discordrat | hxxps://github[.]com/vigilantebug/Discord-Multi-Tool

Analysis

max time kernel
181s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/vigilantebug/Discord-Multi-Tool

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTEzMDA5NTMzMDkyNzU5MTQ2Ng.GM2NMq.h-uR6TCk4syeUH6rUu2yOgLIgeYRKEIQl-R7lg
server_id
1130097408127275059

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Discord-Multi-Tool-main.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Discord-Multi-Tool-main(1).zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5748	chrome.exe
5748	chrome.exe
6708	chrome.exe
6708	chrome.exe
6708	chrome.exe
6708	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe
Token: SeShutdownPrivilege	5748	chrome.exe
Token: SeCreatePagefilePrivilege	5748	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5084	firefox.exe
5748	chrome.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5748	chrome.exe
5084	firefox.exe
5748	chrome.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5748	chrome.exe
5084	firefox.exe
5084	firefox.exe
5748	chrome.exe
5084	firefox.exe
5748	chrome.exe
5084	firefox.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5748	chrome.exe
5084	firefox.exe
5748	chrome.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5748	chrome.exe
5084	firefox.exe
5084	firefox.exe
5748	chrome.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5748	chrome.exe
5084	firefox.exe
5748	chrome.exe
5084	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 5084	1744	firefox.exe	92
PID 1744 wrote to memory of 5084	1744	firefox.exe	92
PID 1744 wrote to memory of 5084	1744	firefox.exe	92
PID 1744 wrote to memory of 5084	1744	firefox.exe	92
PID 1744 wrote to memory of 5084	1744	firefox.exe	92
PID 1744 wrote to memory of 5084	1744	firefox.exe	92
PID 1744 wrote to memory of 5084	1744	firefox.exe	92
PID 1744 wrote to memory of 5084	1744	firefox.exe	92
PID 1744 wrote to memory of 5084	1744	firefox.exe	92
PID 1744 wrote to memory of 5084	1744	firefox.exe	92
PID 1744 wrote to memory of 5084	1744	firefox.exe	92
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2328	5084	firefox.exe	93
PID 5084 wrote to memory of 2440	5084	firefox.exe	94
PID 5084 wrote to memory of 2440	5084	firefox.exe	94
PID 5084 wrote to memory of 2440	5084	firefox.exe	94
PID 5084 wrote to memory of 2440	5084	firefox.exe	94
PID 5084 wrote to memory of 2440	5084	firefox.exe	94
PID 5084 wrote to memory of 2440	5084	firefox.exe	94
PID 5084 wrote to memory of 2440	5084	firefox.exe	94
PID 5084 wrote to memory of 2440	5084	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/vigilantebug/Discord-Multi-Tool"
1⤵
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/vigilantebug/Discord-Multi-Tool
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2fbef65-0200-46b8-844f-1f4c0cedc78c} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" gpu
    3⤵
    PID:2328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2416 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b57b6862-478a-4cb9-9cb6-4cab3ed5fa1b} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" socket
    3⤵
    PID:2440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 2944 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f56bf88d-0dfb-423f-aad1-9124cf69475b} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:2180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3860 -childID 2 -isForBrowser -prefsHandle 3852 -prefMapHandle 3848 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cdca996-308f-4585-b075-7804795ceaca} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:4060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4664 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4656 -prefMapHandle 4640 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40ea91d6-214b-4035-8c98-1da03269088b} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" utility
    3⤵
    - Checks processor information in registry
    PID:5264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4980 -childID 3 -isForBrowser -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b800f7d8-20a6-48cd-a81c-94ec5bdbbd06} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:5480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5012 -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31870f1c-c872-48da-b22e-9137a0e28db8} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:5496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 5 -isForBrowser -prefsHandle 4988 -prefMapHandle 5320 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95018be7-2d86-4e46-8bf4-238473d8533c} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" tab
    3⤵
    PID:5516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3928,i,4356837537417149674,16553092232944545509,262144 --variations-seed-version --mojo-platform-channel-handle=3676 /prefetch:8
1⤵
PID:5136

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffac4c3cc40,0x7ffac4c3cc4c,0x7ffac4c3cc58
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,8363226737528092516,17772441203895036456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,8363226737528092516,17772441203895036456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,8363226737528092516,17772441203895036456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2356 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,8363226737528092516,17772441203895036456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,8363226737528092516,17772441203895036456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4520,i,8363226737528092516,17772441203895036456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4408,i,8363226737528092516,17772441203895036456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3712 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4632,i,8363226737528092516,17772441203895036456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,8363226737528092516,17772441203895036456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4636,i,8363226737528092516,17772441203895036456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3640,i,8363226737528092516,17772441203895036456,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6708

