discordrat | b8742c104121b89b3c4500e9eb4ba5da82f3c94b33f7499dd5631391a94e1ca5

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
02-03-2024 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Oxygen/OXYGEN.exe
Size

78KB
MD5

da5a7eb9e117cafa2d9137d1723a33dd
SHA1

e35b1f51e72ef5d2f8290ac7d0ec87cc15235899
SHA256

780815f7b1197e89dd796f625782af49026bc7691fd686eb25f3f9ab2002579a
SHA512

4686f8d49b4ca27c1ca4bccdfaad7c8369e475cdc1b59a9ac5af10dc5382d449c60daa993d9311dd2e70a3ee535449705665699691a3bd8bafd37ebd075fd7af
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+cPIC:5Zv5PDwbjNrmAE+QIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5NzkyMTQ2MDE3NDQ2NzE1Mg.G10JF-.bNlt2_PKNFUbG2pRSlM23bcrdFtXhvMU_yl7hY
server_id
1052631250457866370

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	discord.com
57	discord.com
59	discord.com

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\oxygen_v2-main.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	2976	OXYGEN.exe
Token: SeDebugPrivilege	2184	firefox.exe
Token: SeDebugPrivilege	2184	firefox.exe
Token: SeDebugPrivilege	2184	firefox.exe
Token: SeDebugPrivilege	4532	oxygen.exe
Token: SeDebugPrivilege	2184	firefox.exe
Token: SeDebugPrivilege	2184	firefox.exe
Token: SeDebugPrivilege	2184	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe
2184	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 2184	1344	firefox.exe	83
PID 1344 wrote to memory of 2184	1344	firefox.exe	83
PID 1344 wrote to memory of 2184	1344	firefox.exe	83
PID 1344 wrote to memory of 2184	1344	firefox.exe	83
PID 1344 wrote to memory of 2184	1344	firefox.exe	83
PID 1344 wrote to memory of 2184	1344	firefox.exe	83
PID 1344 wrote to memory of 2184	1344	firefox.exe	83
PID 1344 wrote to memory of 2184	1344	firefox.exe	83
PID 1344 wrote to memory of 2184	1344	firefox.exe	83
PID 1344 wrote to memory of 2184	1344	firefox.exe	83
PID 1344 wrote to memory of 2184	1344	firefox.exe	83
PID 2184 wrote to memory of 2728	2184	firefox.exe	84
PID 2184 wrote to memory of 2728	2184	firefox.exe	84
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4872	2184	firefox.exe	85
PID 2184 wrote to memory of 4116	2184	firefox.exe	86
PID 2184 wrote to memory of 4116	2184	firefox.exe	86
PID 2184 wrote to memory of 4116	2184	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Oxygen\OXYGEN.exe
"C:\Users\Admin\AppData\Local\Temp\Oxygen\OXYGEN.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.0.2034734359\1459643817" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1820 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {560bbc75-cda3-4924-a869-76d8bb8b2abd} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 1904 194743d9958 gpu
    3⤵
    PID:2728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.1.1626141200\1687982684" -parentBuildID 20221007134813 -prefsHandle 2240 -prefMapHandle 2236 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56edf83e-1431-4cec-b99a-c8e2aec88f36} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 2260 194683e6b58 socket
    3⤵
    PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.2.1469110806\713451075" -childID 1 -isForBrowser -prefsHandle 3116 -prefMapHandle 3092 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2db49c38-e2e5-499e-b0d7-f557bec85ea6} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 2972 194796a0758 tab
    3⤵
    PID:4116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.3.1792078304\1450726433" -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 3432 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efaff401-1f89-4081-b7ea-8ba541b85eac} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 3448 19476fbc958 tab
    3⤵
    PID:4508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.4.2131770972\1393716052" -childID 3 -isForBrowser -prefsHandle 4396 -prefMapHandle 4392 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa64f8ad-4c79-4b88-8c9f-11df9474fb84} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4376 1947b1bbb58 tab
    3⤵
    PID:4180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.5.1770329192\136673578" -childID 4 -isForBrowser -prefsHandle 5064 -prefMapHandle 4984 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0962b6b2-9e1a-429f-913b-0070a627750b} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 5060 1947b1bdc58 tab
    3⤵
    PID:2176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.6.1553153162\438058132" -childID 5 -isForBrowser -prefsHandle 5296 -prefMapHandle 5300 -prefsLen 26202 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4535d6a4-888b-4783-95cd-3739197689b2} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 5260 19468366e58 tab
    3⤵
    PID:1136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.7.1755372780\1853148542" -childID 6 -isForBrowser -prefsHandle 5476 -prefMapHandle 5472 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eabbb3a2-f472-41a9-b89e-3aac9106d304} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 5484 1947b8c0a58 tab
    3⤵
    PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.8.1076631005\2106606072" -childID 7 -isForBrowser -prefsHandle 5856 -prefMapHandle 5852 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e2574bc-1eab-4efc-a152-20b830ebf1ee} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 5828 1947dc40e58 tab
    3⤵
    PID:2284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.9.416138661\1393812382" -childID 8 -isForBrowser -prefsHandle 4944 -prefMapHandle 4952 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae0c651b-5053-49ec-b08a-7816cc9750f7} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4980 1947e57bb58 tab
    3⤵
    PID:2316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.10.306593256\1179297207" -childID 9 -isForBrowser -prefsHandle 4892 -prefMapHandle 4176 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aef670b-fd48-45ae-b085-a45182b08e0e} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 4088 1947d7e1f58 tab
    3⤵
    PID:3768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2184.11.13039870\580887633" -childID 10 -isForBrowser -prefsHandle 5560 -prefMapHandle 5556 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {637abacb-0a81-4f56-8a03-909e0bcec32a} 2184 "\\.\pipe\gecko-crash-server-pipe.2184" 5548 1946832fc58 tab
    3⤵
    PID:2168

