Analysis Overview
SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97
Threat Level: Known bad
The file release.zip was found to be: Known bad.
Malicious Activity Summary
Discordrat family
Discord RAT
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
Modifies registry class
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-28 10:43
Signatures
Discordrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-28 10:43
Reported
2024-06-28 10:58
Platform
win10v2004-20240226-en
Max time kernel
871s
Max time network
875s
Command Line
Signatures
Discord RAT
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client-built.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client-built.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client-built.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | 0.tcp.jp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.jp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.jp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.jp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.jp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.jp.ngrok.io | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.0.1471634898\377601624" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed7c8610-0767-496a-b472-cb05cde42a90} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 1960 28bf7205f58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.1.280048579\1734212000" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d8047a8-7d67-4395-8229-d987fe20f590} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 2360 28be236fb58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.2.1618177160\1613289318" -childID 1 -isForBrowser -prefsHandle 3284 -prefMapHandle 3280 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {386b681a-bc6e-4483-983a-590a5e1468c3} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 3296 28bfa09d958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.3.412683224\1679929854" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6a1fc16-b71c-4043-90fe-bf928b344697} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 3500 28be232fc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.4.2017615896\588895119" -childID 3 -isForBrowser -prefsHandle 3776 -prefMapHandle 3304 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53670e7c-dd9b-4b65-bde3-ded6707afe1f} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 3788 28be2367258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.5.1023520327\1194695992" -childID 4 -isForBrowser -prefsHandle 4268 -prefMapHandle 4972 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {193492ca-fec9-409d-95d2-a378cf44c7ba} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 4984 28bfc32c258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.6.611600902\241622382" -childID 5 -isForBrowser -prefsHandle 5200 -prefMapHandle 5196 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30b60df2-9ea6-4e24-adee-dbd34b9daa16} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 5212 28bfc90be58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.7.1977802699\465666588" -childID 6 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5bba7e6-8ca8-4201-9794-0e19e7ec5018} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 5356 28bfc90c158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.8.1448120203\1171662356" -childID 7 -isForBrowser -prefsHandle 5092 -prefMapHandle 5004 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {348900c9-8c88-48cd-b47d-6d47ac212393} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 4924 28bfd7f9e58 