discordrat | 41112af8e2607ffffa2d3251374d36c2acd239e04012f4bd4b86d62b71061886

Resubmissions

13-07-2024 12:03

240713-n8hwzasbme 10

13-07-2024 12:03

13-07-2024 02:14

13-07-2024 02:06

13-07-2024 02:03

Analysis

max time kernel
243s
max time network
235s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13-07-2024 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

7acb83ea4e34507f021eb6d6141a8c9e
SHA1

058ae3035af017e16a1eeae3ca46b4e912420fb8
SHA256

41112af8e2607ffffa2d3251374d36c2acd239e04012f4bd4b86d62b71061886
SHA512

0b71cd12ac99eaa6d97a10386190355852227444c3765ced1bd3e50eeef8ab1c1319911cbf5a954aba1750154fc6356de6be8a9afd72b2b489424de7a8010196
SSDEEP

1536:K2WjO8XeEXF15P7v88wbjNrfxCXhRoKV6+V+3PIC:KZb5PDwbjNrmAE+/IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
https://discord.com/api/webhooks/1261501911916482582/DWfi1umSb2C2qMgkiBlA3CToo-Okuv-IDp-C5Sr28gd-eBo70-5l1Q0ASNbSY0fxONna
server_id
1261501863644368916

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
1848	Client-built.exe
5396	Client-built.exe
5520	Client-built.exe
348	Client-built(1).exe
3908	Client-built(1).exe
6072	Client-built(1).exe
1800	Client-built(1).exe
5380	Client-built(1).exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Client-built.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Client-built(1).exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeDebugPrivilege	512	Client-built.exe
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	1848	Client-built.exe
Token: SeDebugPrivilege	5396	Client-built.exe
Token: SeDebugPrivilege	5520	Client-built.exe
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	968	firefox.exe
Token: SeDebugPrivilege	348	Client-built(1).exe
Token: SeDebugPrivilege	3908	Client-built(1).exe
Token: SeDebugPrivilege	6072	Client-built(1).exe
Token: SeDebugPrivilege	1800	Client-built(1).exe
Token: SeDebugPrivilege	5380	Client-built(1).exe

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe
968	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 968	2176	firefox.exe	77
PID 2176 wrote to memory of 968	2176	firefox.exe	77
PID 2176 wrote to memory of 968	2176	firefox.exe	77
PID 2176 wrote to memory of 968	2176	firefox.exe	77
PID 2176 wrote to memory of 968	2176	firefox.exe	77
PID 2176 wrote to memory of 968	2176	firefox.exe	77
PID 2176 wrote to memory of 968	2176	firefox.exe	77
PID 2176 wrote to memory of 968	2176	firefox.exe	77
PID 2176 wrote to memory of 968	2176	firefox.exe	77
PID 2176 wrote to memory of 968	2176	firefox.exe	77
PID 2176 wrote to memory of 968	2176	firefox.exe	77
PID 968 wrote to memory of 1556	968	firefox.exe	78
PID 968 wrote to memory of 1556	968	firefox.exe	78
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 5072	968	firefox.exe	79
PID 968 wrote to memory of 2120	968	firefox.exe	80
PID 968 wrote to memory of 2120	968	firefox.exe	80
PID 968 wrote to memory of 2120	968	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:512

