discordrat | 52ab6102c24d59bcc88d6d5311e8f7404e69b17233ba995bbd162326782ac412

Analysis

max time kernel
299s
max time network
300s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
18-04-2024 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

7c16d8d9eca7c5ea3c0919afce4a42a8
SHA1

db2d93ddef2d96fc687b11830781c54d549b7d3c
SHA256

52ab6102c24d59bcc88d6d5311e8f7404e69b17233ba995bbd162326782ac412
SHA512

4dd267a609ee31405d0353186ac2588afe760c401fe43d8958fa6c7a9ecbb65665ee120876f49a6760de1cd703791516f9ff7362a8355ac1b53f002a2af80312
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+KPIC:5Zv5PDwbjNrmAE+WIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIyNzU5OTczMjkwMjMzMDM3OQ.GGJ-EF.ITvPrvNzJvdqzhVFGBeM8xjGUkZMvbKmCPGwDw
server_id
1221811060135170099

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

Client-built.exefirefox.exe

description	pid	process
Token: SeDebugPrivilege	4780	Client-built.exe
Token: SeDebugPrivilege	3304	firefox.exe
Token: SeDebugPrivilege	3304	firefox.exe
Token: SeDebugPrivilege	3304	firefox.exe
Token: SeDebugPrivilege	3304	firefox.exe
Token: SeDebugPrivilege	3304	firefox.exe
Token: SeDebugPrivilege	3304	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

3304 firefox.exe
3304 firefox.exe
3304 firefox.exe
3304 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

3304 firefox.exe
3304 firefox.exe
3304 firefox.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

3304 firefox.exe
3304 firefox.exe
3304 firefox.exe
3304 firefox.exe

pid	process
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe

pid	process
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe

pid	process
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe
3304	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3312 wrote to memory of 3304	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 3304	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 3304	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 3304	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 3304	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 3304	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 3304	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 3304	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 3304	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 3304	3312	firefox.exe	firefox.exe
PID 3312 wrote to memory of 3304	3312	firefox.exe	firefox.exe
PID 3304 wrote to memory of 1384	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 1384	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 4764	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 2088	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 2088	3304	firefox.exe	firefox.exe
PID 3304 wrote to memory of 2088	3304	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4780

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.0.1100123705\1363100832" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1660 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30add647-3055-4e20-9e6c-ee9adeb69e67} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 1780 25226be0e58 gpu
3⤵
PID:1384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.1.1829481384\1614268495" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2339f5b1-9f00-4fc0-9534-9b504f923445} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 2136 25226b0a258 socket
3⤵
PID:4764

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.2.516858080\1214838240" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3036 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebff7708-5301-4237-b69e-642eb9a5caa2} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 3052 2522aafae58 tab
3⤵
PID:2088

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.3.708401245\1273764187" -childID 2 -isForBrowser -prefsHandle 3460 -prefMapHandle 3456 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e33b4f58-79da-46a5-92fb-8581fb152cc7} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 3472 25229576758 tab
3⤵
PID:780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.4.1097343346\180815331" -childID 3 -isForBrowser -prefsHandle 3880 -prefMapHandle 3868 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a54be3f8-c9be-4178-8eb9-58b5075b608f} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 3972 2522bb71b58 tab
3⤵
PID:4320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.5.1110319596\697377050" -childID 4 -isForBrowser -prefsHandle 4780 -prefMapHandle 4776 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb06cc6d-5306-4d7c-b3da-0d82ba1a04d6} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 4784 2522cecd458 tab
3⤵
PID:4988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.6.18145119\681134650" -childID 5 -isForBrowser -prefsHandle 4920 -prefMapHandle 4924 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59306ad8-c416-48cb-a73a-4fdb658c45d2} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 4912 2522cece958 tab
3⤵
PID:1928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.7.648904246\1384646923" -childID 6 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf9b850d-ebb5-42e0-9803-f33197a55830} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 4784 2522db14b58 tab
3⤵
PID:4672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3304.8.1374959769\683579664" -childID 7 -isForBrowser -prefsHandle 4076 -prefMapHandle 4004 -prefsLen 29562 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83a24374-d015-45b1-b6d0-c5f7be923999} 3304 "\\.\pipe\gecko-crash-server-pipe.3304" 3804 2521bb6f858 tab
3⤵
PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20778
Filesize
10KB

