discordrat | 469c9b6ce975396ce94750700d0c217ed3b7b9d80ab45bb91740b659b2b2a741

Analysis

max time kernel
139s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
28-09-2024 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nuevo documento de texto (2).py
Size

64KB
MD5

7eb5ecd8621295fbcc72491f42c3092b
SHA1

9f86ec4a77564f87b9b9aad8f4e5946daf782a78
SHA256

469c9b6ce975396ce94750700d0c217ed3b7b9d80ab45bb91740b659b2b2a741
SHA512

da39a920b2643b631603d80c972fcaff47e98ebfe8a59ac81c8ed5f8dd4370629e8405305dc10e24d21403e6a90454da4cff9ad8bfd2150580c4e99c7a97c74f
SSDEEP

768:WV5yDADDjyfRixoITvKQg4BvJ4BfKvnrpjAWoa94sRc5f1Ir6YIKIkEtYnOfXcWx:WVIAvj0R4vKQ3jJgsDHg4OftV2NE9F

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI2OTg1MTgzMTc0NDU5Mzk5Mg.GR0WTi.6wJSWraeR-Rzl_I7fZ7aGCVXpAfAzHPpj4n9qM
server_id
976996222277672961

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 1 IoCs

pid	Process
1732	Client-built.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\release.zip:Zone.Identifier	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2084	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	760	firefox.exe
Token: SeDebugPrivilege	760	firefox.exe
Token: SeDebugPrivilege	760	firefox.exe
Token: SeDebugPrivilege	760	firefox.exe
Token: SeDebugPrivilege	760	firefox.exe
Token: SeDebugPrivilege	760	firefox.exe
Token: SeDebugPrivilege	1732	Client-built.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
2084	OpenWith.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe
760	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 628	2084	OpenWith.exe	81
PID 2084 wrote to memory of 628	2084	OpenWith.exe	81
PID 628 wrote to memory of 760	628	firefox.exe	84
PID 628 wrote to memory of 760	628	firefox.exe	84
PID 628 wrote to memory of 760	628	firefox.exe	84
PID 628 wrote to memory of 760	628	firefox.exe	84
PID 628 wrote to memory of 760	628	firefox.exe	84
PID 628 wrote to memory of 760	628	firefox.exe	84
PID 628 wrote to memory of 760	628	firefox.exe	84
PID 628 wrote to memory of 760	628	firefox.exe	84
PID 628 wrote to memory of 760	628	firefox.exe	84
PID 628 wrote to memory of 760	628	firefox.exe	84
PID 628 wrote to memory of 760	628	firefox.exe	84
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 2412	760	firefox.exe	85
PID 760 wrote to memory of 5012	760	firefox.exe	86
PID 760 wrote to memory of 5012	760	firefox.exe	86
PID 760 wrote to memory of 5012	760	firefox.exe	86
PID 760 wrote to memory of 5012	760	firefox.exe	86
PID 760 wrote to memory of 5012	760	firefox.exe	86
PID 760 wrote to memory of 5012	760	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Nuevo documento de texto (2).py"
1⤵
- Modifies registry class
PID:1188

