Analysis

  • max time kernel
    1574s
  • max time network
    1571s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27-03-2024 13:20

General

  • Target

    Vanta Cheats [CRACKED]/Vanta.exe

  • Size

    78KB

  • MD5

    da5a7eb9e117cafa2d9137d1723a33dd

  • SHA1

    e35b1f51e72ef5d2f8290ac7d0ec87cc15235899

  • SHA256

    780815f7b1197e89dd796f625782af49026bc7691fd686eb25f3f9ab2002579a

  • SHA512

    4686f8d49b4ca27c1ca4bccdfaad7c8369e475cdc1b59a9ac5af10dc5382d449c60daa993d9311dd2e70a3ee535449705665699691a3bd8bafd37ebd075fd7af

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+cPIC:5Zv5PDwbjNrmAE+QIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTE5NzkyMTQ2MDE3NDQ2NzE1Mg.G10JF-.bNlt2_PKNFUbG2pRSlM23bcrdFtXhvMU_yl7hY

  • server_id

    1052631250457866370

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Vanta Cheats [CRACKED]\Vanta.exe
    "C:\Users\Admin\AppData\Local\Temp\Vanta Cheats [CRACKED]\Vanta.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3228
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3988
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:484
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.0.1344813560\1936722891" -parentBuildID 20221007134813 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdd07293-5210-4236-bba7-187c01729540} 484 "\\.\pipe\gecko-crash-server-pipe.484" 1840 239c84cf258 gpu
        3⤵
          PID:2720
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.1.1691921396\60127785" -parentBuildID 20221007134813 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7356c690-0b36-406c-8369-623215de4d6b} 484 "\\.\pipe\gecko-crash-server-pipe.484" 2216 239bc372b58 socket
          3⤵
            PID:4912
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.2.419997792\1282954473" -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 2716 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {feca62e6-7bbc-4b8c-9325-3bd06c82a468} 484 "\\.\pipe\gecko-crash-server-pipe.484" 3236 239cd719458 tab
            3⤵
              PID:2688
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.3.1013595318\1638116716" -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 3456 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cda2ff07-02ad-4884-b278-8b8d4201864d} 484 "\\.\pipe\gecko-crash-server-pipe.484" 3392 239bc361f58 tab
              3⤵
                PID:4820
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.4.5440027\1986016197" -childID 3 -isForBrowser -prefsHandle 4508 -prefMapHandle 4504 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb641de0-8751-4e2b-9a71-07c4daf78b1f} 484 "\\.\pipe\gecko-crash-server-pipe.484" 4520 239cf363158 tab
                3⤵
                  PID:3472
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.5.840076428\1676323288" -childID 4 -isForBrowser -prefsHandle 4872 -prefMapHandle 4868 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {983ea296-7a64-4d8d-97f4-f333a0da9c0d} 484 "\\.\pipe\gecko-crash-server-pipe.484" 4884 239cf735858 tab
                  3⤵
                    PID:2924
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.6.1400244823\958652288" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fce7baa-0917-4b6d-8f33-3582cf15ea88} 484 "\\.\pipe\gecko-crash-server-pipe.484" 5004 239cf736158 tab
                    3⤵
                      PID:1644
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.7.330271019\1278950823" -childID 6 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cbc8f7b-af2d-47b4-ab15-65e5546d1a04} 484 "\\.\pipe\gecko-crash-server-pipe.484" 5292 239cf737058 tab
                      3⤵
                        PID:2268
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.8.1943304578\1516685447" -parentBuildID 20221007134813 -prefsHandle 5856 -prefMapHandle 5804 -prefsLen 26283 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0917a519-8af2-4376-956e-0df755c9885b} 484 "\\.\pipe\gecko-crash-server-pipe.484" 5864 239d1bbbd58 rdd
                        3⤵
                          PID:240
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.9.716653566\1267041001" -childID 7 -isForBrowser -prefsHandle 5864 -prefMapHandle 5888 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82184110-77c1-4779-867b-dbd3dea99ebb} 484 "\\.\pipe\gecko-crash-server-pipe.484" 5976 239ca7ad258 tab
                          3⤵
                            PID:3076
                      • C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        1⤵
                          PID:3840
                        • C:\Users\Admin\AppData\Local\Temp\Temp1_Vanta CRACKED.zip\Vanta Cheats [CRACKED]\Vanta.exe
                          "C:\Users\Admin\AppData\Local\Temp\Temp1_Vanta CRACKED.zip\Vanta Cheats [CRACKED]\Vanta.exe"
                          1⤵
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1404