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6056

C:\Users\Admin\Desktop\DiscordMultiTool.exe
"C:\Users\Admin\Desktop\DiscordMultiTool.exe"
1⤵
PID:6948

C:\Users\Admin\Desktop\DiscordMultiTool.exe
"C:\Users\Admin\Desktop\DiscordMultiTool.exe"
1⤵
PID:6156

C:\Users\Admin\Desktop\DiscordMultiTool.exe
"C:\Users\Admin\Desktop\DiscordMultiTool.exe"
1⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Temp1_DiscordMultiTools.zip\DiscordMultiTool.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_DiscordMultiTools.zip\DiscordMultiTool.exe"
1⤵
PID:6776

C:\Users\Admin\Desktop\h\DiscordMultiTool.exe
"C:\Users\Admin\Desktop\h\DiscordMultiTool.exe"
1⤵
PID:5072

C:\Users\Admin\Desktop\h\DiscordMultiTool.exe
"C:\Users\Admin\Desktop\h\DiscordMultiTool.exe"
1⤵
PID:6072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bc191ce437331e8a8beb4d853c843166

SHA1
909d50b8ec9dd4c876a70ed41212a2149af51559

SHA256
89a48ca5a090e236b3ffbc221934d83a58289d6561a6d1ab549583505cbbad53

SHA512
8fcabe2830c60dc9fea852730fc48b0c96955b3a7002eeeef61d3e988ef2190105eb2e53826895f1ad563ad41c5e66cba3a5c2fd1b2f6b743af3017dbd244199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
59b227a78b96a0bab3ae5d907270914a

SHA1
52abce57e25ba2e7d4c6d3bd4f152528d21d5b9f

SHA256
0c396127a489f5f39c83dedf7a874eb801a06f0097b9808e908ffefd41523a5d

SHA512
70734f40a4496d02758c3eee89c5a083e890b411000ed66ab6c2b54f9bf0cbc35efac8a52df7d678de85622f5447ef54d6f4b761576a3330f4d85a73d67cecc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b407ffcff1db4060cd8627fccd2003d

SHA1
4f79261befef60f87e994c34fd38e9bf57a7eba8

SHA256
82c5d9bc4032c8fc5ebd62e005f91aad0d498f2fa5dbdb13b50e8cb83f51246f

SHA512
b5de2a58085b0999d6bb0fb78619974368dba22df4a362269491c76067b127991fefe8451b6d0cce466404052edf9f228bfa022b8d7a87110814b82cc5d345f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6de00ba4bd33bc19e44c05118b0bb6d

SHA1
175f50a336b0da0e1cb0df612bcc8d20e4b734c8

SHA256
babae72d39458f5ff56c09cede10a5bf8f992fc0ad7437fab56bee824eb1d5fb

SHA512
91a54404d5acf10e2bf86ac72bdd087b1bfdbb8f8ed474ef70ac6e80b78e04d051ecfbe8f48412088e053690be0b4f8e2756bf901579d84c0880cb36d6571c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
50b537596e11f75fe588958263ccae3e

SHA1
96c514c5755d88271a09e66f9d9ae356ddae9068

SHA256
fc34ad09c25f146da82c1d59f172f72f48560f94bfa6df7cf75bb5ada8c38c9e

SHA512
df90952cf86101bffa21999a20f8cdbed53c98ccbc9364557a12cffe4b5e46a1a37f1d0bc26394b488d0129553aca454874beb8cd9385716324cadbbc65f1bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26a66a4b9d464c25002072ebbd9a840c

SHA1
4e51b70cc237a7503268c7a7e2236d9c1288a17c

SHA256
74b2ad00ffb4d93eb4c467ec04be83392fd53821160a232fbd0fe8711eb00d9f

SHA512
e0012738a126fe7b7cb70a10d4a177e9040ddc7b8d5de4795f0793acaabd17d4e3734cd650f653affdb85c28b136d693a5aed389a72bc43315721ce98a6edf60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d5b5b9e7a8fa7e225281521bfd62697d

SHA1
5945772b87780c5dcb370d19fdd8216099ca1e08

SHA256
64e2d05b91d9c7e330fb2ad2adefba044d074241a5d1e9ad6758569f5b73d509

SHA512
b45713fd51416e8abf0ec13eb64098ecdbe5b81fd94e6db37674866017c1499e823a0b2b22e17fb851009c36ef49c85d5097dffca2edbec65bc51f7d79ecb7bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd5a20b5054ea24399b2e76b9ef1a0ad