MD5
0d8fea01e5b973d7ea2f21a61f906d10

SHA1
6e63046213678d341639325980a8642750ec117f

SHA256
34e459d34b06e3e78bb632308b3f5ee3c91fb4ac9d545503dfcee00584cc5fe6

SHA512
9040550a0d40c0c30bf1d28ac21b8f1faccdcea95bf2c99b5e781c15fa336c20661543727425c03e828d14f7f296b8c76bc9d29888ac3eb0bffa5531f03383f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\46326F047A8206496F2D7CB58A3DC25BDD21FF18
Filesize
54KB

MD5
d3e760cab385df1d1cbb0064b6f36e0e

SHA1
0b2e705a69c8c80ac7ce2e01d3548c19d0096ef6

SHA256
91e00a23208485d51a331e007eebc5eb38f669b4bac47cbde766c5014f3f63a0

SHA512
278de7b51760540813cafd35b0c51a436a8321a44948ed7f91c9b84fa4a173bbf2177c2275a406e9b7cce2b1278160592282e3625e2911be82d56e4eb2fc1139

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\BA7BBDE965386E539F5175725823D082A7D47CA9
Filesize
207KB

MD5
aaca7dd120aa93201e54eb1eb7f228bf

SHA1
537207479f5836d7914d9dc77c2f0a7c515ef35a

SHA256
e4aded466f17c5ea3b34ef8b3eea66efda7fa80788eba98ead18e03472a2f182

SHA512
f32eb87dc937541bb136c67ebee279e06d067d8482c93af7289accfca255265f24edd8f130ce7db812185ec30984a302ce31f1751012569c08593569a6a32702

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize
13KB

MD5
a31591635c4054015540d0c4830f5f18

SHA1
05fd8f41d67d38d98eda3134a532e197574f9f19

SHA256
e75862c201a2aab25a7f7ecff1d44abbf8620a713e8c38af2d5544c54fc25072

SHA512
9e0b0ddd92e3864d365f26e82a755000c106f59b421e2bb764757c5b36c623c68afb8df46266b0e5722e83d99c4326c7daeac436940970d3f4561863c37f45d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
7KB

MD5
469d57a8cc16cc91cead1b76bd41b454

SHA1
e88be547eaa7e4dc90b0a9a2c92e946db06c6879

SHA256
15fdf77a1636ababc93ea39cea93754eaf9a103249fc18b1f07a58d095759d73

SHA512
811fe2afa44791cfc561a5168f34666293946eefef715eb5a3570bc83ba4e5950ba0a50b1a15d56e62bdcfae16f5f62f886a203bd9e20d2780c85b70854e4be2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
b052cffc5708cfaf70f231b107491402

SHA1
e686c2741430b4bd6ec9935e55a3ff768e7a5dbe

SHA256
c1f2fa0c270076b2a25e584c6662a11c3f9f9a73020100f172d32a4bdbffb4cd

SHA512
041fcd04afc1e4146e8057cfcaea878d1491be0b5b1c37c14409e63da0075b50bbfbd77c821c1cca689aff8ba011b3dc91e6e0b1ad123c388125b2dfb0648ea9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\8346cef0-d2b6-4084-bf49-010b13d555eb
Filesize
746B

MD5
1a44ecdee1c62646e8b45eb5b9255b5d

SHA1
9e89d8328b4fef16aa469c2fc60863e6e5a03814

SHA256
1affe44df2043d8e0ae5168fca14eddc48a0312af9a9f0ee9a391127763cd010

SHA512
06aaf43b6feb522996c789ee39e326ef653c48de940fa7d00d9485ca69d9c8fa31fdd1c4b54bdf6821356e610cf87cdb1ac7ca0f5c40de896905722f02c6b3a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\dfbdc641-ca73-4ab3-ae41-b6d7b56ecf31
Filesize
11KB

MD5
1b10f682f54e81111798f6fca64b7c87

SHA1
2fca145e7a64fd7ca78ee4be70c77465e8d0261b

SHA256
29f65a810d70819ff62bdd3bd19accb5159b0e1513704f916f0917163e5ab3b5

SHA512
ab91af7a886ab59ab5aca5308672f286e1d27d33054b778027995870289805bf988ad973aad02d63302429466992397db9d5c84c6d39092619bb83a8167865ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
6KB

