874627348f49d13778292082067208

SHA1
2a0e1eac572d2301e61d7fe8abd73e1eda56f1dd

SHA256
732fefa0ffb73f81dd1cfaf04b447a74e6a7f0f50f9d2011c3f5d2006ff5efe2

SHA512
eee99827401923c1dca07384afd5bb12d0b7ddb1db81376f5b67582628191b262f000ae3567b46d911f19ba750feb2ed3e0660939fc69c0cc084fa248c2e6cde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\prefs.js
Filesize
6KB

MD5
e77a83a1c25c58ffb648d1d625e12a10

SHA1
16915be2a050bc026416d8f98c396d949b046792

SHA256
13abd32c0a8065ea5e3ed8d5d9131301859c2f25ef2caf1b030605fb02297793

SHA512
29badfc2cb4b334692b96b9fab78131025bd5316fe71e27f6760981d43501d94081949376f3b59519ba7666c402d8f7282925187a699a9046b64d7219c575df7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rfj66zji.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
0e62fddc9ffa173ac53730c32bfedb56

SHA1
e00216e6849add05d1c1e2a8ad4afa8544acd0c2

SHA256
63e2ed3ba8856d9b4b021f5d4b3a7ba9c3972a7b3ada1b1d4574105d2a46e26a

SHA512
e0b7fb67037fd0b0d982713cb291d7d52b852ed022e27aa23f642efa5bf81a3b13aaf637469a29e543f1ce53eb03133fd080faf0e90efaab8b9c1a0b1c3bc99e

Download Submit
C:\Users\Admin\Downloads\HazardNuker.exe
Filesize
14.7MB

MD5
cf1e18b261593bd0b32a79e7d1546512

SHA1
0fe904a839aa5363222fae572f47f1723728a2b1

SHA256
2db8037dc457b02541924d73417dd69efa475bad68cc581f56c9cf31c7615361

SHA512
00e17bb8ee1542de5fd417f4afd7ef254be5ed99f69d5043a152636343711e2d0b3ddddc646e2b8bb3a8db988ea136a1757e4ef15ef3b237a85541f2c7a42349

Download Submit