Analysis Overview
SHA256
1d461f91cf19f9360ec3649694f2a08299907757a9fc592043b717d51086a934
Threat Level: Known bad
The file Vanta-CRACKED-main.zip was found to be: Known bad.
Malicious Activity Summary
Discordrat family
Discord RAT
Unsigned PE
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Checks processor information in registry
Modifies registry class
NTFS ADS
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-27 13:20
Signatures
Discordrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-27 13:20
Reported
2024-03-27 13:51
Platform
win11-20240221-en
Max time kernel
1574s
Max time network
1571s
Command Line
Signatures
Discord RAT
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Vanta-CRACKED-main.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Vanta Cheats [CRACKED]\Vanta.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_Vanta CRACKED.zip\Vanta Cheats [CRACKED]\Vanta.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Vanta Cheats [CRACKED]\Vanta.exe
"C:\Users\Admin\AppData\Local\Temp\Vanta Cheats [CRACKED]\Vanta.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.0.1344813560\1936722891" -parentBuildID 20221007134813 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdd07293-5210-4236-bba7-187c01729540} 484 "\\.\pipe\gecko-crash-server-pipe.484" 1840 239c84cf258 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.1.1691921396\60127785" -parentBuildID 20221007134813 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7356c690-0b36-406c-8369-623215de4d6b} 484 "\\.\pipe\gecko-crash-server-pipe.484" 2216 239bc372b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.2.419997792\1282954473" -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 2716 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {feca62e6-7bbc-4b8c-9325-3bd06c82a468} 484 "\\.\pipe\gecko-crash-server-pipe.484" 3236 239cd719458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.3.1013595318\1638116716" -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 3456 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cda2ff07-02ad-4884-b278-8b8d4201864d} 484 "\\.\pipe\gecko-crash-server-pipe.484" 3392 239bc361f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.4.5440027\1986016197" -childID 3 -isForBrowser -prefsHandle 4508 -prefMapHandle 4504 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb641de0-8751-4e2b-9a71-07c4daf78b1f} 484 "\\.\pipe\gecko-crash-server-pipe.484" 4520 239cf363158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.5.840076428\1676323288" -childID 4 -isForBrowser -prefsHandle 4872 -prefMapHandle 4868 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {983ea296-7a64-4d8d-97f4-f333a0da9c0d} 484 "\\.\pipe\gecko-crash-server-pipe.484" 4884 239cf735858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.6.1400244823\958652288" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fce7baa-0917-4b6d-8f33-3582cf15ea88} 484 "\\.\pipe\gecko-crash-server-pipe.484" 5004 239cf736158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.7.330271019\1278950823" -childID 6 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cbc8f7b-af2d-47b4-ab15-65e5546d1a04} 484 "\\.\pipe\gecko-crash-server-pipe.484" 5292 239cf737058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.8.1943304578\1516685447" -parentBuildID 20221007134813 -prefsHandle 5856 -prefMapHandle 5804 -prefsLen 26283 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0917a519-8af2-4376-956e-0df755c9885b} 484 "\\.