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er0iywxg.default-release\cache2\doomed\9905

                          Filesize

                          9KB

                          MD5

                          d28be4a524e2d846c3edce97ca0db9c8

                          SHA1

                          32ea7cf190e761a4787d42e316d585b00329f3ce

                          SHA256

                          f98c88d5ccc659d74076e369b63676fca3652e371f8071d7bd776a2d72dbfa73

                          SHA512

                          07658017c2b63f35cf225aec4b4a5bde3fbe397b60383c0ff90cf5de566e0aca9bd6d437b573dbc158d51db4bbb3dbd5d4dc5326777ea94be8f0b9c0115dd8b1

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                          Filesize

                          442KB

                          MD5

                          85430baed3398695717b0263807cf97c

                          SHA1

                          fffbee923cea216f50fce5d54219a188a5100f41

                          SHA256

                          a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                          SHA512

                          06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                          Filesize

                          5.2MB

                          MD5

                          bf454d118ed20b7a1ca2001fb765c9a9

                          SHA1

                          0176a2ebd4c6fbe81a35da2118fb2e71b44999a9

                          SHA256

                          f5ed3e0de585f71b440a15deac3c79963d00a8496b52c1aafd9c51281c076a67

                          SHA512

                          830ee136d7d2ce7edda82bb991f2b18dc2904bcb77a4e3aa3936cfa8d3084768332cb1393f9cc0325f938d8660e223bd0eedce06dd36cdcf1c6ff98c604322da

                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                          Filesize

                          12KB

                          MD5

                          3c0cfc86fa72f592d201418a7e516d30

                          SHA1

                          96a96c982fd298192756c0a67960132072ff57f2

                          SHA256

                          135cd32d7f3200e4e3c3314b46c735386857610840ac359ab61f2e7829f751e9

                          SHA512

                          cbf794754811feef366330eb162acaee240d7967d60288fb0c6e1ceaaee0329ce6946e17096adab922fba9aa5da2216e7dac3c6600684901950a02b84a62ee16

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\bookmarkbackups\bookmarks-2024-03-27_11_-n8sRi0ABVGUJp96U4MVYw==.jsonlz4

                          Filesize

                          939B

                          MD5

                          5a470786d1b6aaa771c2096b20e85881

                          SHA1

                          07e53ff9344d75c93645a5e2202ae7313a3131dd

                          SHA256

                          5defaa774860089003b434626b95a55acfea9595300457ee3eb75173dcfca541

                          SHA512

                          6e420a4f9337939705f2348638900c99907b5a79980f4697aff7e71f419ba020d6d5441ba897194c44761ecd29dd8a63acfcb4d0f540454d9c970534076a495e

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\broadcast-listeners.json

                          Filesize

                          204B

                          MD5

                          72c95709e1a3b27919e13d28bbe8e8a2

                          SHA1

                          00892decbee63d627057730bfc0c6a4f13099ee4

                          SHA256

                          9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                          SHA512

                          613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\db\data.safe.bin

                          Filesize

                          2KB

                          MD5

                          9ee32cbed96034277ee4dfa032b416ae

                          SHA1

                          fe67c3f5afe95cb7ee353ac667ec939780575765

                          SHA256

                          899f45c93430e1780565e1bc2727354233136f1a759388a4c9f059e1821e50ac

                          SHA512

                          0e4c03b6cfdf996d117e8a75507cfcddfb107b3e036a22a41f9f91925aa94edd9fd09dd4d4b74d3d466e0300d030c38a8f0038484260db65807a328782a1fa0e

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\pending_pings\5dad725b-f436-4fa0-801d-c4250f2cb142