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.9.1933748011\1968105869" -childID 8 -isForBrowser -prefsHandle 4268 -prefMapHandle 5240 -prefsLen 29712 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f90ffc71-847b-4537-87e8-26161268132b} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 5976 28bfc90d958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.10.387038129\1903203062" -childID 9 -isForBrowser -prefsHandle 6092 -prefMapHandle 4716 -prefsLen 29712 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b675e450-8e0a-4ff3-aeef-5997cd8fc1fd} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 4496 28bfc90dc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.11.335211341\2034827976" -childID 10 -isForBrowser -prefsHandle 6220 -prefMapHandle 5268 -prefsLen 29712 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f95fdd2a-f3ee-47f7-99ae-a2b2f455af18} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 6232 28be232d858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.12.1848180384\2136579973" -childID 11 -isForBrowser -prefsHandle 6476 -prefMapHandle 6180 -prefsLen 29712 -prefMapSize 233444 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f43143d-b15c-4be2-9096-0ba9dcac6071} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 6484 28be2362e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.13.1222299559\1752111367" -parentBuildID 20221007134813 -prefsHandle 5868 -prefMapHandle 5980 -prefsLen 29712 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f04ec07f-cad2-4c60-803b-5c453ea7671e} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 6080 28be236b858 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2552.14.1277754192\1439243377" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3224 -prefMapHandle 3148 -prefsLen 29712 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8c0ffee-7b08-4173-8289-6d5800d4a350} 2552 "\\.\pipe\gecko-crash-server-pipe.2552" 3468 28bf85f1758 utility
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x450 0x30c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49837 | tcp | |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 52.25.243.81:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 81.243.25.52.in-addr.arpa | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:49848 | tcp | |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.tcp.jp.ngrok.io | udp |
| JP | 18.177.60.68:13557 | 0.tcp.jp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.jp.ngrok.io | udp |
| JP | 18.177.60.68:13557 | 0.tcp.jp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.jp.ngrok.io | udp |
| JP | 18.177.60.68:13557 | 0.tcp.jp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 68.60.177.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.130.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r3---sn-5hnednsz.gvt1.com | udp |
| NL | 74.125.8.232:443 | r3---sn-5hnednsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3.sn-5hnednsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r3.sn-5hnednsz.gvt1.com | udp |
| NL | 74.125.8.232:443 | r3.sn-5hnednsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 232.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.16.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 162.159.130.234:443 | gateway.discord.gg | tcp |
| US | 162.159.130.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 0.tcp.jp.ngrok.io | udp |
| JP | 18.177.60.68:13557 | 0.tcp.jp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 0.tcp.jp.ngrok.io | udp |
| US | 8.8.8.8:53 | 0.tcp.jp.ngrok.io | udp |
| JP | 18.177.76.42:13557 | 0.tcp.jp.ngrok.io | tcp |