\pipe\gecko-crash-server-pipe.484" 5864 239d1bbbd58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.9.716653566\1267041001" -childID 7 -isForBrowser -prefsHandle 5864 -prefMapHandle 5888 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82184110-77c1-4779-867b-dbd3dea99ebb} 484 "\\.\pipe\gecko-crash-server-pipe.484" 5976 239ca7ad258 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_Vanta CRACKED.zip\Vanta Cheats [CRACKED]\Vanta.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Vanta CRACKED.zip\Vanta Cheats [CRACKED]\Vanta.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.136.159.162.in-addr.arpa | udp |
| GB | 2.16.34.121:443 | tcp | |
| US | 20.189.173.2:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 92.123.128.139:443 | r.bing.com | tcp |
| GB | 92.123.128.139:443 | r.bing.com | tcp |
| GB | 92.123.128.139:443 | r.bing.com | tcp |
| GB | 92.123.128.139:443 | r.bing.com | tcp |
| GB | 92.123.128.139:443 | r.bing.com | tcp |
| GB | 92.123.128.139:443 | r.bing.com | tcp |
| GB | 92.123.128.139:443 | r.bing.com | tcp |
| GB | 92.123.128.139:443 | r.bing.com | tcp |
| GB | 92.123.128.139:443 | r.bing.com | tcp |
| GB | 92.123.128.139:443 | r.bing.com | tcp |
| N/A | 127.0.0.1:49780 | tcp | |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 44.239.148.246:443 | shavar.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| N/A | 127.0.0.1:49786 | tcp | |
| DE | 140.82.121.4:80 | github.com | tcp |
| DE | 140.82.121.4:80 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | glb-db52c2cf8be544.github.com | tcp |
| US | 140.82.113.22:443 | glb-db52c2cf8be544.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 10.121.82.140.in-addr.arpa | udp |
| US | 162.159.136.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 128.225.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.73:443 | r4---sn-aigl6ned.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.73:443 | r4.sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | 73.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 44.230.179.24:443 | locprod2-elb-us-west-2.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
memory/3228-0-0x000002A42BB10000-0x000002A42BB28000-memory.dmp
memory/3228-1-0x000002A446250000-0x000002A446412000-memory.dmp
memory/3228-2-0x00007FF8C4F30000-0x00007FF8C59F2000-memory.dmp
memory/3228-3-0x000002A42BF40000-0x000002A42BF50000-memory.dmp
memory/3228-4-0x000002A4474D0000-0x000002A4479F8000-memory.dmp
memory/3228-5-0x00007FF8C4F30000-0x00007FF8C59F2000-memory.dmp
memory/3228-6-0x000002A42BF40000-0x000002A42BF50000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\pending_pings\5dad725b-f436-4fa0-801d-c4250f2cb142
| MD5 | 26f1b1edfb898e317be07c26fc31d8a9 |
| SHA1 | d744d1b07f9572957c96d5ff405728879497ce6b |
| SHA256 | f6569b445ac71b65e9ad2618edadd5eeeb040536a5a40c711df9f5f658729a51 |
| SHA512 | 5f02bcf65f321928987091d9b2a63a1c7386ea5739eaa3e429a6f45d4a70a4ba3aa90ae1bf164178d3c2c9d9072270b79277d047717dc00b9e50555962e90b65 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\pending_pings\72c162f9-978f-4ee1-8448-ae7e1d582580
| MD5 | b925f8b7539d13c11e8740619d20b16b |
| SHA1 | 76a14e3dc5d3cb8f08ef72e2746aaecee12b70bc |
| SHA256 | e8b1ceae0f187b4a228cce5ba8a689c7031a4c80cac72469078c3b97154dd824 |
| SHA512 | 917e2c128c701c90eb3d20211821dfbe3695cfa4b81fd1f8d11f7ade0b99687865f404672cc70d40361ac3f87adff33c75225aaee18bc66df41541eff2db10e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 9ee32cbed96034277ee4dfa032b416ae |
| SHA1 | fe67c3f5afe95cb7ee353ac667ec939780575765 |
| SHA256 | 899f45c93430e1780565e1bc2727354233136f1a759388a4c9f059e1821e50ac |
