Malware Analysis Report

2024-09-11 09:33

Sample ID 240603-zmr4asaa87
Target https://shorturl.at/us7lS
Tags
discordrat persistence rat rootkit stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://shorturl.at/us7lS was found to be: Known bad.

Malicious Activity Summary

discordrat persistence rat rootkit stealer

Discord RAT

Executes dropped EXE

Loads dropped DLL

Checks processor information in registry

Modifies registry class

NTFS ADS

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-03 20:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 20:50

Reported

2024-06-03 20:51

Platform

win11-20240508-en

Max time kernel

67s

Max time network

69s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://shorturl.at/us7lS"

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\release\Release\Discord rat.exe N/A
N/A N/A C:\Users\Admin\Downloads\release\builder.exe N/A
N/A N/A C:\Users\Admin\Downloads\release\Client-built.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\release\builder.exe N/A
N/A N/A C:\Users\Admin\Downloads\release\builder.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\release.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\release\Release\Discord rat.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\release\Client-built.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2008 wrote to memory of 2316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2008 wrote to memory of 2316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2008 wrote to memory of 2316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2008 wrote to memory of 2316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2008 wrote to memory of 2316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2008 wrote to memory of 2316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2008 wrote to memory of 2316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2008 wrote to memory of 2316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2008 wrote to memory of 2316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2008 wrote to memory of 2316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2008 wrote to memory of 2316 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 4064 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 3644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 3644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 3644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 3644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 3644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 3644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 3644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 3644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 3644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2316 wrote to memory of 3644 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://shorturl.at/us7lS"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://shorturl.at/us7lS

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.0.1888269553\239651528" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c1d65d5-75f9-40f9-92c1-8a8fe251c062} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 1832 2467ac0b958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.1.1494917607\1643861216" -parentBuildID 20230214051806 -prefsHandle 2348 -prefMapHandle 2336 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a8318fa-db9d-4efc-8613-0f28ce4848c6} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 2376 2466e086b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.2.1557989565\2114495583" -childID 1 -isForBrowser -prefsHandle 3232 -prefMapHandle 3240 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b33a1e98-6f39-4b9e-8216-290f000f7ccd} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 3236 2467dd2bb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.3.511991495\709457882" -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 3424 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e49c735a-b4fb-4ce2-bbdf-dcff8ed2bcf3} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 3400 2466e076e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.4.2054886368\1808533223" -childID 3 -isForBrowser -prefsHandle 5228 -prefMapHandle 5212 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eed1246d-ab06-4b7e-a16a-66a864f59cca} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 5184 24682149858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.5.1536926321\51918635" -childID 4 -isForBrowser -prefsHandle 3136 -prefMapHandle 3008 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40b2fc06-53bf-4ad2-baa4-d4df17d1d0f9} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 3092 2468362e858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.6.1244569555\1376185794" -childID 5 -isForBrowser -prefsHandle 5588 -prefMapHandle 5592 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fe723aa-333e-447d-9172-5ca86f6c8fe7} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 5580 2468362bb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2316.7.1611172782\1597628075" -childID 6 -isForBrowser -prefsHandle 5772 -prefMapHandle 5776 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac976937-4846-442e-93bc-b8f5ff3746de} 2316 "\\.\pipe\gecko-crash-server-pipe.2316" 4812 2468362eb58 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\release\" -ad -an -ai#7zMap24022:76:7zEvent17155

C:\Users\Admin\Downloads\release\Release\Discord rat.exe

"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"

C:\Users\Admin\Downloads\release\builder.exe

"C:\Users\Admin\Downloads\release\builder.exe"

C:\Users\Admin\Downloads\release\Client-built.exe

"C:\Users\Admin\Downloads\release\Client-built.exe"

Network

Country Destination Domain Proto
N/A 127.0.0.1:49723 tcp
US 8.8.8.8:53 shorturl.at udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 44.237.98.207:443 shavar.services.mozilla.com tcp
US 104.26.8.129:443 www.shorturl.at tcp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 104.26.8.129:443 www.shorturl.at tcp
GB 20.26.156.215:443 github.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:49729 tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 162.159.133.234:443 gateway.discord.gg tcp
US 162.159.133.234:443 gateway.discord.gg tcp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp

MD5 3dd04d7050d1d8718cd5afe93d1bc0c3
SHA1 d4a47999f055d51be69d6a8008134f40f3e536ce
SHA256 3d7786d244aab54df6e49ce31ccf7f27adb79749a87feec784cb175b214a5781
SHA512 17fca4b9ed0bb3a4069a3e721072ff81629018232e027df2dd98a1947ec0d5929ccf0bfd3bbdf4137ad48f590d31dee80b8d191c145e6c2e2dfe118d7e5070c8