C:\Users\Admin\AppData\Local\Temp\Temp1_OXYGEN v2.zip\oxygen.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_OXYGEN v2.zip\oxygen.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\doomed\12724

Filesize
9KB

MD5
faeb928c4f329ca15cbfdbae1457ece4

SHA1
d7a698271534939600fd1d0b0dc104efc01c202c

SHA256
686a217df8eb86551e7b0daa69aca856caff40a1fc4952e11c7ab301636d232a

SHA512
bc89b3c7deee217aba40abd108942c46acfdd0170e8f53207eea213ee73879602633f4896dfb5ec04d14d0523a1950bf2f6010658b9de79d3dcf868df50a1b04

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\doomed\31271

Filesize
15KB

MD5
db67f763efa5305c4331f8f9d2051488

SHA1
d7643ef8cb7a4d5042977a4c74c0fb4f53bf6364

SHA256
9e3d3b1ae6fbd1a1b804899d35b19c703bd7fa99b4c78fe98fee79ada6f13e52

SHA512
e2f1f14127fb642e0e7392bbfbff39b91a5bcd9fd4e937119a90201c758c4a90ac298019c86299348fa7f8fc29e910b5db3366cd977eb6d3590cc0c105409d13

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\doomed\4514

Filesize
15KB

MD5
042d83e89c8ed47ab2c132eeb3f9406b

SHA1
e48bd0d0c141b41013e3f1cb8a387b86aaf8debb

SHA256
5c973ff0623098359d2baab37758ffc8cdcafc835c21901dbb8716960001e244

SHA512
6d2ee1e5720f84443859724bc936b746f62e73c1f65f09a191ba4499bf9993192ec1c2e44bdbf7afb2737dd2f4a0d5f3445b3892975ad9fcd87e289901880bcd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\doomed\9745

Filesize
21KB

MD5
4ec8458edd10a3dce706d281ee0e9731

SHA1
c4829c7c4581b21bc79fc2b059dee21b59083f4a

SHA256
46151dbdfb6daac0127135908d5e6ae8b2af398dd4ac29f53e739997082e513e

SHA512
ce649b020bd4ad57d919f48912964605e968bf80c34614e4ff0b14b33218369108917732d9bd10ce34b252ae08b527c402d57f3322ae4c43a07330b3b752302d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\entries\0DE9FB5C7CA5471CF31BA52F40296DC937FAB323