SHA1
c3115afeebafb67b8f1af202cffe37264a47a3cc

SHA256
f578d7e8173453be1a1b69c5350aec0f45fb6110c7b002015c27aba502feca3f

SHA512
bcf1329b3391e940b55120c6d61958042eb911412602a1f384ba3030dadc9e1078caffd6eddb75563459d016efbc954f68c7f8bd0c404d702261340f532d2eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e59a435082b8a00c5a75e7eac7f3cd32

SHA1
d837167629de01fbb8bbe47212a6a1e2de23dbfb

SHA256
8e252af81c776bbc47f6585325d92d18de4b848f845c247389e2e54d461b443e

SHA512
98d580613a1a7bc9b665e25eea8e11f749349071f06aee279dd2703e97f2a5b8a3096f098f1fdae47d181cc5687934a51a9bc30a8c3f463cc4c272da1ca54404

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa670288e8d0ea3ac1c7860f9f9290b7

SHA1
d8b0c6aa827556fe0e45e73f7e6cb3faeff5a96f

SHA256
deb50de5e974cc4633c6ad9a801d9e9217f26d28e623a3258703ddedca78c45a

SHA512
c2b3799ea23df8849830ca80aa489784d0cd55971832b70db3fe4c8c14b36c4cbd06872d87a912fc67017149da93abe7d9aae1aa7194be2d9bf0a43f65de6054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8fb069b821f03652f411e04326aec7f0

SHA1
e98dacd93bea24bd07f03bff723791d3d0980457

SHA256
e96062d2787a037ef6dcf233b3b38abc4718c37c742770096d43d5c7b6573b02

SHA512
9e1f05d6180a1e4495767278b4f383a52a341a2eeeb31d68127ab3ed08829f322ad6756e56a4f78bef70425be5a6c7cfee3d868b27220fe3238753ad08b70a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8ec3fcc7d4fd7b5b11ead400f2164b2

SHA1
6c96474df674e2347fc7f5fb21851c9d6acbc598

SHA256
2d8de56827f6c99931cff31be5b3199d7e94601102345a3c389efa6ceae52c25

SHA512
242267b41c91088ab2a59b2a0dfb1724ad70444ffeb4bde342c7d1377d9e982aa6956bb2110e86e1d924a90739086afe1ad2dd1ab7252b9d685c8ab619d9349c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
86ec760c6893c31a2a11489cd721c6da

SHA1
9b021af9a9da4ac105280e7a2d7b703bada8df5b

SHA256
2df037b05a9671551bf7f322db75dd3ec26900e9629e2d1eaee6e56697f56146

SHA512
dde050ea086d4f4c45fbdab3fb28e555f038ea4a2592ae0fe13ae4816928810c40ced7720578fabda13cc0db36e8a8273000d103e0b0215cd9b164972779160e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f509790a88c0b1cf773a6ea4e73196b6

SHA1
2ab73ba2f7302facdfea346e451de34ce71ab8ac

SHA256
eb593a12e8a367e9913ffe3eeae3fdbf4d0162dc630fee37e42e59a37cb3ad6b

SHA512
1afc43227f3d839e85993286ff14a1e038ade4a51f5f823cc95aafeef0b36cce3172108b0824fed0c6a8b0d4e669a9c92ec04ea5973fd2f449b97136499a4d05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
6KB

MD5
65c5e28376e49ba0c5e8118f958afe10

SHA1
c44e4d3a0a2b5842f063f39fda38c8421ea02b5b

SHA256
1ef5d26e25c24a381da4b49c063a6c96e3bc17528bee8c690829bc8f11d923b0

SHA512
e04fad135b50408ab0e52c8d3fcf02ed7e9cda60c705d03d20014ffd5f9c66f1b1c7bdcb6e7892997cf957ee28006266de801c1f02908cc5142ccb09b50e4277

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
8KB

MD5
5a6d934809a9c9f1b949ccdbb2e2754f

SHA1
3f82f7034896dd31d2dfb91a6de052483d1e5ff5

SHA256
df1eb269ae04dac26e8da8a5c781ab11b9e6b843b7d7c1b892415f4c1ba6f255

SHA512
1d94200f2dfb9c6bba3b5f5db2ceafe381a85ff551c75968e20380c4ec42da774c166497024b672d01190ecec298d8e42aade709563a1265637400b6cb9adb6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5ba47c13ebe43ccbb62d619e24a11357