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.0.667003588\914545278" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {858254e9-6905-45c1-b6ac-4e18784eae8d} 968 "\\.\pipe\gecko-crash-server-pipe.968" 1764 1fc728d9458 gpu
    3⤵
    PID:1556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.1.437697793\1720799335" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94e00694-0ab9-4ba9-9869-a6a8082d0069} 968 "\\.\pipe\gecko-crash-server-pipe.968" 2120 1fc67872858 socket
    3⤵
    PID:5072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.2.665814561\2043895632" -childID 1 -isForBrowser -prefsHandle 2780 -prefMapHandle 2560 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9f00638-39fd-463f-9734-a31269b834e0} 968 "\\.\pipe\gecko-crash-server-pipe.968" 2708 1fc76b9a658 tab
    3⤵
    PID:2120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.3.204734304\206118625" -childID 2 -isForBrowser -prefsHandle 3536 -prefMapHandle 3532 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccc8b304-c4f8-4fed-ba67-d6e1a2622c65} 968 "\\.\pipe\gecko-crash-server-pipe.968" 3548 1fc751b6858 tab
    3⤵
    PID:4604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.4.1421974571\714835137" -childID 3 -isForBrowser -prefsHandle 4184 -prefMapHandle 3536 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3704c5c0-7908-41dc-9cdc-f726789fef57} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4196 1fc78ac7c58 tab
    3⤵
    PID:3760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.5.1894004380\1663562726" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4800 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b70d61fb-a844-4814-b626-b2a5d0bd032a} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4820 1fc79071a58 tab
    3⤵
    PID:2840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.6.586849899\748405824" -childID 5 -isForBrowser -prefsHandle 4976 -prefMapHandle 4980 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b230f6b-0af1-4dda-9d6a-8a90bf0d77df} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4968 1fc79073258 tab
    3⤵
    PID:2388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.7.1275309779\678211623" -childID 6 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28722eec-1b38-415a-8c43-572ec789819b} 968 "\\.\pipe\gecko-crash-server-pipe.968" 5168 1fc79072c58 tab
    3⤵
    PID:2736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="968.8.1564749420\1608853923" -childID 7 -isForBrowser -prefsHandle 4540 -prefMapHandle 2968 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50ab9c2d-0d22-4bf2-acbf-e61b80ab9c9a} 968 "\\.\pipe\gecko-crash-server-pipe.968" 4592 1fc7a566e58 tab
    3⤵
    PID:428
- - C:\Users\Admin\Downloads\Client-built.exe
    "C:\Users\Admin\Downloads\Client-built.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1848
- - C:\Users\Admin\Downloads\Client-built(1).exe
    "C:\Users\Admin\Downloads\Client-built(1).exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:348
- - C:\Users\Admin\Downloads\Client-built(1).exe
    "C:\Users\Admin\Downloads\Client-built(1).exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3908

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5396

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5520

C:\Users\Admin\Downloads\Client-built(1).exe
"C:\Users\Admin\Downloads\Client-built(1).exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6072

C:\Users\Admin\Downloads\Client-built(1).exe
"C:\Users\Admin\Downloads\Client-built(1).exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1800

C:\Users\Admin\Downloads\Client-built(1).exe
"C:\Users\Admin\Downloads\Client-built(1).exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\2718

Filesize
10KB

MD5
e2d6a25ad9a3f3f2ef14512d49d011eb

SHA1
322aca9d75648560305d547a2551fc71941d972a

SHA256
43c39e81a87090c3799ce48dccb12283ffc3c52ffda082e1f5680545219be18e

SHA512
c564a1ae48cb90ae90ac5c3ff698c62c2104550c9f5aaee2f01120a150c1bbee52f6cc66ec1c199f61c93c7f185006cc0d249c9d209770c2ac111435ccb1df5a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
ac2a48bc802a71a254a86fdbf4c05023

SHA1
e719a36c01c4670825dc77fe888b02e525ad5180

SHA256
a70685ebe7a64a3af73d4a6395000dfa602a8d39765d5178ecd9dda9ee71199b

SHA512
7d6f37eb876065c5f9d69372275038c08ff9545600403e59f4082dd5d82331dc23adf391f0eea9773a7b8f52cc4972a0e12876f0dae355d78e9aa053791cf850

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
8KB

MD5
a10aa53ee6f8ed111eaa9370b7f61a26

SHA1
10aebb09e7cfc4a57e6e7bc77e8b51f6d8abde95

SHA256
aaf5a2cd19803c5d90f8fb7a0f7da44e5435297de728b539b875603611d60311

SHA512
4c349affe1d4c5c52801fb6cc2b3f52012e3187ca7296c643902d7c2b1d32a60441ed1b9399cd038eba2af57501a052e58a2d84d15e62648106705a6d1f59b2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\ac042a5f-b148-4595-8ad0-4360650c2d7c

Filesize
734B

MD5
a3d83b3238b5dfd28e0096de4d0d6c69

SHA1
e037adc92c8c43922489974950ab55a9b28ae017

SHA256
10bf2affa3dca393a3784bf9a0732560e595a74421b5957befd11cdaac83f49b

SHA512
398b8390ebccd053dcf8f7a9507a5fcb84a22b396128d891b1df51ec55aef9458c4b7c1ba0b4a6a8ca5ae2e25e174907c8fd4198d1382c74a8cf0de000a2c200