Filesize
74KB

MD5
fe1b3132470a3dea8c561ab5a605b743

SHA1
0d6e1ba50adf98e8694a39a6c0cdbdc810246b96

SHA256
71418c615ba170aca58d772cca8b0a6569b2cb40ecf84a20b622efc908ac7c25

SHA512
e43f53a6731e78ae40281e4020b65da6293644f7df49c7c40616caa034d9de9a44ebef07f5da4a6c815000e6a1e866b13f11a74a752432c455299eeb5b63f8d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\entries\175FC1F27DF5030D57F8D0FF3A5E0CD7039CB332

Filesize
71KB

MD5
8f6edac3ac3a48ff5feebe700c63b42b

SHA1
fbc20260f503387f6858093a409a63187a836a33

SHA256
463a355355a8d66afc56a92bfc53754af11a0250ec23a8504ffd0c4f164477a7

SHA512
3b6f718f90d67c05b7ca914c8fc86b6b2cfcde283734e6af62a450c90f81f3bfe300ed824c6f8f76f45dda4ab89f47a80aa84769087b8febf23db19ecb5d24bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\entries\199E52068F7033FE649AA16C135F488334B5DCEB

Filesize
176KB

MD5
998da46d18ca40c192228cc84d7a4925

SHA1
bd090c19b7345b3e7e4f50d89357ac3d819bf6c2

SHA256
440f3cb63b147987324071697cdb2c74464e7fdf0c7408e0829f9663889f1633

SHA512
ec7a92c583090cb4eb43ff06168354cf60ba461d2483cbcbfd91514cce47423407d5915c5afb6d1722623f36fae038e652c30b666e94c0352482a8687ade52cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\entries\1FF4F1FD80623A3AEAABCD6503E241DC2F3E2291

Filesize
168KB

MD5
0c2afac9a190b74cf1b5dfa0e49d4d4d

SHA1
dd59596b69c19c520ee4a36f39d310c02e96a0c0

SHA256
7a185b4573eab4eda5633cb162409bd36c2bc98aa59030c4520ffd7be5c438df

SHA512
66a4aeac4225cc56c71c06fe68fb0c2753b5f9e869367a942215ea9f8b0fa813356ed6ed3f85cef8be56072a51d6ca1b198a93a615d2982c7fc08712aec8f128

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\entries\4E0C28FF25B34AA6D81276C14EFAA147A7403E02

Filesize
57KB

MD5
b96f9766b7ee289e8af434358a99f961

SHA1
578275524f651b18c8212973810c5598f81ecb09

SHA256
1fb166ca5e2bac2c2404a549921ca8eeb58c9c505dda8844cfa2273d26a403df

SHA512
fc21bc457600f1b7fbeff61a13f8960e973114920f4de895901106159844e80c168f9556d8a7b8f8d8dbcc5839c44fdcd59fc62987534eeb05c67ac145b579dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\entries\61A78EA45604A0A23BECE0A69B0255A2DE19B805

Filesize
2.0MB

MD5
33bcec8105d2e541587ed0cdd2e187f0

SHA1
d888e998b87ef925034ac6cc448cf71be811c735

SHA256
fa801061c8154d727c7263b1e89809ebe9e6a5d5170fd17653ce9ccbf3b2ea44

SHA512
1ff508f55ec07d6159df7f6de1ca81ae6dbc46f7f5463ff70741e17cd75526aea4f0fc100f3921ececac008be3da3538a78415bb6c06f814a492d2e14538f73e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\entries\634E16DC7AF73196290DC0EEA7EC63EF6B95A520

Filesize
90KB

MD5
ca650f002fa7ed3fe4c26d7658631258

SHA1
09c041c017f83f4891f75e900df9ec9c5a60585d

SHA256
9b205d87645fa4dd407ed6f9804fc311d6ab0c4eb3aa5fb7fd8e232dd05d2589

SHA512
68b837dfabcfc87278c24667c2d97e7e158d0e5ff94213728d0ef30510023f14436d5db2a48d5749e4895edd41b1a3490747e02e37ab9b3a1a5579684cbe5a92

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\entries\9C2BBC7137762B4CA02A130A09A82F71C29112CE

Filesize
764KB

MD5
46edc09abf2f5c00c4efd2464cad6128

SHA1
5d84823ca1ae6163ac218519d53381ac8aad7854

SHA256
38935514344e74ecd4fcccc16f5c4f2d0a8142bf8b49592102caaa8431c81fc7

SHA512
25b4199d92dd3768fa94125bcf74e83f74e83e11d4a555ebca47e10eabbafaff81d56840da9853a00fe12fdd206ea140dcf55df21b6f7b055990a10f7931774d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\entries\D065B4720E3F7C1F9996D46DACC2E2E2914E57F8