| US | 8.8.8.8:53 | 42.76.177.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ufile.io | udp |
| US | 104.27.206.87:80 | ufile.io | tcp |
| US | 104.27.206.87:80 | ufile.io | tcp |
| US | 8.8.8.8:53 | ufile.io | udp |
| US | 8.8.8.8:53 | ufile.io | udp |
| US | 104.27.206.87:443 | ufile.io | tcp |
| US | 8.8.8.8:53 | 87.206.27.104.in-addr.arpa | udp |
| US | 104.27.206.87:443 | ufile.io | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | client.crisp.chat | udp |
| US | 104.18.28.104:443 | client.crisp.chat | tcp |
| US | 8.8.8.8:53 | client.crisp.chat | udp |
| US | 8.8.8.8:53 | client.crisp.chat | udp |
| US | 104.18.28.104:443 | client.crisp.chat | udp |
| US | 8.8.8.8:53 | 104.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | cloudflareinsights.com | tcp |
| US | 104.16.80.73:443 | cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 104.27.206.87:443 | ufile.io | udp |
| US | 8.8.8.8:53 | store-eu-hz-5.ufile.io | udp |
| DE | 5.9.136.216:443 | store-eu-hz-5.ufile.io | tcp |
| US | 8.8.8.8:53 | store-eu-hz-5.ufile.io | udp |
| US | 8.8.8.8:53 | store-eu-hz-5.ufile.io | udp |
| US | 8.8.8.8:53 | 216.136.9.5.in-addr.arpa | udp |
| DE | 5.9.136.216:443 | store-eu-hz-5.ufile.io | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
Files
memory/628-0-0x0000000074E4E000-0x0000000074E4F000-memory.dmp
memory/628-1-0x0000000000810000-0x0000000000818000-memory.dmp
memory/628-2-0x00000000057B0000-0x0000000005D54000-memory.dmp
memory/628-3-0x00000000052A0000-0x0000000005332000-memory.dmp
memory/628-4-0x0000000074E4E000-0x0000000074E4F000-memory.dmp
memory/628-5-0x0000000074E40000-0x00000000755F0000-memory.dmp
memory/628-6-0x0000000005230000-0x000000000523A000-memory.dmp
memory/628-7-0x0000000074E40000-0x00000000755F0000-memory.dmp
memory/628-8-0x0000000074E40000-0x00000000755F0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 3dc4f50334660f5f00fc12a10dd0a2b3 |
| SHA1 | 238e6cca5eb4ad8dcca3c19cd982cf23b19244a0 |
| SHA256 | 4d039eed7fb2e3c4aa812c14b8e290777566db34fe0d1252d69b672d36ce548c |
| SHA512 | 5ec3e48d2341af17d342adfbd9a5e5742667b266633ce1e30cc90d15061d740cdcd90e716988cf8b0476e2221c4c9f869f6c0beea2db665b516a82c8915139ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\6eefb376-f50d-436f-bbde-1d9c806372d8
| MD5 | cd568c4fdb22e4b4121353cdfadc9602 |
| SHA1 | 156eadb137228b3bd4bc42c9cf9a0e418240c40e |
| SHA256 | 88e2afba015e337d6f4aa4c73e4e013849c08d55166343b217801cc37368665c |
| SHA512 | 44605fe442ba289bb6c4b4fafc139e3374bdaf217081b520b5ee814ad826de866ebe0828ea2f99099be3278b1edf3024bdb54aab273b0f40a8d81d1fb14ff4f5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
| MD5 | 9ea67bae7954a4780b3e536597756e93 |
| SHA1 | f38d209b39730d388e9bfc6f20f827f2a23e4325 |
| SHA256 | e00c7a435aab2ed20fbbe8ad2e17634ee1b02c2392346ae3e726bce02397a6e9 |
| SHA512 | 09bc47a6232ac89dc2f2e8a64de116a206d06bef0840edec9dbb032fbff008655a76afa9601f641d13f38ec066fd9c5a15aaedbe8ed26887d8c590114d24ae03 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\e18b60e8-e517-4ed7-a83a-79f4e2d67637
| MD5 | 99c89378c6fe8ef458350e5f8169d394 |
| SHA1 | 878704a5ee12821a2fac3a63c12161ca045629da |
| SHA256 | 37ed95694f7776e64811284bc2fa6555c9d4100bad8c152a3322d6c99b62926c |
| SHA512 | 2587d160a04db28652c06e608d31e26e47e6d5f42721f34647c73ddab1fea271f98e6314981ec26ee2c89edfa5d4fb3ec380953a6a9b972d5c2e6ef2e1ac8585 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | cfc79ce85805e8eadac02c53209517da |
| SHA1 | 675d94f54e317d762d1ceccff7674a2eee04d832 |
| SHA256 | c433f7b490aba2b530969dec1a3cd4fee80883a16083422cad57ef08516e780b |