MD5
fd6b89e1ab6c2a2c01df9bac7c82d994

SHA1
b17f6128670577e6e5ab81b337cf0d13ad5bb2e1

SHA256
dd5734e7b8268c318b5f0511a3e1358a0707111b8bc9a4d4ebd590a6757d8917

SHA512
2a65c0772032c2c5e4f1e753f64a8c58dd373489fb320a47aa6566464148d670bba65b148ffe8e4dbd8969c99f9a1e2a76a44632c0d3f7b90c3e86385c572cd3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
9KB

MD5
8826779f5b6f752afab9330c82de2565

SHA1
03283f1157648a4a9494007f1ee1f66bb826ca07

SHA256
ad188e250c1f2b251980df992c60917f220beb482c673a6031f8e8f73070b962

SHA512
35fc5b68807c95da884fa9a4d63d86d15a986b7a37a0d54e05ce0e0ac32069c677f20265bbbaf1a8535458b8e6303f051e4b4d1231f36ac1dcd4ab21f8582c0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
6KB

MD5
f1c258acdbefde80fd3ae06b9bd763e0

SHA1
d1ac3e7b8fa8ca0ed5f932127f206e15b626a3de

SHA256
0d9b233f19784779d1cbbdba5925f1f4c942c17b11b00f352ee7a0ea951fb337

SHA512
94c1a6d333348f7561c6b04e5b93de9181b89f4167a18daa79ae59709897b674451fb98c48d7b34b80a82b87ea58664d13b0c0877f19dfc37b7c0852c13e2c60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
Filesize
6KB

MD5
c90b8498e3c39547d9304ce1f69ad6d6

SHA1
a24ef99d4d13fce0166dc10ca00d778fcba6d1c1

SHA256
8ccf4be22c2555836b82c80bf3a076ffc172e7dbb088ee5fbd68ab61f2cc40ad

SHA512
3562df62a1c174b069040f1e7a9bd7dac71736c71568466baa41a1927c37e086c2ed7675df8c39fd760e25d0a40f2188a3f812bc9daefec6b534c100b5dee984

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
3daf88cb12c8fc80982879a98a325334

SHA1
ed3552ed8860f18ea7de08b8c6729138c4fbea09

SHA256
61dbc68e5467d62e9aaae1963aef6b6b268486e38ad6b5a1b22c90c49295db42

SHA512
b4de4d4407f810cb0164fba133e5bda4eed53ed001ebb5522704e22a5157b45ef5f5e9eaef94c9f13be7b608c7e190dfa98b1b84cfaf0dac4f2794bb9c5645ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
10c44969a6e70cdb7f3c4f41d8d08004

SHA1
691feb809afdfa717defb4528e69946331490f36

SHA256
3f739ba0677272c2f1afac2274313c9d18ca348c48d659d8143299d4ef305001

SHA512
8d907aacf5eb2dcb80ee19c3a9047406ccbae32d03afc6bdbd66ba79422b05def412b4b14c334dba17d47ed496f183bddc3e968db17ee4abf58b997c062c95d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
86c3a8e952a1563cf7debe325b55d0e9

SHA1
6fd8945ffa5aee77971f229bc6583d2c68f28191

SHA256
a9a2223350bb8ea1fecf176462f7b831e04cf70777a1c2d9a2b74b2777a954f8

SHA512
c73943e5e4c8dad78588e14a09360db5e45d8c586928293f16947d8f0e3f9846c29975db9c6ac16b1cfc0042f7cfeed21bcabfb087e5127ad3678a0e3dd2e500

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
9f580ae8eb432ca8f9bb39dffad0d7cd

SHA1
d47af88e636a0ee436ee4bbf1e335117370ee086

SHA256
1011efd1c810cc527a08738c8e66d6efcda12faec841757498abef0b30300a4e

SHA512
9ff31c8f80b21229a7b9fe0bb2b13b4af57689bad8b1bd527af1ff0a4b6c3c5d5a16d075aa8d078a9d3e4ad74a6561c7e50cd51a2291eb8259dae520db0f1eb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
5f2af8271f66210c81d158508db990fa