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
8KB

MD5
cf9ae4562518ee0ad9dc258918a875be

SHA1
9e0820b4b4e9a45bcc6ff09f7ab1a6c29ffc0f0a

SHA256
d65b601ae091e1b427a82e3f45bf92a9a1a4d872763d50eb7a96ac4ae9d86a93

SHA512
e715b88bcee98309046a6a1e74915dc750409d3597aa1fe9cf5229efcf062c9157bb2398a2629e5897772fcfd261d8a7b4f4a5ff4ee9dc312652cf8ee1039c5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
ea03fcf345855da298178974d62cce5e

SHA1
9693b7d8af4cc13fcdbd43b90e80454cd3b8362a

SHA256
78e89806d1166e6c49d32a12281e4f9e4d5bd66fd09e0c87f79b831162b1a25f

SHA512
176747df09208ec31fc2293debe134a43fe2ffbba1e26b6ea2223522d2c330e5c8a001de8c1b739a94bb379d985a9ed573a82dd3df8291b6db0faebefc80a608

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
4a5d31ad6244e280ae470468116f33dc

SHA1
d8d3622130852b021e919e6d54f5ec6fc4ecf4dd

SHA256
b7e5cb6bc62981e7d5851af827e54cd064b4d0b18e89ff36d1abe15e4008af7a

SHA512
b72d86d2573df904edf325e180c71a78a8e115a9f950f533f74f153c5e73e6b426680c220af1c9aae682a2a23ff1b1cf8250a9dbd9fdd23f3dd7349ee280cba5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
0cfd57eedda41941fe30cd100184395c

SHA1
1ba71cf1536c902a9bf15690745b93fce9ba3a15

SHA256
a5892d55dee1fbcb93df04ca38be7ccf1b1e60281106edfdf8358aefb873c5cf

SHA512
475156c0b3039e556888a3d863365474075527f2ee8ab31ba6bc4aa3e93e511752c198bccc42d66bebcde2564751fa2bb3e36ee19841b3a051c228b6d95fada2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
a0593b8b2cd7415ffd4aafc2fba9cbc1

SHA1
f36f2e6ca8a702b079fdfd91103ae27e0b1d95c2

SHA256
2039c53949f16a736c7c0970e01138657b3a66ba479c2654e2e65fc17b5e7b96

SHA512
45c00e53a51c6a8f47c48d2a66d7f93b808329e2a45afb80263ceb42a9448d0f987d847429d18fae3f836d52868e0fa72396de08c20666ca969b3417925cd55d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
0800bfd1bbbcad5674f6068c1ddaf805

SHA1
e353e48eccf7e8bb7d4b1e4db70743686ff1ff21

SHA256
c0ed9e2ba90937d97a05ab153f63ffa28c1f6f12ab7d0004beab0bbb7438ad1f

SHA512
a0f6ae3a148beb5eb74688eebb5d98fd1a9646545da1887e6592ac38ad5f174b63d4801849ec2b6c9062f0702c92287fbad9161e9ff86d6d967f264f16988fbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
f922e4f715041a32cf5a3dbf9bd405ed

SHA1
899b936ef6ac7c94f788d533b66eeee2250aa880

SHA256
895d54d726adf5b003add281edff73bf77a8e9ec6e14029795795b6a1e74d344

SHA512
300d66d2cf9422b5a4a0b941da59e778910651c18ef9bc11ab94fddf3e718b044967852f2e3a215e660242200cd1bda9a810c9d10e59cdfadf7c7459d64d9a62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a9499754fb7a2bcdc853b8b0425de829

SHA1
dd48d0cf1951d81453c45fe7e39236fc4d51768b

SHA256
96f925acfca63484704b7c7b653ccdbf20f4ac7ea29e5d9a50647e648fcaa715

SHA512
3d9d7d492700b37ba0807b3745d9fcfdb9986310bab1010c44ff3b8df18b3a86b2b432bafe2d618fd54a248da926147cb5c6e876310afee6e5f8aaeb575a37f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
45695a78587cc6e2937b6325bec2c00d

SHA1
60168fa50604adf5740d463427f92684c1cfc6b3

SHA256
f5d691e0701aeb7efc84ae18a8af8b2f626c1e2a9ae78c60ee95f9f8dd703790

SHA512
4c80811bfb3e9b4d75d22d634e191ff6875f305f45a679222839851b4ac286140d156e70d7b95e6e352b20e20da06dc18795f4b957134750c34423a804fe2842