SHA1
d61ff5a500ccfd7c4890a11f62baaa9484463367

SHA256
d09ff33497b4e0d2f73ed7f191feee57aeef2b4b2a579b7af2b7fe8c690b5189

SHA512
2e7cc8ec3388e22c965d4f596897d35f25168195e44b64ed3b586a4e192bcfe6da6af87beddebeb9a5d1c862c5790a6aee1b8826f88812a4f9aa8b7f22974391

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
2eae78e814b9844aca55e3c3fd04ade5

SHA1
5f97b39f2b9c6022de523a66608ef9e9a2020127

SHA256
d4fe34426b8db6ede55f1cbd6116ecbb8043830600d068cdba88fb164921fa92

SHA512
f93f35efe27d21907b5f6dd11ff2df46642dc727ab2ecf42985cf242f46a5adff535ee7fb0c2eeba967fdb3652c794a04e1468a269b27cd6756ead30346946e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\3b879303-3cc0-4cce-ad84-16f82c0062e3

Filesize
982B

MD5
cdd2f68fc4287488844983f1cc311d66

SHA1
9a2437b76939eeaa6d5996c7ac262c428e6f6c9c

SHA256
9f5e4a22efd57588ab4556e552b3d96ec8174a57a94da5cd4840912385672d10

SHA512
44a91d2595dcf80d75469271fcfa1f058757d44a868a4fa1e6f7235c4f2b4da86915353010d550bb017252cca14883de80a641087e669739c37a4be83eb1a02b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\9de82ca6-44df-411c-a532-6fb9bc7fd850

Filesize
27KB

MD5
547e57c1d5d366473c16e61cd8f0b722

SHA1
19e6d6cd1305326396b7b448d0fc219c374c055f

SHA256
485cf75c5d2c8779c709dc7316121479fc0a9d698f4b910963c2e88db5e383c4

SHA512
e54d5c2ee2457fe3a50d3716a782b29524b4196efb0dfc4b5595e1f7b069091bd92259463e772beaf6b28167289a4a387aac7b17f4d2ca27befac76e3b8a7a95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\e95a8842-b3ac-4c18-a184-aad28270e1e5

Filesize
671B

MD5
7294c8ec61b788fc486c9edfdb4dddee

SHA1
c60e68983a8c02341e0f889f30a8d451db922653

SHA256
b8ed83b8531ae9bb4e36271d19d3a9d2a6085e3d374c8c180da78dcdb16907bd

SHA512
a422f6ff97b4ed855a51a6b1224274aa15036992109a17f4c0b82991da1b03d4d0d8e6c4badaa6de28f88e1aabce84e073121c0a16b9656c7aeec20f894e3221

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
61674fa6a0d4261bd82b68ef96c2a948

SHA1
7589ac4a45b7469f41ec550d8a5b333e8c0f848b

SHA256
60f1a271c7858a042eadfa10965c395c2b1f58823f6d0e506fb7ba035c536a76

SHA512
f1da7116ed12a242dd521b18bdc8af97f893764913b418a0ba83db82b57c4650367873326e3165f7460ce217f1357c2539dc23d53964861e5a7ef6c3eee14f12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
6d4a4045a79b31715e9e2b63f804e5a4

SHA1
fd9dba4159702922854e447027046d1a4490fa58

SHA256
04098a7d109e8f6c6011e2ebb4d721a6df4a271c1cbf9d24673653a960d9308f

SHA512
3f96f8b7c1e19e5b2544afd7dc54ec80814a9476d9456f160125564ef5aaafd184c1efc76ce274787eb66a7f3659e70da4df06a11d9550a0ad5fbdf723e17fbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
10KB

MD5
621413d796d6f067f4a4a7bdc1dc6e58

SHA1
8e9e6fbb455bd706c86ca2f6efc4a68b693abe6c

SHA256
645e85f54b225a9d51e24c01d679165a71c199878b76dbe346b5f6df983eb8cf

SHA512
867693d310a13131ab6ef5aee6c43aeddf240fdd79a4bbdf59d969c10034e9c501f1ac3501ff7f004b568bcf7b7ff6b774e8f1d200d0123a55ec1334283611fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
e6b63d12dea6b52d72b2f2a912315343

SHA1
2705a377a3aeec28f35fa31b89485e3f3d2e456e

SHA256
d3b240c19f19256db18ca6b7980e2f47ab8dd6d3eabf04ad836b0d0e985a8719

SHA512
ac7922af6bd1cd407c1d0ec66ddcc8c891c9758385104198e49e76521f0a704d4e0c9df80e01e398f55cc570c3b923073d19735f21ee0c4c52bb5ba0448beeff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
10KB