| SHA512 | 0e4c03b6cfdf996d117e8a75507cfcddfb107b3e036a22a41f9f91925aa94edd9fd09dd4d4b74d3d466e0300d030c38a8f0038484260db65807a328782a1fa0e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js
| MD5 | 7fda67cb2cecf0acdac1d5954862c5a8 |
| SHA1 | 4ef6977e567f5b56de566bf4b9ff5ef588c528cc |
| SHA256 | ce8bc44d5f0498d082524844ba6f176d05c184109491a7ee2c32c7f81ca8a556 |
| SHA512 | 2ca318870a3b4e077bfa39306bd063409c99bfdba5710490abdac9bb689d8fd2f9ccbc473349571c520de64e10c4d378cb9fb250b896259419f8781e6fc5c964 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | fa3bbedb9bd845c908af1568d684af02 |
| SHA1 | 1d0c43b854ea5268c1a907c6e61895a9dff86b8b |
| SHA256 | b0df6aa1dc71e384fb27c7a545e5a3d240e9c3f82a3d1fd47255240a19b3000a |
| SHA512 | ed10de8982456b73c2ce4d0656788834028d11c7cff77ac599362f989b21724eb12c467048405a5fcb42b5737b79e1f8d9e93b3cf4f84b2cf74b17221adfd7d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b0c7856be5cf3b5c5c5c565b68157240 |
| SHA1 | 174152d5744e035593edbb68c39a2c6ba4c03e23 |
| SHA256 | 8258bcaebb4f8f91e24c67eb2ea915067f101bae649371290de67589273f176f |
| SHA512 | 7235cd7dbea830a99d54e3ef9804fc2058f0e5b4d0377c7852f38509a0d4bba7e8ec24159ec52121787c0d3f0ee73c6d59c97ccf568df225af479a09b8d10181 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js
| MD5 | 351354a233e3d5638f91344e19699e8b |
| SHA1 | bc8b82aaca2741b922c22d16f5ffa61fd5b5a4e8 |
| SHA256 | ab69588f87c263f2500bfb241902a98ae244a24d5bbf8c531a8a739453de11d5 |
| SHA512 | e7cf61fe0ec884f6b2b54354ac40c183ad23a30b0bbbeda2f73367f9dd967dada184c022ee996236db4505405c6023781540a47e4123abf00899a3dd47feb48c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a8ad886d730239a827b5e355331f248a |
| SHA1 | 5392bf9be2937725396e65945bae76b065f188e8 |
| SHA256 | a1abdcc314648f660c4ca9fd7018d4595582c878fabfd15f0113b6f354be2f79 |
| SHA512 | 33aad90d2d90285e787be272c8f47f4086eaf7b8a993124100ec0af4e927c02387e2696b6f54f5dbb32f3db1c7e0d0f184e34fc6ccd81aab9f72b9e2d1d1c756 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js
| MD5 | ee24c1d98bb702f8e0b53a4316f6d4b4 |
| SHA1 | bb8e6c31d0de0b3af6cbed6da554641c5c10bbe4 |
| SHA256 | 725979dfeb87d3e22a16cf4cec27dcd70e41c6bfb93d0de1e4ec7a76a1b741f0 |
| SHA512 | bbb09d1838e0c0e313eee87f80ea291ea424d84ca09863521a073f9100c38874eb275c0cad79f6ded573bcd5d37dba4212b36fbccfde6a1247ca060c87be3f1d |
C:\Users\Admin\Downloads\Vanta-CRACKED-main.qEjFiURQ.zip.part
| MD5 | 63bbf7f0c71396681ae29fba310134ba |
| SHA1 | 6dabd445852bb791e9f72724cbd6cca23ce5c8a3 |
| SHA256 | 1d461f91cf19f9360ec3649694f2a08299907757a9fc592043b717d51086a934 |
| SHA512 | f430fc45899343ceab8f79ce3e47b70c23bfa55d054e429487a7e38230d9aa5e43e6b6efff9f767e6f403d4e9285e477e154a1c7febbdd703d401914bfef6630 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b0d78dcb948ee5be431263ed95386b42 |
| SHA1 | 86a1eca3348dd6455a23833122aa36551c8596f2 |
| SHA256 | 48ea331a9e0b74f9907635e8493af8921b9fbca9581c35ad9f2ea1ab7e5386a8 |
| SHA512 | e5a34f35671a3d765b4a5d33dbf267d9fea54c0d074cc3ee4b0a16fa622d9abcb38dcd6c9fb48c6a2e091815254736d4d404725ea41982fa082b3f8a4558e3a9 |
memory/1404-441-0x00007FF8C4F30000-0x00007FF8C59F2000-memory.dmp
memory/1404-442-0x0000028762ED0000-0x0000028762EE0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3dc1cb44eb20adc8ca5c034307db73ef |
| SHA1 | 313465784a18880d1a4e37c1fe7fa80114ab6f86 |
| SHA256 | 74be2d595e1f751b7c12bf72efaf9d8129d91a204ee53c43991838aa8899fa53 |
| SHA512 | e497221ffb45217b0ce79636f3f32c2cd869f97acf88cc7ae8b7eb6d4889a3f858da6d5fc2d39fd9c377a72380ff325532fa0dd931aa90b26b658c314fcf5971 |