| SHA512 | ef40a60fcc63aa60c197ef25d36609de92f4dcc85afce44e1d53c9ea4d3fcbb26050f3b170ec6dfb85d799357180135362f79e6fe2064feb8e3571880df1697c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | b01efd0877d8bb4a5d754d6d5a5922cf |
| SHA1 | 6dfaecd4219afbb206185171c64c777e9c73ae21 |
| SHA256 | ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90 |
| SHA512 | 6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
| MD5 | b7dcf298697455e2645a2a421b293168 |
| SHA1 | 7f5b4b0ffa8447790f6117acbba0526f17c428fc |
| SHA256 | 93b641804fa9681c4f55ccf34e21ac562ff63c1c4caaed45abf4dc4f28ab9ff9 |
| SHA512 | 7afbe428dfc9c29400f9e7450ae364336bb371567cd945f73cab41d5da8345677a92f517350644ed989ee19f53093916a793c326b572e2660eb8581b92d395a4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5abcae9ef969b8c6439406c738ab5cfb |
| SHA1 | de0ed7c8ebd6b8061efc54194519edfb25286501 |
| SHA256 | 30d0248f0eab6be8b5c680e6c62bd2b4f850b08c4a02e4da0779891a89f55af7 |
| SHA512 | 25be03cc873a561723735a92d80db4b3069de8400bdef92aa036c332099d273ae6e94a2e5f01a7577fc001941f8cbc6012296f4859f26f52096536c2c9beed5e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 128f77062179b9b82896922feb4ede40 |
| SHA1 | dda1a57ea033c4b7785377aa4a2b3a40cf7b2e34 |
| SHA256 | 576c0b248cf2e3c6e43863c39dd6e4231ae71582340ab65f9151a61c6918f4a8 |
| SHA512 | 7988556f593af7bb3a888f2dd212463a5d8a3be1bc14cc0979efa78c37e9afec90dae6c664db0d4a487f0771e35265997574e2350b6e91bdcc5aefa4feb9e29b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 1ba0abc5754574e68d76736c5854f82a |
| SHA1 | 7552929e1f9b5cfbce12325aabcd223664dba79b |
| SHA256 | 970cf89f373af6253f2be9b43e0517cd5cfefd263d55e1076451fe08cc8ca051 |
| SHA512 | 4ab97a69e8f095b7c83cf54c93682844807900dba4da39432059aec0294dc037e78177c6c73eab720031b8ad9983002525656cc22a08e4215e2975c0a50dce83 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a8c7d0bc08afcb29dbd695517e07defc |
| SHA1 | cfee21a028f59528d5450bb38908b9c9f7ab7fd3 |
| SHA256 | 073348fabfda8fb977aac1665c7c715b255a34df1bf70f30a4ad4f01e82a995d |
| SHA512 | 266249b211b7fdac21038dede5f0d3869a6e90a8c8d49c07bbc8ccd6e38177ff1500039039f0d5703efa36e54b2bb266b1959fa5dac0537c79d8e071c52d40b9 |
memory/628-171-0x0000000007B10000-0x0000000007C32000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Client-built.exe
| MD5 | a5a901355ccd33eadb9bb122bc14176d |
| SHA1 | 6201e657cc18db90ccfb0e882c32a24db0c18e5b |
| SHA256 | 2d274097dcb4ae2cb9b44f39b91e8ce2e679074a9821f7fbafd370d96b5337fa |
| SHA512 | 6c3195935632eefa803117ee3132fbf8ccbe1e356c0e78636523cfbf684dca812e47b373386b181a29bde682301deed76581bdaec1a86b046cb0cd34990e7e2b |
memory/1324-175-0x00007FF9D3E63000-0x00007FF9D3E65000-memory.dmp
memory/1324-176-0x000002628B9C0000-0x000002628B9D8000-memory.dmp
memory/1324-177-0x00000262A60E0000-0x00000262A62A2000-memory.dmp
memory/1324-178-0x00007FF9D3E60000-0x00007FF9D4921000-memory.dmp
memory/1324-179-0x00000262A6A20000-0x00000262A6F48000-memory.dmp
memory/1324-187-0x00007FF9D3E63000-0x00007FF9D3E65000-memory.dmp
memory/1324-188-0x00007FF9D3E60000-0x00007FF9D4921000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
| MD5 | 7687d54d1fadc000fa32e5be8ba5ed57 |
| SHA1 | 1a7949f6d63fa34d021dc3405ed00ea813e5418e |
| SHA256 | 7ef2ebf0dfd05275dce71e49aba341b75282d786b3ef9a95737ef72453ef803d |
| SHA512 | e44c6d9098d40a3d99a22ae1731d61221c2784bdd7452ab6303b2518c0adf29f24393fbbbe65deef4eaa9d4583652d593e392b06b94f871e651422473d3e7749 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 9e84ec7fc92672a9189da569ddb855a6 |
| SHA1 | aee1372d4e34884c1b1fcdacfe71f78e1f8015f2 |
| SHA256 | 4fd6843b252617caa26dc9fed14d066a8515c8a115fa5f01ef27809d45079b3e |