                          Filesize

                          746B

                          MD5

                          26f1b1edfb898e317be07c26fc31d8a9

                          SHA1

                          d744d1b07f9572957c96d5ff405728879497ce6b

                          SHA256

                          f6569b445ac71b65e9ad2618edadd5eeeb040536a5a40c711df9f5f658729a51

                          SHA512

                          5f02bcf65f321928987091d9b2a63a1c7386ea5739eaa3e429a6f45d4a70a4ba3aa90ae1bf164178d3c2c9d9072270b79277d047717dc00b9e50555962e90b65

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\pending_pings\72c162f9-978f-4ee1-8448-ae7e1d582580

                          Filesize

                          12KB

                          MD5

                          b925f8b7539d13c11e8740619d20b16b

                          SHA1

                          76a14e3dc5d3cb8f08ef72e2746aaecee12b70bc

                          SHA256

                          e8b1ceae0f187b4a228cce5ba8a689c7031a4c80cac72469078c3b97154dd824

                          SHA512

                          917e2c128c701c90eb3d20211821dfbe3695cfa4b81fd1f8d11f7ade0b99687865f404672cc70d40361ac3f87adff33c75225aaee18bc66df41541eff2db10e6

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                          Filesize

                          997KB

                          MD5

                          fe3355639648c417e8307c6d051e3e37

                          SHA1

                          f54602d4b4778da21bc97c7238fc66aa68c8ee34

                          SHA256

                          1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                          SHA512

                          8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                          Filesize

                          116B

                          MD5

                          3d33cdc0b3d281e67dd52e14435dd04f

                          SHA1

                          4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                          SHA256

                          f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                          SHA512

                          a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                          Filesize

                          479B

                          MD5

                          49ddb419d96dceb9069018535fb2e2fc

                          SHA1

                          62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                          SHA256

                          2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                          SHA512

                          48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                          Filesize

                          372B

                          MD5

                          8be33af717bb1b67fbd61c3f4b807e9e

                          SHA1

                          7cf17656d174d951957ff36810e874a134dd49e0

                          SHA256

                          e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                          SHA512

                          6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                          Filesize

                          4.6MB

                          MD5

                          25043767dbaa0eab20a4075620c7933d

                          SHA1

                          a88c398c6fee23cb721b18a78ec6206500f78312

                          SHA256

                          3eb0ed4bdd88f41967edf09dc6289e01854ef0370ae718eb3c79ad024c82f508

                          SHA512

                          463150b3ad11853e8e97257a8e8a5c4e0e37fcb54b1a86e8b258741fc094959ba68d7e96dc6c24cfb922d5258ee31d9edf2949ac222071581f78489dca36ea55

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                          Filesize

                          1KB

                          MD5

                          688bed3676d2104e7f17ae1cd2c59404

                          SHA1

                          952b2cdf783ac72fcb98338723e9afd38d47ad8e

                          SHA256

                          33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                          SHA512

                          7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                          Filesize

                          1KB

                          MD5

                          937326fead5fd401f6cca9118bd9ade9

                          SHA1

                          4526a57d4ae14ed29b37632c72aef3c408189d91

                          SHA256

                          68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                          SHA512

                          b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js

                          Filesize

                          7KB

                          MD5

                          9c8dcbb2bc411ebb1fbd39d4b77c10c9

                          SHA1

                          f5a4302ae7d6ec20cdadeded5b84701ab241f595

                          SHA256

                          b48fc3321ca87775545a162ad3248947027f1ddba8fbfce873bcb4b03d922463

                          SHA512

                          d5236ebd57920376174e02c7e43b67afb0d9d44ac2aaeb9fabe7c887da40386a135a63dbfe86185988619c99e6ae10b835025bcfd2bb7395bbf7b9d75ae898ec

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js

                          Filesize

                          6KB

                          MD5

                          351354a233e3d5638f91344e19699e8b

                          SHA1

                          bc8b82aaca2741b922c22d16f5ffa61fd5b5a4e8

                          SHA256

                          ab69588f87c263f2500bfb241902a98ae244a24d5bbf8c531a8a739453de11d5

                          SHA512

                          e7cf61fe0ec884f6b2b54354ac40c183ad23a30b0bbbeda2f73367f9dd967dada184c022ee996236db4505405c6023781540a47e4123abf00899a3dd47feb48c