C:\Users\Admin\Downloads\release.oRSdGBeC.zip.part

MD5 d678cd12dbebff98f3ec7fda0a384f28
SHA1 4fc2ebf50f156c8c8c979b80de501299eabe3386
SHA256 68e60c074e827632e78c8644f0b86000279163b44213cc7a3245f1e200b9f120
SHA512 edb00e32a1ac8e1b451c2425d5b323776cc2f6b2e8446e07e2621972bf23d86d49cccae746528d86ac5c4aecac36d7af565cea29af712a9206064f84e08ed50d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e3b3f822bab6d44e9bf4afa82e26d0bd
SHA1 2beb91ec4076bb5e5e5c7edb90759669fb770f66
SHA256 8ae54bf6d6edbb21592d8444f4214fc3f92819de8546b0099feb1967c81a3604
SHA512 be1a98059e21c0a048b5878d0ad13a502e8512cb3e8ccab22b0d9f68710f54b88d7b7bece18823ba6a93556cd775f3bf29a9e0c850f37000d8ed483fdb287d2e

C:\Users\Admin\Downloads\release.zip

MD5 06a4fcd5eb3a39d7f50a0709de9900db
SHA1 50d089e915f69313a5187569cda4e6dec2d55ca7
SHA256 c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97
SHA512 75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

MD5 1e42d8674e7e825c361113e24f55a016
SHA1 4576244a37aa5f63f7aae2125d13c066c94c6ee7
SHA256 29a9f314ebfdafe1bb3dae9fcab7e4c1874fe7cc8c3a11887a6069f428206efb
SHA512 74b8cadfd6ac4832fc5483b34dc98ca09a044890732504870e58bf678d7ef21caf3cc77a01585f86042fa53199f2bc1e357fcd1a2d2a57abd987b86dcf1f2567

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6d303b675eed5732ffee6cc830d6d197
SHA1 9c63809251314859cd66afb73f371fa2921b3b4a
SHA256 299090e64b91c0808aa5d2230107f27355c21216f711f95781b7f9f53b4cd95d
SHA512 3381b6226af85264295460a82752d4614952017c39c6588741e878285ec08d12442eb7b0aa29a9b1d2c5fa3a65d805534c451fa684a133c82dbc3477643cd1a5

C:\Users\Admin\Downloads\release\Release\Discord rat.exe

MD5 d13905e018eb965ded2e28ba0ab257b5
SHA1 6d7fe69566fddc69b33d698591c9a2c70d834858
SHA256 2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec
SHA512 b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb

memory/2556-224-0x00007FFED8AC3000-0x00007FFED8AC5000-memory.dmp

memory/2556-225-0x000001F0F1C80000-0x000001F0F1C98000-memory.dmp

memory/2556-226-0x000001F0F4300000-0x000001F0F44C2000-memory.dmp

memory/2556-227-0x00007FFED8AC0000-0x00007FFED9582000-memory.dmp

memory/2556-228-0x000001F0F4B50000-0x000001F0F5078000-memory.dmp

C:\Users\Admin\Downloads\release\builder.exe

MD5 4f04f0e1ff050abf6f1696be1e8bb039
SHA1 bebf3088fff4595bfb53aea6af11741946bbd9ce
SHA256 ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa
SHA512 94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12

memory/2348-231-0x0000000000690000-0x0000000000698000-memory.dmp

memory/2348-232-0x0000000005640000-0x0000000005BE6000-memory.dmp

memory/2348-233-0x0000000005090000-0x0000000005122000-memory.dmp

memory/2348-234-0x0000000005010000-0x000000000501A000-memory.dmp

C:\Users\Admin\Downloads\release\dnlib.dll

MD5 508ccde8bc7003696f32af7054ca3d97
SHA1 1f6a0303c5ae5dc95853ec92fd8b979683c3f356
SHA256 4758c7c39522e17bf93b3993ada4a1f7dd42bb63331bac0dcd729885e1ba062a
SHA512 92a59a2e1f6bf0ce512d21cf4148fe027b3a98ed6da46925169a4d0d9835a7a4b1374ba0be84e576d9a8d4e45cb9c2336e1f5bd1ea53e39f0d8553db264e746d

memory/2348-242-0x0000000006640000-0x0000000006762000-memory.dmp

C:\Users\Admin\Downloads\release\Client-built.exe

MD5 5fa78b19ae158350ead3ef50feb6a7a2
SHA1 57d57ca525968fd9d5a9ee38e783e288896caa01
SHA256 1d4914ee768fbaf1b82a860ace972a01338c12a05ff7dbdde42bfab43b21a4d5
SHA512 c0d0803b5ceaa4c3013132ead8d8a95faae4a01933c41cb4c998572c2a31c971faab5bb2c488aee8d73a16a0037a78e09130e1ecd2804c40f0665399c404c00e

memory/3124-258-0x000001CCAA6F0000-0x000001CCAA708000-memory.dmp

memory/2556-259-0x00007FFED8AC3000-0x00007FFED8AC5000-memory.dmp

memory/2556-260-0x00007FFED8AC0000-0x00007FFED9582000-memory.dmp