discordrat | hxxps://github[.]com/Yodusa/Discord-Account-Generator/

Resubmissions

28-09-2024 17:27

240928-v1eb5sxejn 10

28-09-2024 16:55

240928-ve8nvsyfne 10

Analysis

max time kernel
430s
max time network
1505s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Yodusa/Discord-Account-Generator/

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI2MDQwNzQ1MjQyODUzMzgzMQ.GYv6Cs.bHorOgR3dzpv33F18dZaRpWKB43NnKIjozVcS8
server_id
1260407315073597510

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Discord-Account-Generator-main.zip:Zone.Identifier	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1896	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	1368	firefox.exe
Token: SeDebugPrivilege	1368	firefox.exe
Token: SeDebugPrivilege	1368	firefox.exe
Token: SeDebugPrivilege	536	main.exe
Token: SeDebugPrivilege	1368	firefox.exe
Token: SeDebugPrivilege	1368	firefox.exe
Token: SeDebugPrivilege	1368	firefox.exe
Token: SeDebugPrivilege	1368	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1368	firefox.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe
1896	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 1368	872	firefox.exe	82
PID 872 wrote to memory of 1368	872	firefox.exe	82
PID 872 wrote to memory of 1368	872	firefox.exe	82
PID 872 wrote to memory of 1368	872	firefox.exe	82
PID 872 wrote to memory of 1368	872	firefox.exe	82
PID 872 wrote to memory of 1368	872	firefox.exe	82
PID 872 wrote to memory of 1368	872	firefox.exe	82
PID 872 wrote to memory of 1368	872	firefox.exe	82
PID 872 wrote to memory of 1368	872	firefox.exe	82
PID 872 wrote to memory of 1368	872	firefox.exe	82
PID 872 wrote to memory of 1368	872	firefox.exe	82
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 2136	1368	firefox.exe	83
PID 1368 wrote to memory of 4824	1368	firefox.exe	84
PID 1368 wrote to memory of 4824	1368	firefox.exe	84
PID 1368 wrote to memory of 4824	1368	firefox.exe	84
PID 1368 wrote to memory of 4824	1368	firefox.exe	84
PID 1368 wrote to memory of 4824	1368	firefox.exe	84
PID 1368 wrote to memory of 4824	1368	firefox.exe	84
PID 1368 wrote to memory of 4824	1368	firefox.exe	84
PID 1368 wrote to memory of 4824	1368	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Yodusa/Discord-Account-Generator/"
1⤵
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Yodusa/Discord-Account-Generator/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1520da0-5434-4fbe-b4f3-77e9c9a62034} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" gpu
    3⤵
    PID:2136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1e83fc6-00db-43f5-8c5f-1a9b1e2605b9} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" socket
    3⤵
    PID:4824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3236 -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 2872 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d0cbb2f-ed11-4bdf-a8c0-3562e5240d25} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" tab
    3⤵
    PID:3820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 1312 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61eae549-64f3-48a8-b9cb-ae9bae942db2} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" tab
    3⤵
    PID:4844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4764 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4756 -prefMapHandle 4752 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2071953c-a61f-4b2c-abc6-34ad3cd428ad} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" utility
    3⤵
    - Checks processor information in registry
    PID:3508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5236 -childID 3 -isForBrowser -prefsHandle 5244 -prefMapHandle 5216 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf830cce-165e-4892-9458-5874ef9f5844} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" tab
    3⤵
    PID:4188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5472 -prefMapHandle 5468 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d6102f7-cab8-44f7-ad1c-42b61deff0ed} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" tab
    3⤵
    PID:1460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 5 -isForBrowser -prefsHandle 5608 -prefMapHandle 5616 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02d68914-9d9c-4571-b7dc-435ea12fda71} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" tab
    3⤵
    PID:4092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4620

C:\Users\Admin\Desktop\Discord-Account-Generator-main\main.exe
"C:\Users\Admin\Desktop\Discord-Account-Generator-main\main.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:536

