Malware Analysis Report

2024-09-11 09:25

Sample ID 240528-tnmbjsce48
Target Client-built.exe
SHA256 d82bc37ca66a2c6b78dcf7934a818d3d7692890fffe98104f30e71d9f0875e73
Tags
discordrat persistence rat rootkit stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d82bc37ca66a2c6b78dcf7934a818d3d7692890fffe98104f30e71d9f0875e73

Threat Level: Known bad

The file Client-built.exe was found to be: Known bad.

Malicious Activity Summary

discordrat persistence rat rootkit stealer

Discordrat family

Discord RAT

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-28 16:12

Signatures

Discordrat family

discordrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-28 16:12

Reported

2024-05-28 16:14

Platform

win10-20240404-en

Max time kernel

134s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client-built.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5072 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5072 wrote to memory of 4612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 3028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 3028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4592 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4612 wrote to memory of 4912 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Client-built.exe

"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.0.1217162386\91578367" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14c21fb8-2b58-44ec-8600-956a7107d39e} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 1780 229eded7858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.1.732460067\742105435" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b81109f9-a936-4f8d-aad6-bff018f7e502} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 2136 229e2f72b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.2.1478592391\1985456341" -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2684 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a58d31fc-ba8d-4d2e-bc86-24d8c00557ca} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 2784 229ede5e858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.3.318499345\567280461" -childID 2 -isForBrowser -prefsHandle 992 -prefMapHandle 1264 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c650be4c-aa3e-4ca9-908a-22a6e67dbf20} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3672 229e2f62b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.4.379315991\764594682" -childID 3 -isForBrowser -prefsHandle 4168 -prefMapHandle 4164 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a5fbe9e-2e13-4842-b555-633163bd75af} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4180 229f3046758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.5.2104511973\11087095" -childID 4 -isForBrowser -prefsHandle 4912 -prefMapHandle 4900 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f0fb379-0e2c-4833-8749-3d7b716c33b7} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4924 229e2f67b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.6.1016318484\1528600245" -childID 5 -isForBrowser -prefsHandle 5060 -prefMapHandle 5064 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7df48f2a-7a6e-4977-b0e5-8c31142d4873} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4728 229f450fa58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.7.705348247\1836000752" -childID 6 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42b6a5d2-a6ee-4377-8598-15ed38d38325} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5204 229f4510358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.8.1694858547\479258347" -childID 7 -isForBrowser -prefsHandle 5692 -prefMapHandle 5104 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d04158bc-fb43-42e2-8839-842048429e2c} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5424 229f6335b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.9.1365183442\1962007239" -parentBuildID 20221007134813 -prefsHandle 3236 -prefMapHandle 3228 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {986136d8-ef37-4e06-991d-23f614403ffb} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 2640 229f5551658 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.10.527046910\411198552" -childID 8 -isForBrowser -prefsHandle 5468 -prefMapHandle 2640 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d170f99-10b6-4777-9756-ce9b7a630476} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4280 229f55d9d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.11.583383974\452362053" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6068 -prefMapHandle 6064 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c31a2e94-2d66-4c1a-a488-36e5cd5a745c} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 6036 229f55dbe58 utility

Network

Country Destination Domain Proto
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.134.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 44.237.65.238:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 238.65.237.44.in-addr.arpa udp
N/A 127.0.0.1:49772 tcp
N/A 127.0.0.1:49779 tcp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:80 discord.com tcp
US 162.159.136.232:80 discord.com tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com udp
US 8.8.8.8:53 assets-global.website-files.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 global.localizecdn.com udp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
FR 172.217.20.202:443 ajax.googleapis.com tcp
FR 172.217.20.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 104.18.4.175:443 global.localizecdn.com tcp
US 8.8.8.8:53 global.localizecdn.com udp
GB 18.165.158.90:443 d3e54v103j8qbb.cloudfront.net tcp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
GB 18.165.160.74:443 assets-global.website-files.com tcp
GB 18.165.160.74:443 assets-global.website-files.com tcp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
US 8.8.8.8:53 global.localizecdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 d3vmvmej3wjbxn.cloudfront.net udp
US 8.8.8.8:53 d3vmvmej3wjbxn.cloudfront.net udp
FR 172.217.20.202:443 ajax.googleapis.com udp
US 104.18.4.175:443 global.localizecdn.com udp
US 8.8.8.8:53 175.4.18.104.in-addr.arpa udp
US 8.8.8.8:53 202.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 90.158.165.18.in-addr.arpa udp
US 8.8.8.8:53 74.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 uploads-ssl.webflow.com udp
GB 18.172.89.32:443 uploads-ssl.webflow.com tcp
GB 18.172.89.32:443 uploads-ssl.webflow.com tcp
GB 18.172.89.32:443 uploads-ssl.webflow.com tcp
US 8.8.8.8:53 uploads-ssl.webflow.com udp
GB 18.172.89.32:443 uploads-ssl.webflow.com tcp
GB 18.172.89.32:443 uploads-ssl.webflow.com tcp
GB 18.172.89.32:443 uploads-ssl.webflow.com tcp
US 8.8.8.8:53 uploads-ssl.webflow.com udp
US 8.8.8.8:53 32.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.75.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
FR 142.250.75.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 hcaptcha.com udp
US 104.19.229.21:443 hcaptcha.com tcp
US 8.8.8.8:53 hcaptcha.com udp
US 8.8.8.8:53 hcaptcha.com udp
US 104.19.229.21:443 hcaptcha.com udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.229.21:443 newassets.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.229.21:443 newassets.hcaptcha.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.229.21:443 newassets.hcaptcha.com udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 104.19.230.21:443 api2.hcaptcha.com tcp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 104.19.230.21:443 api2.hcaptcha.com udp
US 8.8.8.8:53 21.229.19.104.in-addr.arpa udp
US 8.8.8.8:53 21.230.19.104.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.229.21:443 api.hcaptcha.com tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.229.21:443 api.hcaptcha.com udp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
US 104.19.230.21:443 imgs3.hcaptcha.com udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp

Files

memory/4500-0-0x000001CFC6200000-0x000001CFC6218000-memory.dmp

memory/4500-1-0x00007FF8C9B73000-0x00007FF8C9B74000-memory.dmp

memory/4500-2-0x000001CFE0970000-0x000001CFE0B32000-memory.dmp

memory/4500-3-0x00007FF8C9B70000-0x00007FF8CA55C000-memory.dmp

memory/4500-4-0x000001CFE1170000-0x000001CFE1696000-memory.dmp

memory/4500-5-0x00007FF8C9B70000-0x00007FF8CA55C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

MD5 3e4d48bf4832d8d263510ab8bb1bdfbe
SHA1 b4f054a5942abd026c5e2cad0a57b9e53d83b157
SHA256 37729954e23fdd837d100a12f6565e279f45f0e042b4824a9459d401ccc11ccb
SHA512 854308c7355d5605001071efb55903d769fef0b910222eb464768c6beab80173519f011a83cdec0a53dad3bac5324c67baf273ddd0460783736e619f3fd4ae00

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\ff977d8a-1585-4127-ad01-84cebd0265cd

MD5 6c0de46836715db0bb000dd148f0bccb
SHA1 1fc5f0ad194f0b1ed4042e0269de6bbd54fcb2fc
SHA256 6b88a8fed01b08f935059ae4b8b5f7950f67cd581eb86242e3d2b603587ad2fc
SHA512 f6ae94c1c5264f4d4d71abed15dae6875be99c700d21078415bba3e95fb66453be0adde1e45ae009aff730921a9fb413e4b4f1160f362d845b246b8a27dd0771

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\f9eb1699-4b16-4e03-8a29-2a1c525d2493

MD5 9f2866decaa8b29f2b94fe5b4890b7f4
SHA1 456ea23f58ccee6d7f0a65c744094f2ed6a7b479
SHA256 a4a735c6bcc8f26b6c0214bb0fdbc1e9e1cb46f11490e4f371c6a5e6ccc77c5b
SHA512 8b8c016ea36e00171dfa393c199f95897e75130d4e021608f3f4874e6b845ec093be37b0e6d531ec74e34c369c97a15a3a8adf13a7ce672abccfdfdb53a17e82

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

MD5 47fc7afcd37014ff8e25470540701eef
SHA1 70e38248b2036c8e81618581d062d983003bacad
SHA256 bdc7579541b035246a6a86f453077d1aa2bbc1df9a3301c6ecda96e9e0aed9ce
SHA512 48e094d6a53e112b2e4eb1d861166601655509770f309421ce4299c95f4b1422d1c343be6e8da6670ec9f0c83eaf2639281962e989e292d92871d1d61e219bd9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 0d0013d9708d9fef539adc917f5b87f6
SHA1 5e071e6b4d8abf007c8bb78ee948caf5bb0439e1
SHA256 f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b
SHA512 851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c96335c87a0f1d27d591f5595b4e9dc7
SHA1 1cd0724df3c79ea2af295981b78f5a8e0f7940ae
SHA256 c7f4525d5ca5416cc6de391939904a026364981d0b4f0ca0c4cf3263b82d8b02
SHA512 89b94f2adecd4dba5d63057822f26ff0620ee65af7cb6a906163974779048452007308667a0c401087aea91b1f243dc98fe03e76c65b1552778506f656a1ff17

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

MD5 6cf05535e79145ffb74719f3a757f266
SHA1 9bddeaff8535efe2d2347cced74c827dd8a93047
SHA256 37cedf5b60839b21bf99c8dbf7213840fb6a567e5e93db0555d618f4a3e891af
SHA512 e62531d84dc517044e7b7541390dc0957648b0993b142f0f9c33ad474edc3bba663c6bd0cae7433f95ef940c8c3df71a96a5ffe1d3eaa216588282fef019e78a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\15551

MD5 00fdc0df893570084d4e5d9aabcf2e45
SHA1 0b2e2efd65bf092e2b89a8ebb908af4f0436cb58
SHA256 ace169ba5ad8ceb08bfcb4697aec7e98b780374b5b9d54d23e2762a97c2afbec
SHA512 7b116875a41dda194185ed727b8a52ec3a7d9e0f7a8dd9ede94994b1c65db9ef4fee52f805334af018c5e8073f845f1e4527395058ab9d3f37256f38f2a7b441

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6f4d530d29076c4c128811f10c5a62b6
SHA1 333e25a8870b7c09c2ea7163d58d888d4061b34b
SHA256 dfcf095039ba87de7fb4e36337c84b561bd951da641df03326b2d52bedcc232a
SHA512 fbd6eac1795519c66e7b7963c1103d978a52aafd4ceda60ffe29f7b2b70b2fa51bf3a6ea26d27db69de5790f5d038fcf3ff9e0ae1a80aebcd228bfbda59208f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

MD5 9ea4b4111bf007d162595ab40796b39e
SHA1 a6d8590b478e784e7b052fe49fcdaf433fd794dd
SHA256 d076e2bbc6fbd2e0e6efb840a8aa632050083c7cc0197a024eeb534d934e5844
SHA512 be19deddbac9dffa5a91bda93e2e784848fd47d08fa0be2c13be2a41e5fa52e5ca76cedb6fb41d78b074a91647e8b44516eed6d184abd88b2d11fb41b8890710