SHA1
8f5e071078311f60a23b7b8e5b6ff6d7e4092b71

SHA256
162596dc23d165a1e114d42fc677fc57f28da90e30ed99de5b5de45b41b8a18a

SHA512
295c9c195e43c835aaeac7326a8d7b393316b124005668b52086e8fbb46ab3e7994966f1b426a25b6106b3a3d66a3d099674a15f6f1a3e90591c7dd33d514b72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
8770285eb7bc6e69966f0d7732695909

SHA1
95b603267c8785f359ecf31d3a8343baa3a1b8ec

SHA256
ea8aadbe05d3b76955e5884b2cda82894292ae3a63e84089704b508c47146f80

SHA512
a26b0e622101fd7db6507d40e5b82ae64b0838bf0e5995d2526a5a1e5036c7718cba5264a4dc2cf879cb2e39d347c4c7a39158170eba760ccbf68cce94a625b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
48c1423889ca49a92f817e064b536db8

SHA1
dc3ae06fc9885826be4aec94a8538aa82cd7b4ec

SHA256
27fe0a9ff2352da19381312af59d85472a1064a5dc6bc0ae182def90f1f333bc

SHA512
6d69a67e0ee927d2d21528ae65527f8593746f1b8e11f4198aa7f3ed18bf463dfc7311ad39a3eae60f99db3a543f4df0bfe1f5b15c56c6173249a913c148ee8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
e3d177fa4162515c0ace125b3cb5fb15

SHA1
b741d59f317faf48185277354d44ca478e233992

SHA256
2cfff8d9262dfb4ddebe63b7c9697456a239988af18022e482dea2f5dd5d2d72

SHA512
242c57ace3e383f75d1df1c391d2bb8ecf256e1367319a66ef4411b9ed9e8ab7256286642bf19ac454dcde265b90db71e87ec3076101941debac6e3e62a8fe0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
ae48ea70fe89566f6c67da5d4500ba30

SHA1
59f7f18038643325d28ec04c5a4c60b6ab688cf7

SHA256
44e4dfed9796058d4fe3383bf915c16b108d18d678859e477123c063b0684d80

SHA512
1220b4915aee2c49fc8fa8cc13ba241dbcd10760bac6879b91c0fd3c9430ff060144fdff2fdd39cdcb2c013503f1d16b58729ac43e6d03a087c87a1dc5690f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
6d2e5d12fc35807483d8d6fb5ebe47e7

SHA1
43441f5faf1756b536bb36ede60cd03a956c6dec

SHA256
3f65c1621d9016e8279dfbe48b196632af641f4af28f3572887e19f121851881

SHA512
bf5190c33f94f370618df6930e3737dcc6d39bbe5d16d7c21a1cc8b372ff9a2c62f635c5351813a62ba042ce5811471b84379732278d278bfd3b12ce0eb94a3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
7.9MB

MD5
1425839e2f5fff0c1941aeb231be2a4c

SHA1
8539bd19a48a4be5b0b8ca2fe93069eed79da273

SHA256
568ce1aea386075ee7a224569dc69f0907ca45b5ecb6f2607c4b2a154f4b47bf

SHA512
d2ad04ca60d25bb3332acb17bb45bed84c13c3a22ab26a403ba4fbb9c29ea3d614a7370738f2f3dd625a2c79028391c0e58955131e10ff2bd0d4eb0cb1349e15

Download Submit
memory/4780-5-0x00007FFD9C950000-0x00007FFD9D33C000-memory.dmp

Filesize
9.9MB

Download
memory/4780-3-0x00000238F66E0000-0x00000238F66F0000-memory.dmp

Filesize
64KB

Download
memory/4780-2-0x00007FFD9C950000-0x00007FFD9D33C000-memory.dmp

Filesize
9.9MB

Download
memory/4780-4-0x00000238F9100000-0x00000238F9626000-memory.dmp

Filesize
5.1MB

Download
memory/4780-0-0x00000238F62E0000-0x00000238F62F8000-memory.dmp

Filesize
96KB

Download
memory/4780-6-0x00000238F66E0000-0x00000238F66F0000-memory.dmp

Filesize
64KB

Download
memory/4780-1-0x00000238F8900000-0x00000238F8AC2000-memory.dmp

Filesize
1.8MB

Download