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Nuevo documento de texto (2).py"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Nuevo documento de texto (2).py"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - NTFS ADS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:760
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1884 -prefsLen 23600 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {907fd016-fc77-4965-928d-60e61165e525} 760 "\\.\pipe\gecko-crash-server-pipe.760" gpu
      4⤵
      PID:2412
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24520 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f3e468f-6c4a-4e9c-800f-640ac8a6134b} 760 "\\.\pipe\gecko-crash-server-pipe.760" socket
      4⤵
      PID:5012
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3248 -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 24661 -prefMapSize 244628 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {248c2fa4-1926-4629-918a-f66442c22a9d} 760 "\\.\pipe\gecko-crash-server-pipe.760" tab
      4⤵
      PID:1056
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -childID 2 -isForBrowser -prefsHandle 3596 -prefMapHandle 3592 -prefsLen 29010 -prefMapSize 244628 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a279ce2-6657-47dc-a76c-b76416f3df85} 760 "\\.\pipe\gecko-crash-server-pipe.760" tab
      4⤵
      PID:1740
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4640 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4664 -prefMapHandle 4660 -prefsLen 29010 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06aefdef-d9e5-489e-9af6-f3027c9d59f2} 760 "\\.\pipe\gecko-crash-server-pipe.760" utility
      4⤵
      Checks processor information in registry
      PID:3156
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 3 -isForBrowser -prefsHandle 5224 -prefMapHandle 5244 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb5210d8-e72d-4c42-a8bd-5ca2ce2cd40e} 760 "\\.\pipe\gecko-crash-server-pipe.760" tab
      4⤵
      PID:388
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 4 -isForBrowser -prefsHandle 4968 -prefMapHandle 5256 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fffeaf8-6699-4eda-984d-e3abaa283b53} 760 "\\.\pipe\gecko-crash-server-pipe.760" tab
      4⤵
      PID:1548
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 5 -isForBrowser -prefsHandle 5688 -prefMapHandle 5692 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b74a7f9a-bd78-4056-b132-7ef57e1452e3} 760 "\\.\pipe\gecko-crash-server-pipe.760" tab
      4⤵
      PID:1032
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5976 -childID 6 -isForBrowser -prefsHandle 5928 -prefMapHandle 5924 -prefsLen 29117 -prefMapSize 244628 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ff347fa-6fc3-4a59-9f14-21a7055372ab} 760 "\\.\pipe\gecko-crash-server-pipe.760" tab
      4⤵
      PID:4228
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6328 -childID 7 -isForBrowser -prefsHandle 6344 -prefMapHandle 6340 -prefsLen 27211 -prefMapSize 244628 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36b1ac1d-14ae-4cb7-b30a-26d440919167} 760 "\\.\pipe\gecko-crash-server-pipe.760" tab
      4⤵
      PID:2788
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6544 -childID 8 -isForBrowser -prefsHandle 1660 -prefMapHandle 1644 -prefsLen 27211 -prefMapSize 244628 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4d93399-3fa5-4d8a-9d2f-5cf726578d2a} 760 "\\.\pipe\gecko-crash-server-pipe.760" tab
      4⤵
      PID:4580
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6052 -childID 9 -isForBrowser -prefsHandle 5200 -prefMapHandle 4424 -prefsLen 27998 -prefMapSize 244628 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d8c4823-8dbf-4b7b-a7ca-e3e3ab79e94a} 760 "\\.\pipe\gecko-crash-server-pipe.760" tab
      4⤵
      PID:700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1996

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2188

C:\Users\Admin\Downloads\release\Client-built.exe
"C:\Users\Admin\Downloads\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\activity-stream.discovery_stream.json

Filesize
29KB

MD5
ce711ee0c0e23bd5b9d3b0d299ee0e6f

SHA1
7cb37067fb6968d00d6b55bb151c5a0599065677

SHA256
d8d055bf60ad33b1322722678306094cced4476a871f3fbddad5f6f0fb6250eb

SHA512
6025682e09ae736727e61b38fe9b23e64c324aa7d49353360d07fb55525012b8211e73c3c7a3b9dd79e5994884132babbc5b4c71ef37d5a1673966d4463bf088

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\doomed\15820

Filesize
15KB

MD5
48b978a05ad7aff279dcbea6c8255ad1

SHA1
9d80ba4b7f25ab13589eb2958ed51c442f85c1ba

SHA256
b552460a9c7e0f076ae74fb23380813c752f72a999a9243fa06807ffecee47e6

SHA512
6175bbc6d7e1a034a19b033e2b270532b057239320b17d8ee26f530f8a67823fe5f9b5f85b3744059bae5e59b367f54f97332ff17c8816e5ecfcb08f61cc9eb5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\doomed\6024

Filesize
17KB

MD5
2d06ab65e330a59455a7866ad9839bc4

SHA1
867fa504a369cbdde104f8500ba8005c5197207c

SHA256
cb03a77e0c1f69b30d6e0286d8de8cf5facd23c1a26d79d4edf939d4958a5b30

SHA512
e6353ceb3b6e1a6cbeb51bf10f5d327d0df08324c81cc1b0b2ca22520149f61be62167d9edee6a6e89b6c49f53a51911e5055f492dc0b9b6688859b05c112462

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\4412D919A32B54AB53754B2E68861EB10099D124

Filesize
115KB

MD5
6871d310fe64e92fe313ad7cb78fae3d

SHA1
478c48288d4abd5ec2fc8d813a45671de0820f74

SHA256
b5e4f39f1de851543694e622550fbcd40e2b44f6a9121f09391e8dad9236fcbf

SHA512
05b0250949e4b7b5907083723eb8a66d798520670f3b0fdcb286dd388f411ad636a7cac2d77f7416377263700e345b6dc3fa942b7aa777fd00bdc78a852781cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\7AA75AB4E62BCB08BD65BBC7149190C16915E6CE