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1896
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Discord-Account-Generator-main\config.toml
  2⤵
  PID:1064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
2ae3b72daaa255620602a58599c2b056

SHA1
2ba2ce640d3b20523b4a2bc139b7e74ec20fbabc

SHA256
b04af593369125aeb6ffc9e77ebad2a99a76c4b8dc4a66659896e5edff12e578

SHA512
c6d51c75a1a31775c23db5c4ecc3de0f8760150d67246064c8793c830b0dc966d73d87fb2d3a7c1bdaa8547e2bc5020a749a83cc954c6a9aa0ad05176bb5d699

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
5cdff6986ce40a65bfc931866d2947bd

SHA1
04125960138054de0ce47342ed930c90d3c5b779

SHA256
6bf6115f908996222b3ac35ed8644053f63bfd32033cbafacfc11fbe54e25953

SHA512
693dbf9cda2d0f44f8519be43d32715c878d428020b5c76846cd09502e9e2e5977790525bde5762c2b19b63f9ce9fb3e1101505d20187f4948b66b1a3443028b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28239V73NAV2KIN3WNU7.temp

Filesize
9KB

MD5
091e3c50a1e754aa86ae83907c18de08

SHA1
a65c1b1ad3b22d173427c7123845dad7bafdcae3

SHA256
8d965a1be29a74aabe0bf594980ae83c0cf5fbd27b073dac95a6ffbd0bf10e97

SHA512
289226a0a5e6df43e58f4942fd0eb65ef82f45aadbfabfa813aef7bb3223f94f378c1cb9d43c444aebf9ce89b306bcd8e9067a8b4cff9891233ce52a14acf061

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
6KB

MD5
b66a321743c1a8190502e40518818004

SHA1
55d33c9a6e105c917f45372e2b1a919779ad8b96

SHA256
15ce1e837d899faed09fb5f82a7010e0b73e83aa5fab6fe41532af5d1d00c1a0

SHA512
90896e9d2ff94e7a706349c7ab3f59ce8289101107551f49596890054282c58aaa7bbdd9d8dae525249d6bf5ea84d6caaee7b0363a74bc9716641ede564b7c2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
8KB

MD5
878ca99f13aaa9ff3634ddf466ace349

SHA1
25efd6750c8ffdc54b361c8d66851b952252b3d0

SHA256
474f1353031d778bae29f3a239804f78ad97f23abc7af072039f541452594bfe

SHA512
cbc8914af852fad5325a5820f3bd0697323a5ecbba1ef7ba089e27262d233f605d4dff13571f744be91aa0b784d3638849115566a98d7e522e224d1143733247

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\bookmarkbackups\bookmarks-2024-09-28_11_jyN-CCheJLByANf-HV17Aw==.jsonlz4

Filesize
1005B

MD5
24f802fc7eaf8653f27388b1f8e607a0

SHA1
03874de4f4ed11042c5abcd3dcf90719585b8e3e

SHA256
167d35e5c231bf6e83c10bb04c917bde8f5d901a3da24a3dfe332b7f299f84c9

SHA512
4ff82fc76322773fe239005e1d095708f469edcbd30379e79fbcf91f55caf4e9b2886aa463f2ae3e3c1f40669f4875c71c8470f43ccf5ed639bfb845c54d7532

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
4KB

MD5
b79139034b448d90ff35b2ef27fe414e

SHA1
86820691c4a04a953d142ce65b2d67ec8cf1474b

SHA256
3c93a57a2536ad5177c0b30c49a84e0f39d8343b7cf10cc7a00454231545d6d2

SHA512
62c155e8b8eb0098fba676c4ba47b4ec7d2ad6b3373b6c4e70d2feaaad1a0fbb5a6c67bfd1a2c361a18c1a0664e591dd0cafc162567678acf31485c6aaa650e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
bd75ceee76d591324dcf5c9e12dda908