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js

                          Filesize

                          6KB

                          MD5

                          ee24c1d98bb702f8e0b53a4316f6d4b4

                          SHA1

                          bb8e6c31d0de0b3af6cbed6da554641c5c10bbe4

                          SHA256

                          725979dfeb87d3e22a16cf4cec27dcd70e41c6bfb93d0de1e4ec7a76a1b741f0

                          SHA512

                          bbb09d1838e0c0e313eee87f80ea291ea424d84ca09863521a073f9100c38874eb275c0cad79f6ded573bcd5d37dba4212b36fbccfde6a1247ca060c87be3f1d

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js

                          Filesize

                          6KB

                          MD5

                          7fda67cb2cecf0acdac1d5954862c5a8

                          SHA1

                          4ef6977e567f5b56de566bf4b9ff5ef588c528cc

                          SHA256

                          ce8bc44d5f0498d082524844ba6f176d05c184109491a7ee2c32c7f81ca8a556

                          SHA512

                          2ca318870a3b4e077bfa39306bd063409c99bfdba5710490abdac9bb689d8fd2f9ccbc473349571c520de64e10c4d378cb9fb250b896259419f8781e6fc5c964

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js

                          Filesize

                          7KB

                          MD5

                          84dd774b76167effcdd16ac33fc10c82

                          SHA1

                          d9cc1ea5ac164db984108835ed7bd3cb3254f1d4

                          SHA256

                          f4c9439567bd2e6cb17aa564cef131bc22f2aa687b691e8cd62c3eccc3cdce1e

                          SHA512

                          364328e89e43ba33e9cf26f6fc9aef7f4151596977763ac4df1d1292ee3e44573bcaee7f26526ac6e30213f20dd00c77c7818f1e7b36a2d202f0db25c14b5a3b

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionCheckpoints.json

                          Filesize

                          90B

                          MD5

                          c4ab2ee59ca41b6d6a6ea911f35bdc00

                          SHA1

                          5942cd6505fc8a9daba403b082067e1cdefdfbc4

                          SHA256

                          00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                          SHA512

                          71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

                          Filesize

                          3KB

                          MD5

                          a8ad886d730239a827b5e355331f248a

                          SHA1

                          5392bf9be2937725396e65945bae76b065f188e8

                          SHA256

                          a1abdcc314648f660c4ca9fd7018d4595582c878fabfd15f0113b6f354be2f79

                          SHA512

                          33aad90d2d90285e787be272c8f47f4086eaf7b8a993124100ec0af4e927c02387e2696b6f54f5dbb32f3db1c7e0d0f184e34fc6ccd81aab9f72b9e2d1d1c756

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

                          Filesize

                          3KB

                          MD5

                          3dc1cb44eb20adc8ca5c034307db73ef

                          SHA1

                          313465784a18880d1a4e37c1fe7fa80114ab6f86

                          SHA256

                          74be2d595e1f751b7c12bf72efaf9d8129d91a204ee53c43991838aa8899fa53

                          SHA512

                          e497221ffb45217b0ce79636f3f32c2cd869f97acf88cc7ae8b7eb6d4889a3f858da6d5fc2d39fd9c377a72380ff325532fa0dd931aa90b26b658c314fcf5971

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

                          Filesize

                          3KB

                          MD5

                          b2e12368e8f517861704724ee28cf2ff

                          SHA1

                          f0a6eb1f837504336ec55766febfeb7f1ff5017e

                          SHA256

                          0cb6c0dcb846c6e0f91af7576c4d10b9eba1067c5adff5cf9ddde46e53abf741

                          SHA512

                          21d3315bce5643195429607a29ce3ae44ebef41ed6cd3b6bdfd865661917644975670a7aabc3d8b4224c44c45719d48bda8dafc9efe78ef62c1529dd95bfcbb5

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

                          Filesize

                          1KB

                          MD5

                          b0c7856be5cf3b5c5c5c565b68157240

                          SHA1

                          174152d5744e035593edbb68c39a2c6ba4c03e23

                          SHA256

                          8258bcaebb4f8f91e24c67eb2ea915067f101bae649371290de67589273f176f

                          SHA512

                          7235cd7dbea830a99d54e3ef9804fc2058f0e5b4d0377c7852f38509a0d4bba7e8ec24159ec52121787c0d3f0ee73c6d59c97ccf568df225af479a09b8d10181