Filesize
106KB

MD5
c8e3ad3eeb8f65fc0d4c7fef11eff33e

SHA1
6035dc1d39fe1c6b73208fd55ca4f547fcbd53c0

SHA256
0e129972e088cafefd64aa8220d42364525f3c2bf2cad94b881273b0c677108c

SHA512
2c4f0fb97a980851f00fa052de9f61363e60dc79112b1c2ba80852d2b3179b41d3e7793362e12e706b1457b65a574fa5a97d575affd334ca7159ab5c7bd0ff71

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\FFFA2E59D699B461B1F3A4377F679787249C2546

Filesize
163KB

MD5
98d907b32d0c47d1243a9a8127a2cf1f

SHA1
ecbd4cb4bbadb6a9c340b9417d4cc4e65f1c2d69

SHA256
18215a87bbbc7757426ad7d216f08e28166bb1e99d7f319b6523f9350a940804

SHA512
96e74f80a191c5c2061c4f56128a7f22d179784d865e5780041a2cb31a002310547cd2693758f9f1a700c48b8235903e542b1139b14c315af454cf6177ee4fde

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\AlternateServices.bin

Filesize
8KB

MD5
49c6e91a457aa5a7143312cd04ba28e2

SHA1
76bd7dc12d38ad8568b8105e7454aadf3e647720

SHA256
6c4758210da57d86987995089885796e58fb6a1c41e85342154dfbb40a76a9b4

SHA512
3abe003ed2a6296bba75d73d9d972da105f3408d56db3506fc1280790206c32b6e99a67c99697e167baca77565a75ce5d1395e2d6a2ac8eaaa7f2325bf838288

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\AlternateServices.bin

Filesize
17KB

MD5
ca50612e5868687d65f070c560d84934

SHA1
c08f418cb3128a078e51e4fe5feed2d7c825cc51

SHA256
968fe9c3388a490f127191e190f8d5427e4c3fd4818df7630089ff53a4f925c1

SHA512
fa34c378070c2324a5cbb555f03cbbd2727700177c423552f31048638d8076cb4cc3c652cc325fe8d0e5923e82b520a9b18365d4202edac7d5eefe6323e5d3af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
4d07c61bb946efdc9b2a31d0ab81690f

SHA1
6a6e1924b4368eb590bffa18d27f6208439d74bb

SHA256
584ffb49b9030b9e37d981685856ff1146ed2a7d635f07390c7c9d6c00dc2c80

SHA512
3ee8022a380be87775a109ee50fc457d341e12dd40f8b0042ffcc0726280fb2101d7c50210f821e5c553b449830f77843ae1dddb24d8d5dc85767329df921aa0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
5544d5011101fecd0e90a476ccc67409

SHA1
ed1a60b076cc73d7b1f7da3313b349d6cb8de968

SHA256
86dc8b5a9c4ada5ea1bc886bb5d8bb9dec6f39dee95134a56f519fa8eb746153

SHA512
7a74394449854cd25c1118a6ec6941f36ae5dbd123ee935e7995d77ceae182f2f04e809cb91c36c19806c062a4f7498cd77306995199bdee473b983f3451c820

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\08a1acfe-0197-44be-a94b-3456867dc9cb

Filesize
659B

MD5
2900bf0e51b30ae1a97e8d6f79bed1dc

SHA1
1426258f0ea2797e507e9295165115edb2f3e870

SHA256
1bc2dea78fad94b95f61306d7b0b70f5e0c17ce576ef6fcf0798cafd551409b5

SHA512
67c98cbbc6d587eeb383ebcf89f6ac6cb1c8983226c80701240e20b9f304e7ea91045016ff6e147a0607abaeb9dcdf3df0f7ae997353b42bf12847f4df6e84cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\cb88cba5-1054-454f-bc56-1e717706bff1

Filesize
982B

MD5
690c39165078edea3c718e40cc4cba46

SHA1
f6cb382af871802ea0be4f6cf69ae56dbf0a0e10

SHA256
fdbb6db3b28ac0415aa769632047d55371e956358124fce4c2a2232edbc82b2d

SHA512
1d34a2f8240b108d4b1c313d4a152382b6c7c110ce169b244d515dc1a7d38218be9df245ff1bac3e322155faf4314130a857786e35505b919a32b6c0f4fca58f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js

Filesize
11KB

MD5
5b0aa270d7a0afd44e5e00361cf2188e

SHA1
9bec491c2131ce7a219313a0b4f48a9ba5c291af

SHA256
f1d8a6fffbe0930004206ab58e13ce69c7bd19ba52bcd96d0bdc2037896d98e6

SHA512
348ca13c4ab140d043be8615f7e0dd42bbe45ee69d114ff4fa566f96568b41659565833b9a35d71499cc835faa781da8b6d179bad5f1638b77a50d7c77cc09a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js