SHA1
15def269a54baa9f61b8e1e1682aa02b8082a1a4

SHA256
b56af6c76c456a4fd8a65ab323a4e442053df3558ca8140f4dbf598ebda0b1de

SHA512
d2f52e54e47b36278796b49a2da1213f2154b59b0b021786335a158f796aa572fa1f64768074347b60c19a09a99933b213f7e05861ad809236fc6b6d4acb158f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
37KB

MD5
3c2900d34620a698a7c2393a354ccf9e

SHA1
6ac718b3ac36128b25dfd084858ac7bf58bbaefa

SHA256
611f6c845245ad89de975760c4fed298d5f9aa6cecf052a51d3ef87913a14073

SHA512
9cd94d4ce3ce181de3c7bbe57854776f8bfb5bdf67198e3fc3909349d78248df895dc0ba444b98ba056c8546c1ef7e50b197c8c6b0bb5b0baaa8d764a216c275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8e467b43c1ad1a1b8265e97bb95cb04d

SHA1
fd1ce40945cc86de6ef77aa381f35943cae5c125

SHA256
e35a15818193eec2438437964661ce04a174ef999b8e71699ae3854766ffb085

SHA512
c647b0e5f662fa1f7b4cdb14fa7dd54c4bc5d638bf556d4ba515d3def536b505a8ea0621ae19d43f9eb9f88fe06b9145f5d2e19bd71eb2172d1dbf2509ab3a33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
6187ee8faf2bd252bb29b43bfcbc6788

SHA1
c39d017acbbe834108e82b03f584f536b8034fca

SHA256
b12dd1582afdb6556bf294f60316d38065c279e90b58d3451d870fe7cb4c210a

SHA512
cd8e4af1d0c8472ad7f64fd04958e7e7769268fd46695c9cc1ac475d7994edd50a7e0e1f2910a0ce925cb28fbc4b778ab918d3383bb23d975b07d1feffd87a9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\096cacdf-2f72-43e1-b7fc-483437870622

Filesize
982B

MD5
38bdab605f3dd95df00592003d209210

SHA1
ce73ca25e26a084ca51c79b8f9787204e68828d1

SHA256
38e5185fcc55486c6d78763fc6bc8c67528431e3c2553b528d05f48fc9ef9257

SHA512
f6a444af6ed86794f2a8656230c012535e12b1ceca22717d34b2bd48c1bfff02b725c8d0b2ef04dbeca10094154d55ec9ba0e9f2ec03b8d2511e0d1cb1612a21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\0c0d1371-2a46-4956-8bc1-916e4288bd31

Filesize
28KB

MD5
3713570c3ae1ce2a7e2badcf07f5c771

SHA1
33f0d58ada87bb09b1aeaf9c0293bddada92fd91

SHA256
7aad87d9ac75e0bf8067d350bc0a299710f45ef6c3ea56d30b06d2dad049e65a

SHA512
3361d0410aa98f5fd7a018fcc9a0deba61c232ae299de63bf6fabcef7694aae961f874e31e8edfa96d9a6ed3fc783ee4a4b707cf53d9fdcb9b4e71cf42edebd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
12KB

MD5
7ae948a4b312e130513c1b00aede86e3

SHA1
282187a98c332ef46450d03c7894539baf1fce35

SHA256
66053c9676ea6a6885c3eea1ae01b98572c385f547cd7e24fa32d05d73e15e03

SHA512
12c8cd958646a5654ee2e4d7b1517618f24290e6e6d64ecb82767d0b7c6ba63ad6de59e680a26251a1eb77a2be55daf9bfc8308e7d167a869d4af3378f5049c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
11KB

MD5
fa238d3a8d3ff92fcf5a6144c5a0330c

SHA1
a2bdd30a1d7ea440dbe939c7eab3661ed98d9859

SHA256
8faf8c75ca982955dec71f553f1a210ba54773b8ebbf948da427842c707c0305

SHA512
28362b65d251abb9cacbc9c23573de872ff3806a4a68830875bf101a837bac7a86f28804ec29b10f68c08e08f429a8bd687c34234d24522746c16fe918a0b019