| SHA512 | a1eeea0cf85397cf13314724bda078682ac8bbd3f5ccf42c830c13c49d8c0a1feea7b21ef10b93a9d763d9cfdea8382314124238554d74e9249363820a74f4b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | ea8a9d3d3416fb7a89f5290193cd6703 |
| SHA1 | 59803de7e4bdba262922e0f0c661e50b3b8bcd6d |
| SHA256 | e29c34a0bf0d8d1d53957d97925b65393474504ffea2623a65b38e3dc437d2e5 |
| SHA512 | 3a6ce20498565162bf06ef1c2769153fc9c30ce7d4a68d1bcdd0c1093fe7e7c6a27f84e5c10f6c0c016be64855b3b60d0062e10ff8f98a038e802d393efa35ca |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\13447
| MD5 | 49fe3565df2ddd739c9dae532018f509 |
| SHA1 | 988f6afd991123a129168688f2fefc7c2ec3711b |
| SHA256 | dbb5937983aaac864b56d7c06e0262255abe7c5e7a6f1d998b34b3a2862d6fea |
| SHA512 | c38fd12035fe4601f24355416653e7b36996db54c143e1ee87d220ced3aed595ef6ea2bbc1107be3a980ae180cf2a9cfe1e7b26a02cdc422d2924377330140a3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
| MD5 | 8b566899eebeb9f5354b6e1ae681bc13 |
| SHA1 | 90a3c55e4a5533205efa6fe4f59d83c9bc4ca4c8 |
| SHA256 | a09ce14bcffb824590ba2d2516b35efc9efcd35ac22622bab801e60dee1461fe |
| SHA512 | a57c6aa3a63aed08a75d7cfe3f99097b1c35bbfb9e4e6958a783f8c3236d29a45e9ea3123c4d518895200425920e2357bc03ddb5ccd05c8176d0bdb1ea6c805d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | d57eeafd971591a6db54ff2e48ee13c4 |
| SHA1 | b737332f829edd0617b670a3efe5eeddb991ef01 |
| SHA256 | d0cb481c83bbda89d769405c897558e77f11fb6966fad1e2183e5f5c871104b3 |
| SHA512 | ccc9ed3a2ec31cc529e9fb8956bda0ac253f732e6c8e73b85f9fd3d31689d068b8a4a1180fc62d36537c9e363c3ea89aa76be23139d22df93ca7825f5fc56a90 |
memory/5396-2213-0x0000013E71920000-0x0000013E71921000-memory.dmp
memory/5396-2215-0x0000013E71920000-0x0000013E71921000-memory.dmp
memory/5396-2214-0x0000013E71920000-0x0000013E71921000-memory.dmp
memory/5396-2225-0x0000013E71920000-0x0000013E71921000-memory.dmp
memory/5396-2224-0x0000013E71920000-0x0000013E71921000-memory.dmp
memory/5396-2223-0x0000013E71920000-0x0000013E71921000-memory.dmp
memory/5396-2222-0x0000013E71920000-0x0000013E71921000-memory.dmp
memory/5396-2221-0x0000013E71920000-0x0000013E71921000-memory.dmp
memory/5396-2220-0x0000013E71920000-0x0000013E71921000-memory.dmp
memory/5396-2219-0x0000013E71920000-0x0000013E71921000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 18367616ed23406e91fb6d7114943558 |
| SHA1 | fa840f6d58cd3d211c50f5f7f9e41c5a3872d8d2 |
| SHA256 | 96062e078960d32b9a0a1e42f28700095206f0e3172106bc31c56936f228d010 |
| SHA512 | b2b6efca40b5581aeede1218f9d5cd65a02b835846dfaada708f837592d3bb2f674e6a951eaaf3e382b1b36a080f296b64238aef019b25896482a69fb018f31b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\thumbnails\8208676bc5011211b4cbfc4a14c4cd0a.png
| MD5 | 2864ef9386281c3ddd091ffe75d640f3 |
| SHA1 | 28d130ceaed292abc6f3e6b8c5e46fc543490d2b |
| SHA256 | db420e197fb702026e94857858da1b0591762651d184c8a48312a2573f85fda8 |
| SHA512 | 4143dd60f3f1a44ea6f636634bb7749fcf2a2e8a0969907051af3886bedeb745b2e3cc3a7b07d3c3f89a3b446962ba9fc089a47e8d39e5a855a1c1c50c8f3c08 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d2df871063591c9b69e92d0ab6a60536 |
| SHA1 | 37b445bb7b274d62b319417ff819f9cf6ee82b36 |
| SHA256 | 35361c6677132ea8a1a0e74770c130cee13fc69510fb0301dfed322f78ec429e |
| SHA512 | 8e0897150e6e03966d77a79b57dc2681eb28a8c28db3dc8dbb0141318b31e1dafe8a66a7c8aa1ef0fbdea5bcebe4b6318a835cba89c9c619f054f65ade1978fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bf9dc81fdcb211e2b10533edbb2d7eb0 |
| SHA1 | e5f972cbdad5220ebde564ea2d81ef3c316b8216 |
| SHA256 | 2044e383f7f4a392113979aad027bbb09034aa7a61f83017b810d0264c1452d0 |
| SHA512 | 24f8d97789f5efafc36c1cb7b9d028d1aaaf0a5a9dd62a6c0bd89af739b16a129815e12ed6a1935adc42776ee0f06f69c6fb55c983b2c328e802012422418969 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | cc8881259f97bfd9a0abaa8eab034244 |