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4

                          Filesize

                          3KB

                          MD5

                          b0d78dcb948ee5be431263ed95386b42

                          SHA1

                          86a1eca3348dd6455a23833122aa36551c8596f2

                          SHA256

                          48ea331a9e0b74f9907635e8493af8921b9fbca9581c35ad9f2ea1ab7e5386a8

                          SHA512

                          e5a34f35671a3d765b4a5d33dbf267d9fea54c0d074cc3ee4b0a16fa622d9abcb38dcd6c9fb48c6a2e091815254736d4d404725ea41982fa082b3f8a4558e3a9

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                          Filesize

                          184KB

                          MD5

                          fa3bbedb9bd845c908af1568d684af02

                          SHA1

                          1d0c43b854ea5268c1a907c6e61895a9dff86b8b

                          SHA256

                          b0df6aa1dc71e384fb27c7a545e5a3d240e9c3f82a3d1fd47255240a19b3000a

                          SHA512

                          ed10de8982456b73c2ce4d0656788834028d11c7cff77ac599362f989b21724eb12c467048405a5fcb42b5737b79e1f8d9e93b3cf4f84b2cf74b17221adfd7d6

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\targeting.snapshot.json

                          Filesize

                          3KB

                          MD5

                          0b48c1fa894251f05a3bae48df685475

                          SHA1

                          1cfac22ef9368562cee47636c04aa9cf9c9d9852

                          SHA256

                          c40f3060796c98f51864260589cf7f539fb716385b1e28b4cae04398b69c9a1e

                          SHA512

                          c2da621d8dae3715717850d0918e4e9ef32c4a82f5fd3bd3fa7c6f080cf953084b76dde8c63a2cd9b013ab8adcd2d7649731682ee547a9b96e23c79606ef4332

                        • C:\Users\Admin\Downloads\Vanta-CRACKED-main.qEjFiURQ.zip.part

                          Filesize

                          29KB

                          MD5

                          63bbf7f0c71396681ae29fba310134ba

                          SHA1

                          6dabd445852bb791e9f72724cbd6cca23ce5c8a3

                          SHA256

                          1d461f91cf19f9360ec3649694f2a08299907757a9fc592043b717d51086a934

                          SHA512

                          f430fc45899343ceab8f79ce3e47b70c23bfa55d054e429487a7e38230d9aa5e43e6b6efff9f767e6f403d4e9285e477e154a1c7febbdd703d401914bfef6630

                        • memory/1404-459-0x0000028762ED0000-0x0000028762EE0000-memory.dmp

                          Filesize

                          64KB

                        • memory/1404-441-0x00007FF8C4F30000-0x00007FF8C59F2000-memory.dmp

                          Filesize

                          10.8MB

                        • memory/1404-442-0x0000028762ED0000-0x0000028762EE0000-memory.dmp

                          Filesize

                          64KB

                        • memory/1404-458-0x00007FF8C4F30000-0x00007FF8C59F2000-memory.dmp

                          Filesize

                          10.8MB

                        • memory/3228-0-0x000002A42BB10000-0x000002A42BB28000-memory.dmp

                          Filesize

                          96KB

                        • memory/3228-4-0x000002A4474D0000-0x000002A4479F8000-memory.dmp

                          Filesize

                          5.2MB

                        • memory/3228-3-0x000002A42BF40000-0x000002A42BF50000-memory.dmp

                          Filesize

                          64KB

                        • memory/3228-5-0x00007FF8C4F30000-0x00007FF8C59F2000-memory.dmp

                          Filesize

                          10.8MB

                        • memory/3228-6-0x000002A42BF40000-0x000002A42BF50000-memory.dmp

                          Filesize

                          64KB

                        • memory/3228-2-0x00007FF8C4F30000-0x00007FF8C59F2000-memory.dmp

                          Filesize

                          10.8MB

                        • memory/3228-1-0x000002A446250000-0x000002A446412000-memory.dmp

                          Filesize

                          1.8MB