Filesize
169KB

MD5
10faa82bc1d757bc22f6bc512c80accf

SHA1
68e9c488003da9feccf2012aa389eabe50d4fc15

SHA256
cf175f5473ea699d01c4ef1743c81249481b950a48f9e9f9d12a6ae0660a8766

SHA512
3beca809fdb82d25fc98e0ead2f46896c8b5dbcea7b42046a8297bc126a083635a367eaf2e36f15acee50ac706b360469212459f3f3681d0f05a8398df816800

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8ypl8oso.default-release\cache2\entries\EAF11CB14804463FABAD7F06CD2EAE0E7D79F08D

Filesize
122KB

MD5
2636a794c00d5b3db1c4fd9c415da895

SHA1
764d7130b51245bbd4d8e8e93c39610a1b36a65e

SHA256
a999c00e303acd93c396de42593105da4418028321511eec31923de0c7ad694c

SHA512
c3587ac716a58642118c2bbfa7a9f3b0ef09e1c3bea2f8a4738b5b111e1fc3377c3ceab26007f9bc4aeab3661924ab504d23026b896f2c93ea0dd5e4215e5237

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
3bf185dbeb0ca312b9ddf316ed386bff

SHA1
8c9b0168714e89cf8da50df61d96be56ae870968

SHA256
5dd2513d47744c7f682836635893c3f7b47905426b9e3e798ec96169ab2bf2fc

SHA512
5f3ca3c5b90247861e7a7739c59e630a6dc571a14ddedadde0813cf732e7d2fe8d15f47b7e73b59e1d7e807984fb1f925fd76cada6286e1b8bbd9a7787b3f321

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\datareporting\glean\pending_pings\74700afa-ddad-4ce1-8967-5ab73d8e8910

Filesize
10KB

MD5
20bfb8f09c0622d0bf62fcaf74ef018e

SHA1
c2e11da82bee7fc5bc7849ee00d07b8f0f1ea77f

SHA256
74fc0507385247cb5349534a8974ef005acc81db7bd5856c1f55f8c447cedb72

SHA512
5d231e25a14f712ec870bff3c0681839eee92c03889c4a0a5caa2362d45c7d5e6772ae9fcf91afef916bb4ba3e6aefbb53f62a3b7774e57c813a9f5d432e920c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\datareporting\glean\pending_pings\f20556f7-4fc1-4d3f-8dad-b6726ffc71a4

Filesize
746B

MD5
e1d15fbe91a3f56c54b2d81d0acc6a83

SHA1
9246befc63a30008201b980530b14c8fa03b470c

SHA256
927bd0103ef1b01a17ce566193906b495fa719ab7f20831bb587e7570f43d1aa

SHA512
a690741310920ffca2b94390fa7eaab997ec136913d189eb6712e5c9bdaa414769310bbe5baf55e7a8eff800f14e39596dfc4565585126b2c59346d0910d66b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\prefs-1.js

Filesize
6KB

MD5
412986e49369cc0571a2632c6dd23d48

SHA1
14b8a882b2788c7cdde50e8fa90154468a2a6537

SHA256
a653c895bbd117ebd9d4cd859c4af613a74114ab37bc932d12b391282dc39133

SHA512
04a019cedea31829bf7c1af6b0cf1dae288deec46eeb6f0faca9b962a83483c785b28b8557d95ddeb2df0d7e6376894a28719e86c5786a26c23623edddd9b1c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
1dca99fd2a0357d7a4d2b3de3ee408ce

SHA1
7db17461234d5adc806de761e991161e79e3c877

SHA256
31ff1956a16aa1e9cd1ad85ef3f7a767767c3879c61e92f56a7a03d9f4752899

SHA512
77f9cf4b3bb6f7fba73a3aaf4cdd371d2cc8ca4baea3d64e484d8809ad0ef84816cb02787721c8d08e4564f66650b50e9ebec3931954bf72bf64329a3348d31d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
a83ecf456e07aef643e433b551a17514