| SHA1 | 6ddae829d51946049d844f3d952f283b9dfecc0f |
| SHA256 | 186fb9cd4f1c515fbe2c3cb292c27f9608ea11c7c34d6a9683738654488a97f6 |
| SHA512 | 1bdeee7b787306fa6f66370cf3e619d534b9b9bc9aaee5dd36e5f5fc950142453c58d9e5ac379c6df63dab3631e3ef8ba383cd75bb0f16a0e330911ac2eecbe5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
| MD5 | ec20be96bc90b490c6d0fa03964c94ec |
| SHA1 | 719d757844ae39c443dcb5dfb8845ba052e7e5b4 |
| SHA256 | 49bae5095e95fc0f0015ea7adf9701f7895c3a37716c8d218132183e8e5a267c |
| SHA512 | 1622c97b322fd9826b3fd6ce523f0944b143e3409425cd1c56f205ce6bce0ab3dbcd8cf5ef38df3e15a7b8a6f5763185f4a0d29324245a132b24c933e6c69d60 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 26999ff7b66ec8d7e2c41be127fb3757 |
| SHA1 | fd58928c85b40e9b25ea135c8a73ec2cfad7a1b6 |
| SHA256 | 6a4e2b9c2ae4d2d8c805bd65e21a3fd3a7313fe32a241fc495e1bef583e39443 |
| SHA512 | d3f2aa7ad24f6c59be48fd8835c3de80da131e31d5213630ee52026c8b054dca878e9a4a0c0e117b91163c2a46c784c925148d419d98daf48c96cad178771241 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ac9fecc893b11e5dfaf4ea82c9565cb2 |
| SHA1 | 7a5bac8e9ff487f9120de114cda12358798d6024 |
| SHA256 | 1fbad156ac6382ad4f21ade3e5d2423e0216238ac3595c6669a55ac2269e025f |
| SHA512 | ad6a318ed8f829ba8a2a39948e9cb396dd44fd2c01200cea136426794fed807fc0a7b1d43b98251b0fd621df78e0da8f909f50e78d97daa3e2beb2e2af2b24b2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 0460eb9ddc344d0b86fe84db3302a38e |
| SHA1 | 4efddde8979bfa785576af94a42920fd598b32d2 |
| SHA256 | 8e9ac41d3606bf6f230636e1776821e1c418f44cbc001ed4694eb857b43e1efe |
| SHA512 | abd09fc9f2a9de7170ee327849bfa4581cc96482fe3c4be492b864aa1069a7437d690a76c044fb9f70fbc2f3214aacb3c58ed62660450ff5d607d0477ee1ee93 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | ada30b1ee916c8625874211cb9dedf8d |
| SHA1 | 154683dd35e8efaa08ec5c2c8477141cf8f0ed64 |
| SHA256 | 846970cfafe9330802608ea0871ad29784cadc99f382d137965268be62609ceb |
| SHA512 | 53d748e8979c44da8ae0d4ca591182228911352cf0bea249f1feda8e39136ba3fcc1a3ad27046addd3bb6c3f5838f7b4d9f6965c4956c2b6dbfde0c5f130cc7c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\broadcast-listeners.json
| MD5 | 7ec431d0d45c662888ccc5a87c90897f |
| SHA1 | 7310699ea32f1de055f5a615ffb2221ac37f4056 |
| SHA256 | 52a2a1216b32323bcfcafe1165be0dd0e6377cdd63ce5e4d6a18a8557bd1121f |
| SHA512 | f1686973b2fb8a26d5dcb987ee643a7f1e1d7f6595f184b80f3e903359ff9574d9366e4f3484535a4fd8f6c6130b7993261a027fbf54f0849d9f65eb68bba983 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\xulstore.json
| MD5 | 1995825c748914809df775643764920f |
| SHA1 | 55c55d77bb712d2d831996344f0a1b3e0b7ff98a |
| SHA256 | 87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776 |
| SHA512 | c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json
| MD5 | b99cee309e9436d0796d471886e8ce8c |
| SHA1 | ad4b7a6785233c0c67b85af770cde8c66ac4590b |
| SHA256 | 03e19db8f3d1ede433e454fbdef1e47d5599362c84d5b7a41f44f7845d68b945 |
| SHA512 | 425a539a36322df805caf4c123bedbbe1dd8eae9a8f681bfb146cde75f3fcaca30658b15d917f3e731f503c4198451f98840074ec0a809a7d084e136863f8426 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\bookmarkbackups\bookmarks-2024-06-28_11_8isp+gHyP3QyHg7eXV012w==.jsonlz4
| MD5 | 4f250385aeaa84a357a344af5ad6354a |
| SHA1 | 4f1ca11ca083ed02b315c489223a20017a6ecbc4 |
| SHA256 | 1496d4f20935c304d2e661264713fb152b1558850d404b59353a09e7f830c264 |
| SHA512 | 16e9f6c632ecb3f96663d06f567445f294a0195a922e9e2105893550fba609767602cbaa87dd5380c5888274d7988b25e937335f58200e91db9cce6cc375c0e5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | 5c135b333f2bbb494bf055d9d1bf4c06 |