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.6MB

MD5
81444b68a8ac98153ca7273e8d880344

SHA1
0414a43a93bc067885565ed6f63c0600f8ed8bc2

SHA256
33941841fb54358446edae813e2769cbaebd2ee8f1ff3d06a033bc8a4b38d8dc

SHA512
9f0cedd8696647991ab161b9be462dcf4cf8f30c1b079c5138b52719af05dd4923dce2c5f3e2f6d480b433941c001cea3942aca8f8b32b482a89d9913b0dd06e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
3018d1aad8385b734068dbad441e344e

SHA1
2a3925bc92ec843db64b6db2cd6fe18ccf084a86

SHA256
f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88

SHA512
7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0

Download Submit
C:\Users\Admin\Downloads\Client-built(1).D5T98Fgy.exe.part

Filesize
4KB

MD5
4de28cef69cafd0798cdbb7761a5729d

SHA1
e64370649c47224c6b24831868d88223e691b8cc

SHA256
9cda46e983f63dc69213424d81c043280d0fab1c6fc8557e73325e0dfa8dba2f

SHA512
8829b03c6b5ed4656b3c23fb27c66e54221f3d4e16f324596e549774bdcd80b475eba6cdae760f7f527d18b4237b40bc4588588c720ce04281976516fc36b280

Download Submit
C:\Users\Admin\Downloads\Client-built(1).exe

Filesize
78KB

MD5
a033d718d772e2eef2528f700a1574f5

SHA1
546110ce2ec74868b3487953868bfb9a68ebda72

SHA256
d435cb5773073721204a0dab20aa488b5f3f97ad53e9efbb1f2627f836946490

SHA512
da064f1986bf314915ff4124080b26af2be64e5d659cfa028c2a426fd8491592d39f99d21c9a999b1d863b66a826cfe9377ad476138ee703fd12499d5e92dfdc

Download Submit
C:\Users\Admin\Downloads\Client-built.It53es9d.exe.part

Filesize
4KB

MD5
4420300013b1f12d955950692b7d91f7

SHA1
62174120b81dcbf7c4a19489b6807c1cb2663a8b

SHA256
cec57bc9895b57e3451c9d9d4e39dd4b5d189e0efedba3fff7292ae46604a985

SHA512
a699f91204c2fce800ac5c5526665e2fc6286e8e4760f2622b9d97a4e31e50712bca5c2d994dba10a5fff87210a74c3433a7545768070b0ea2978776d20701ea

Download Submit
C:\Users\Admin\Downloads\Client-built.exe

Filesize
78KB

MD5
7acb83ea4e34507f021eb6d6141a8c9e

SHA1
058ae3035af017e16a1eeae3ca46b4e912420fb8

SHA256
41112af8e2607ffffa2d3251374d36c2acd239e04012f4bd4b86d62b71061886

SHA512
0b71cd12ac99eaa6d97a10386190355852227444c3765ced1bd3e50eeef8ab1c1319911cbf5a954aba1750154fc6356de6be8a9afd72b2b489424de7a8010196

Download Submit
memory/348-2309-0x00000220A5F30000-0x00000220A5F48000-memory.dmp

Filesize
96KB

Download
memory/512-0-0x00007FFE943D3000-0x00007FFE943D4000-memory.dmp

Filesize
4KB

Download
memory/512-3-0x00007FFE943D0000-0x00007FFE94DBC000-memory.dmp

Filesize
9.9MB

Download
memory/512-2-0x000001DDC6930000-0x000001DDC6AF2000-memory.dmp

Filesize
1.8MB

Download
memory/512-4-0x000001DDC7030000-0x000001DDC7556000-memory.dmp

Filesize
5.1MB

Download
memory/512-1-0x000001DDAC290000-0x000001DDAC2A8000-memory.dmp

Filesize
96KB

Download
memory/512-94-0x00007FFE943D0000-0x00007FFE94DBC000-memory.dmp

Filesize
9.9MB

Download
memory/1848-192-0x00007FFE943D0000-0x00007FFE94DBC000-memory.dmp

Filesize
9.9MB

Download
memory/1848-208-0x00007FFE943D0000-0x00007FFE94DBC000-memory.dmp

Filesize
9.9MB

Download
memory/1848-207-0x00007FFE943D0000-0x00007FFE94DBC000-memory.dmp

Filesize
9.9MB

Download
memory/1848-193-0x00007FFE943D0000-0x00007FFE94DBC000-memory.dmp

Filesize
9.9MB

Download