SHA1
b743d871b4fbc1d5e73bb8476c03ffacffb6bda7

SHA256
3b4a22c38240899865af543b7d6cfbde9497034486f21e263b95a18a142a58bd

SHA512
42d413b9e6bf8d9fa9f3db03351ebedc5f12abacfc98ff511dd2f4e691d271b846e110a62c007ab67cb71a1f0692c6219653f5218b8483f97ab32c3be625d9a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
71d2f29cc4e9284b1a1cd8173c9e1ef5

SHA1
854692a080ccaf83addfb08a0e1f1ddb2bebcdb1

SHA256
f7a325de7c2e513be8b8f28a4b752569da3b69081273b34ed551ec0f6a0d4452

SHA512
f84070f0c4352c1d5f7189ac20d6cca5bae5dd071d6a3ae866058dfe00e0628d6864a5663e9355efa589b7c0b9e2c1d2471e6316410f3471158af6ab50bbf293

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
423a7010cebcf75ea677f8db744be1aa

SHA1
f8006ca9c3d19a0cd7f599e923627910e3b1c7c5

SHA256
01d314aea05b5e70d8fc012c5893b5d64884ad359edfb400f466fa418d2b0be7

SHA512
eb102c1e44aeabe854eae1be3447fa0238c527cea3262d88adc87e6b747861266ae9942da527084797b9c4d88c8434c958589b60d2bf4a018950c0548cdc1001

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c598a652ff2ee090d31cadee6ecf1b91

SHA1
32b60e5ef2bd126bb18f67f04dcd8a089996179b

SHA256
b73c45730de657cf39023bf8c11d56ce5bdb9562191df2aa5a345c3149f8052a

SHA512
a18ec511b5e37c3eee0122f3082bb4814cf7f76f3cc1657be7aa15e3c65c402a4c44ad14edd0e321b2c9e93de4528abe7fb149ad9c766a6868794d446d7a612e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ypl8oso.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
47eba5c240efd8298a5a8da40302e4b1

SHA1
cac56365334a97c0125ab3bb3cd60c28b9c652ab

SHA256
035a006a046699227e7c68da39a59a1d53e9e365ba8b8d1b8f925c920a4ab9c0

SHA512
69355578ed0b814b31f27772068d3584a5789f82e3d52ecb671e8414866cc09a2f83e71e6694f99a9127171bf3a0395f4c44bdbf0d059c06db0d7cbee2923c8b

Download Submit
C:\Users\Admin\Downloads\oxygen_v2-main.-2rodMR5.zip.part

Filesize
29KB

MD5
dacca9a908d985a97c877932b34abca5

SHA1
35ed5e24789423615033fdf55c87f62beb1c317d

SHA256
e5cd7d10b8b16a565127c131044ac69682a25992395cba04ab310320bb44ba55

SHA512
8f550f2b555df815ade884cada7fc4a86adbc894a7204ef622f85676c540a8765efadd8477523afdadbcd08436c8208aba564ee574b25926c1ff824975d4258a

Download Submit
memory/2976-0-0x000002D1D1250000-0x000002D1D1268000-memory.dmp

Filesize
96KB

Download
memory/2976-4-0x000002D1ECBD0000-0x000002D1ED0F8000-memory.dmp

Filesize
5.2MB

Download
memory/2976-3-0x000002D1EB920000-0x000002D1EB930000-memory.dmp

Filesize
64KB

Download
memory/2976-2-0x00007FFEFC6A0000-0x00007FFEFD162000-memory.dmp

Filesize
10.8MB

Download
memory/2976-1-0x000002D1EB950000-0x000002D1EBB12000-memory.dmp

Filesize
1.8MB

Download
memory/2976-5-0x00007FFEFC6A0000-0x00007FFEFD162000-memory.dmp

Filesize
10.8MB

Download
memory/2976-6-0x000002D1EB920000-0x000002D1EB930000-memory.dmp

Filesize
64KB

Download
memory/4532-875-0x0000025CC1EC0000-0x0000025CC1ED8000-memory.dmp

Filesize
96KB

Download
memory/4532-876-0x00007FFEFC6A0000-0x00007FFEFD162000-memory.dmp

Filesize
10.8MB

Download
memory/4532-877-0x0000025CDC980000-0x0000025CDC990000-memory.dmp

Filesize
64KB

Download