| SHA1 | f536de87cb2c30c02690f22411949a15eeaea089 |
| SHA256 | fa203a962108e5897fb57731d5ece1778a41f36e8c78431b7f6301f5934e4289 |
| SHA512 | b3d4efc7d17676f648809966f2bf83695380c52fe52567ce95a8e90f7fdbf44d2df245ec1ef9beca80c30691772be68bcef871eabe975c65bc0fd67e907802ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\extensions.json.tmp
| MD5 | f7016d8a2229e3f56d1e6d90b11654f8 |
| SHA1 | fd5b74a4a1c3da00e7489da745fc77af3f2b70dd |
| SHA256 | 3c2e04a2ecb5f25269a5a123019dbcb32be9131208a02b28e1222508871522be |
| SHA512 | 9f7a14a5f58230dccd61b1fd9583fb995d57b004aef7dfd2bd1778865b5fc60a0a6a0fd6b35f31992d7de41e69b915a252b8419b50bf4e4a8e5bc0e28fdcec65 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-28 10:43
Reported
2024-06-28 10:46
Platform
win7-20240508-en
Max time kernel
120s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dnlib.dll,#1
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-28 10:43
Reported
2024-06-28 10:46
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
148s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dnlib.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.246.116.51.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-28 10:43
Reported
2024-06-28 10:46
Platform
win7-20240221-en
Max time kernel
121s
Max time network
121s
Command Line
Signatures
Discord RAT
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2476 wrote to memory of 2320 | N/A | C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe | C:\Windows\system32\WerFault.exe |
| PID 2476 wrote to memory of 2320 | N/A | C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe | C:\Windows\system32\WerFault.exe |
| PID 2476 wrote to memory of 2320 | N/A | C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2476 -s 596
Network
Files
memory/2476-0-0x000007FEF5E63000-0x000007FEF5E64000-memory.dmp
memory/2476-1-0x000000013FBF0000-0x000000013FC08000-memory.dmp
memory/2476-2-0x000007FEF5E60000-0x000007FEF684C000-memory.dmp
memory/2476-3-0x000007FEF5E63000-0x000007FEF5E64000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-28 10:43
Reported
2024-06-28 10:46
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Discord RAT
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe
"C:\Users\Admin\AppData\Local\Temp\Release\Discord rat.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4032 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.178.10:443 | tcp | |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.133.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.98.74.40.in-addr.arpa | udp |
Files
memory/4596-0-0x00007FFFA5283000-0x00007FFFA5285000-memory.dmp
memory/4596-1-0x0000026DF1270000-0x0000026DF1288000-memory.dmp
memory/4596-2-0x0000026DF39C0000-0x0000026DF3B82000-memory.dmp
memory/4596-3-0x00007FFFA5280000-0x00007FFFA5D41000-memory.dmp
memory/4596-4-0x0000026DF4A70000-0x0000026DF4F98000-memory.dmp
memory/4596-5-0x00007FFFA5283000-0x00007FFFA5285000-memory.dmp
memory/4596-6-0x00007FFFA5280000-0x00007FFFA5D41000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-28 10:43
Reported
2024-06-28 10:46
Platform
win7-20240220-en
Max time kernel
120s
Max time network
122s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
Network
Files
memory/2184-0-0x0000000074D8E000-0x0000000074D8F000-memory.dmp
memory/2184-1-0x0000000000D30000-0x0000000000D38000-memory.dmp
memory/2184-2-0x0000000074D80000-0x000000007546E000-memory.dmp
memory/2184-3-0x0000000074D8E000-0x0000000074D8F000-memory.dmp
memory/2184-4-0x0000000074D80000-0x000000007546E000-memory.dmp