Filesize
10KB

MD5
5e4c78e11472fa97d0f7665f390a465a

SHA1
4fad8330032f9db2f2c186baee4d2a09e8fc0751

SHA256
433df80ac42bd468e32a90c41253505b7f8fe10e8f26e8f3dd277bfd2dfe7ddd

SHA512
63fd91e7045fd7188c62524b8d245e2dba1cddb13bfa1d26c25692e919f441a06ef068db2dd580a1506c6100aac95468f4591d9c8ac76e4190cb24823451cd52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
d24d89bec99227e9125342bee29ff2d5

SHA1
6c8935b038c970ff7972f4787ab0996be657394f

SHA256
75e2def8feb7a95450f5efeebb93249436e763b71d2bc1b270f5d5954aaeaf3d

SHA512
9172e715728730cce3a787326b8eb68656e272843925049ea25b3ff9a42285c731dce7645a4a5adf67260394ecd421bdc9a77c002eff3f5e3c42753b2048f1be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
e54ec611195ae977994d1d937eb147da

SHA1
7e780526b5cbe60803eb0d4c7072327f53d03daa

SHA256
02594f4bee3467d9435d56e86243cae4892b3a51338a580daabc33c7d03082c7

SHA512
f57118c4e476a6d8c1db28a9381f9d3ae4369c667b5c2e3ab3beac8560f19c6ea5ae68291a1e830c2f3aa1664f303394f3dcd19fb571a54aa42325d0db760b62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
288b4420c11dec62351d85a60a57cee1

SHA1
ea3c0e1760dc80787aa01fe63270c58d90e8a100

SHA256
b592bd82642011d827f435daa62a82977778d102ab2c8f2f2407a76a54ca7e5e

SHA512
1289f9a6b8dde9e7825a2465434d1cab2c1ff396a4c29bdd8d891d655bd7f4f15cbe183eb1214fcea61a04af0f6d58c16eeae78b2c82c2facabffd0b1bd26283

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
ba0c4920e9e6627cc5760636cb2e0f64

SHA1
4873d37a0f8c638b8e8237a1db8d0885d1ef2775

SHA256
66046bde01305c7a68b68dccfb926c588ab79fc82eea9490ae6d148f14b2496e

SHA512
c229cf8e4ebfbdca221dfd31a359046fcaf2839f173973dd4f2619b3e093bec0bc09ec876ffc085892323d18647f0824141eb0bd958183ac9017fe7fed29aa77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
568KB

MD5
5c78143790ac1d73c520535d253f7294

SHA1
885ac5048f6cdda31e43cf8a283da9b122902509

SHA256
a7030a0426ada217e74fea828ab5517b4fd6c24c8e7f0c9d9a23c5399361a74d

SHA512
2e5953851eb6fd5cb5e64bd540e640675ccbcdd0bfc9ef700dcd5b2e227738980b2d31106cbb852e96d807370be3e5395869d320411ca912d18f26c74200912b

Download Submit
C:\Users\Admin\Downloads\release.9cp_iCIn.zip.part

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release\Client-built.exe

Filesize
78KB

MD5
6a900d4d03f9804eceb266a016658f79

SHA1
6af52f2bbe6179c17355564b9676ff98f9a15080

SHA256
9c1239acbd4ca0624a4529ad86de37bbc1d48b982812c67a9b011dcd08722f68

SHA512
7711182f1e0130494d048111138a8b7f91fefc635cc11cf59fc285bf2b37cb4b5edea046531954897d76035502a67a00897146c528d40aa91b2e8c37094ff27a

Download Submit
memory/1732-984-0x000001EDCE960000-0x000001EDCE978000-memory.dmp

Filesize
96KB

Download
memory/1732-985-0x000001EDE8FA0000-0x000001EDE9162000-memory.dmp

Filesize
1.8MB

Download
memory/1732-986-0x000001EDE98A0000-0x000001EDE9DC8000-memory.dmp

Filesize
5.2MB

Download
memory/2188-944-0x00000000000E0000-0x00000000000E8000-memory.dmp

Filesize
32KB

Download
memory/2188-945-0x0000000005170000-0x0000000005716000-memory.dmp

Filesize
5.6MB

Download
memory/2188-946-0x0000000004BC0000-0x0000000004C52000-memory.dmp

Filesize
584KB

Download
memory/2188-947-0x0000000004B90000-0x0000000004B9A000-memory.dmp

Filesize
40KB

Download
memory/2188-970-0x0000000007A90000-0x0000000007BB2000-memory.dmp

Filesize
1.1MB

Download