MD5
4317136bf109e08db2016516e9645719

SHA1
22dc16e4e48b37d36507cf9ee68a8bd88d5fe3c5

SHA256
0107a95b7eadfd1c535bb9895288f922cc99323434f6f221ec505a9b6bae7c52

SHA512
c8472b051cecb8354a5c612d73b8556ccb13e919d741c4c4c86cef18d192debd8fa39835835d59b28060eef077430f738083ef6694d7592251e92e99bdf36cbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
10KB

MD5
0f88371c90b98249755bf9630d16d6ce

SHA1
7d30aa0705566c4b3cd710ed02b1c2a8eddb97de

SHA256
847c824c656bfbf9636c92b39e1512779601a554d64eb3b863a26d5363fb93f2

SHA512
d9faa4342c8fe12eeab643763b5e64c4fb9ff47c241e84c18da8111c0d4ccaad92aadfdf528dd185934a92b3cea619ceda8a16502418ac71647cfd3af6c3ffb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
72e0eb7d1976f270119c797743cea925

SHA1
d2b7cd014672f45aabfd5c951e8ae5fc8b269e93

SHA256
477e2f1b61434c9b362021e5c8c0bc5dba61816562ce93b98da18e314163dee0

SHA512
4fcd5401d9912db9d653d6cc8a1f9e78596c10ac1eefa7fef5b1b48bd77d1a891932832b5d6a028acc3e2c526eab7d3fa3f06ec9816963ccc351afa6ae491dc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
a61be714c32e0951298a09dd0ae4abfa

SHA1
838b05cb64d8ef36d6d0c3112810a0fad166f956

SHA256
9defbc85ccb186ccf6f64aeb69d5cd832a8e903c0e8f503adc2a26c98192791c

SHA512
f4bd8a0387e0d6679b27813b4b610c1f4ea07fbc54bfe1157b89dd425474ac470315d65cf780e0670f74c2d7786c8be442cdeb9ecfdb6dae7430bb047add5f3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
b4869e06a50030d9cb84cfb41f794540

SHA1
c6c155e0a27e2270b880a6a5ae37bb5f32023d43

SHA256
c454d6c336618847589ccfc959093a8ae7fa7212a7f8e84b0fb25b50ac542af5

SHA512
502b16ccebce5f7d71cbecf6d2205df98a035aac326a62460ee5478af4ca8dbe37fbd06b74fffc0a5c585f61cddf2a7332224043ee8f59ced75c4166dec87f83

Download Submit
C:\Users\Admin\Downloads\Discord-Multi-Tool-main.IaCgiUMb.zip.part

Filesize
32KB

MD5
f611b2af2a1bb0e211b6cd081d496e4a

SHA1
1af434722e1fe602e3edfdcfd04dfd1f08172905

SHA256
006b4b41465d0610fafe1ddb994059af5d39727f19b4a1833b23fa14e511b074

SHA512
83830e55dbbca84b4ad40bf72afc8a126adef2f22ca8ff33fec3592c0f9ceac5cc00ab7879141cc556d97f92d834aa288995de4089f9008a9b02d16a5e7d25f1

Download Submit
memory/6156-759-0x00007FFABEB00000-0x00007FFABF5C1000-memory.dmp

Filesize
10.8MB

Download
memory/6156-749-0x00007FFABEB00000-0x00007FFABF5C1000-memory.dmp

Filesize
10.8MB

Download
memory/6948-748-0x00007FFABEB00000-0x00007FFABF5C1000-memory.dmp

Filesize
10.8MB

Download
memory/6948-747-0x00007FFABEB03000-0x00007FFABEB05000-memory.dmp

Filesize
8KB

Download
memory/6948-728-0x0000018E59FE0000-0x0000018E5A508000-memory.dmp

Filesize
5.2MB

Download
memory/6948-727-0x00007FFABEB00000-0x00007FFABF5C1000-memory.dmp

Filesize
10.8MB

Download
memory/6948-726-0x0000018E597E0000-0x0000018E599A2000-memory.dmp

Filesize
1.8MB

Download
memory/6948-725-0x0000018E3F110000-0x0000018E3F128000-memory.dmp

Filesize
96KB

Download
memory/6948-724-0x00007FFABEB03000-0x00007FFABEB05000-memory.dmp

Filesize
8KB

Download