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
11KB

MD5
987761b565ebdf42c25124ac8966974d

SHA1
001e7897716a63eb3d7164bb5f986be106b86031

SHA256
22c0067ebea099c012680345fb1627a39b89bf90e9cb6783fb4345dce9ec445d

SHA512
eafa226f967c69e929951a34015d109f7c6f1027c28eb1e98054f954eb5595e002ce5a504ec325e88ab649d03753a506baf1f48d11538fdcf1987178d042e0b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js

Filesize
11KB

MD5
f17507129252b4369da3a43ee67ea671

SHA1
ca5d17f56a4b75fde2e0c25bb18a6e89a47816a2

SHA256
f3d9db1a45d09ece0d5c0aae33e2252a8a75ed442a812a1a2777115bdc01c46d

SHA512
972d37a845a4d7fcff8ac5419d7ad56f30adce134a2dd8fdcc50e81c4c4c4a6a901523daf8985702e08a240d8b1adc11e16c21f8b03021e1baf99749aae2f7c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
bfd9cec9dfef38ffd77b35009959500a

SHA1
438a045c65a8633373af8f74ac3284b81e6aa9d2

SHA256
8bd9e4605c7228de8a7a8d1c1e597ad977e10a6429039e9f3ee8329a3a682126

SHA512
715bba507e1db76a3c868dd5a6db9ac0c1a31dbcd117a0287b67ea8e1e74a403b0b0890df7b8710b4be60f9df24f07f4d2f919a4578842f131fbee932a33cd97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
1148cfb349036033b6cc056f6dc57914

SHA1
f745c2766958343b3b93dd87990c532d746486d7

SHA256
9f94a4330f161d974e9d12b2db0527dae53de84e6047e1aebca4754c47835524

SHA512
108aa71b93097ff164831f56d422d20424eac0fc1b1b826234af19453082136b89fc02ad6b90ab791a46947bf46fed7061f629bbf24536a4e5ced46c7e897287

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
c2a9496a17063e15bfc988a197a433c3

SHA1
bf70e7e0a88ba71aab1c344c431560829d18a044

SHA256
55493a22c824dc3c8e69c546b1348fd001b99daebed1369bde2959a895b17cfd

SHA512
1d24edd762d52cd5ada3ef0604ed96b71e04f70982fb65b477ffb81ea57d5f978694bc753b997dce261d5731ed17168302bbfe053430249f7778d680fa40a9e4

Download Submit
C:\Users\Admin\Downloads\Discord-Account-Generator-main.6yx6UUEl.zip.part

Filesize
30KB

MD5
511362586d9aba19d383f896dde752df

SHA1
1a34f7708f083dea2c36e7ce46d0d7297f8c9d86

SHA256
073a3a554da262e3ffaced7bc3940c5ae2024cb0f457fe539df980326ac6acc2

SHA512
27147c22afba73a9027c52a840e5861452f11b65362a0fbe0f58df10f80c16d6d691f847a54c61384dc0c0371ef9b8988521271ea97e72e1c841041ec6d78a2e

Download Submit
memory/536-521-0x00007FF8761A0000-0x00007FF876C61000-memory.dmp

Filesize
10.8MB

Download
memory/536-520-0x00007FF8761A3000-0x00007FF8761A5000-memory.dmp

Filesize
8KB

Download
memory/536-519-0x000001FF4DE90000-0x000001FF4E3B8000-memory.dmp

Filesize
5.2MB

Download
memory/536-518-0x00007FF8761A0000-0x00007FF876C61000-memory.dmp

Filesize
10.8MB

Download
memory/536-517-0x000001FF4D690000-0x000001FF4D852000-memory.dmp

Filesize
1.8MB

Download
memory/536-516-0x000001FF32FE0000-0x000001FF32FF8000-memory.dmp

Filesize
96KB

Download
memory/536-515-0x00007FF8761A3000-0x00007FF8761A5000-memory.dmp

Filesize
8KB

Download