memory/1404-458-0x00007FF8C4F30000-0x00007FF8C59F2000-memory.dmp
memory/1404-459-0x0000028762ED0000-0x0000028762EE0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b2e12368e8f517861704724ee28cf2ff |
| SHA1 | f0a6eb1f837504336ec55766febfeb7f1ff5017e |
| SHA256 | 0cb6c0dcb846c6e0f91af7576c4d10b9eba1067c5adff5cf9ddde46e53abf741 |
| SHA512 | 21d3315bce5643195429607a29ce3ae44ebef41ed6cd3b6bdfd865661917644975670a7aabc3d8b4224c44c45719d48bda8dafc9efe78ef62c1529dd95bfcbb5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js
| MD5 | 9c8dcbb2bc411ebb1fbd39d4b77c10c9 |
| SHA1 | f5a4302ae7d6ec20cdadeded5b84701ab241f595 |
| SHA256 | b48fc3321ca87775545a162ad3248947027f1ddba8fbfce873bcb4b03d922463 |
| SHA512 | d5236ebd57920376174e02c7e43b67afb0d9d44ac2aaeb9fabe7c887da40386a135a63dbfe86185988619c99e6ae10b835025bcfd2bb7395bbf7b9d75ae898ec |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | bf454d118ed20b7a1ca2001fb765c9a9 |
| SHA1 | 0176a2ebd4c6fbe81a35da2118fb2e71b44999a9 |
| SHA256 | f5ed3e0de585f71b440a15deac3c79963d00a8496b52c1aafd9c51281c076a67 |
| SHA512 | 830ee136d7d2ce7edda82bb991f2b18dc2904bcb77a4e3aa3936cfa8d3084768332cb1393f9cc0325f938d8660e223bd0eedce06dd36cdcf1c6ff98c604322da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 25043767dbaa0eab20a4075620c7933d |
| SHA1 | a88c398c6fee23cb721b18a78ec6206500f78312 |
| SHA256 | 3eb0ed4bdd88f41967edf09dc6289e01854ef0370ae718eb3c79ad024c82f508 |
| SHA512 | 463150b3ad11853e8e97257a8e8a5c4e0e37fcb54b1a86e8b258741fc094959ba68d7e96dc6c24cfb922d5258ee31d9edf2949ac222071581f78489dca36ea55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 3c0cfc86fa72f592d201418a7e516d30 |
| SHA1 | 96a96c982fd298192756c0a67960132072ff57f2 |
| SHA256 | 135cd32d7f3200e4e3c3314b46c735386857610840ac359ab61f2e7829f751e9 |
| SHA512 | cbf794754811feef366330eb162acaee240d7967d60288fb0c6e1ceaaee0329ce6946e17096adab922fba9aa5da2216e7dac3c6600684901950a02b84a62ee16 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\prefs-1.js
| MD5 | 84dd774b76167effcdd16ac33fc10c82 |
| SHA1 | d9cc1ea5ac164db984108835ed7bd3cb3254f1d4 |
| SHA256 | f4c9439567bd2e6cb17aa564cef131bc22f2aa687b691e8cd62c3eccc3cdce1e |
| SHA512 | 364328e89e43ba33e9cf26f6fc9aef7f4151596977763ac4df1d1292ee3e44573bcaee7f26526ac6e30213f20dd00c77c7818f1e7b36a2d202f0db25c14b5a3b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\targeting.snapshot.json
| MD5 | 0b48c1fa894251f05a3bae48df685475 |
| SHA1 | 1cfac22ef9368562cee47636c04aa9cf9c9d9852 |
| SHA256 | c40f3060796c98f51864260589cf7f539fb716385b1e28b4cae04398b69c9a1e |
| SHA512 | c2da621d8dae3715717850d0918e4e9ef32c4a82f5fd3bd3fa7c6f080cf953084b76dde8c63a2cd9b013ab8adcd2d7649731682ee547a9b96e23c79606ef4332 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\bookmarkbackups\bookmarks-2024-03-27_11_-n8sRi0ABVGUJp96U4MVYw==.jsonlz4
| MD5 | 5a470786d1b6aaa771c2096b20e85881 |
| SHA1 | 07e53ff9344d75c93645a5e2202ae7313a3131dd |
| SHA256 | 5defaa774860089003b434626b95a55acfea9595300457ee3eb75173dcfca541 |
| SHA512 | 6e420a4f9337939705f2348638900c99907b5a79980f4697aff7e71f419ba020d6d5441ba897194c44761ecd29dd8a63acfcb4d0f540454d9c970534076a495e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er0iywxg.default-release\cache2\doomed\9905
| MD5 | d28be4a524e2d846c3edce97ca0db9c8 |
| SHA1 | 32ea7cf190e761a4787d42e316d585b00329f3ce |
| SHA256 | f98c88d5ccc659d74076e369b63676fca3652e371f8071d7bd776a2d72dbfa73 |
| SHA512 | 07658017c2b63f35cf225aec4b4a5bde3fbe397b60383c0ff90cf5de566e0aca9bd6d437b573dbc158d51db4bbb3dbd5d4dc5326777ea94be8f0b9c0115dd8b1 |