discordrat | e3e46f0d836d7536b5f14324d34ffe38fc337a9c09fbf0429fdd9fe82d1e1ba4

Analysis

max time kernel
127s
max time network
143s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
02-11-2024 11:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ZoraraUI.exe
Size

95KB
MD5

57114b780ad5cf03a23b897a7ee3ed50
SHA1

871313b421dddae01c68719546e8e423035bf189
SHA256

e3e46f0d836d7536b5f14324d34ffe38fc337a9c09fbf0429fdd9fe82d1e1ba4
SHA512

dc09eaa39349a2d4c90a904b85bdb8c7abebb83c6e1f00aeb0efcbca09e2444f97550fb0c8ea1600855b77278ccd4834f8cab11f151bf15b7f340a997a069bcc
SSDEEP

1536:l2WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+9PI9:lZv5PDwbjNrmAE+tI9

Score

10^/10

discordrat persistence ransomware rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMwMjIxOTYyOTc4MzE1ODgwNQ.GxLQZ8.DRpyOqRKH2MlfrQEsy0l2IIHWvJ9hbwMpr2sCc
server_id
1302215304264290354

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Downloads MZ/PE file
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 19 IoCs

Web Service

T1102

Processes:

flow	ioc
14	discord.com
112	raw.githubusercontent.com
116	discord.com
13	discord.com
91	discord.com
113	discord.com
163	discord.com
164	discord.com
165	discord.com
24	discord.com
35	discord.com
36	discord.com
111	raw.githubusercontent.com
114	discord.com
170	discord.com
37	discord.com
38	discord.com
117	discord.com
169	discord.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

ZoraraUI.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpD126.tmp.png"	ZoraraUI.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

ZoraraUI.exefirefox.exeAUDIODG.EXE

description	pid	Process
Token: SeDebugPrivilege	2632	ZoraraUI.exe
Token: SeDebugPrivilege	3828	firefox.exe
Token: SeDebugPrivilege	3828	firefox.exe
Token: 33	6128	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6128	AUDIODG.EXE
Token: SeShutdownPrivilege	2632	ZoraraUI.exe

Suspicious use of FindShellTrayWindow 21 IoCs

Processes:

firefox.exe

pid	Process
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

Processes:

firefox.exe

pid	Process
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe
3828	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid	Process
3828	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	Process	procid_target
PID 2904 wrote to memory of 3828	2904	firefox.exe	93
PID 2904 wrote to memory of 3828	2904	firefox.exe	93
PID 2904 wrote to memory of 3828	2904	firefox.exe	93
PID 2904 wrote to memory of 3828	2904	firefox.exe	93
PID 2904 wrote to memory of 3828	2904	firefox.exe	93
PID 2904 wrote to memory of 3828	2904	firefox.exe	93
PID 2904 wrote to memory of 3828	2904	firefox.exe	93
PID 2904 wrote to memory of 3828	2904	firefox.exe	93
PID 2904 wrote to memory of 3828	2904	firefox.exe	93
PID 2904 wrote to memory of 3828	2904	firefox.exe	93
PID 2904 wrote to memory of 3828	2904	firefox.exe	93
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 4804	3828	firefox.exe	94
PID 3828 wrote to memory of 756	3828	firefox.exe	95
PID 3828 wrote to memory of 756	3828	firefox.exe	95
PID 3828 wrote to memory of 756	3828	firefox.exe	95
PID 3828 wrote to memory of 756	3828	firefox.exe	95
PID 3828 wrote to memory of 756	3828	firefox.exe	95
PID 3828 wrote to memory of 756	3828	firefox.exe	95
PID 3828 wrote to memory of 756	3828	firefox.exe	95
PID 3828 wrote to memory of 756	3828	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\ZoraraUI.exe
"C:\Users\Admin\AppData\Local\Temp\ZoraraUI.exe"
1⤵
- Sets desktop wallpaper using registry
- Suspicious use of AdjustPrivilegeToken
PID:2632

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc3fde4b-d5ca-46b7-b1f5-05f262881e29} 3828 "\\.\pipe\gecko-crash-server-pipe.3828" gpu
    3⤵
    PID:4804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e1bf97d-167c-4ca0-8b3d-91df160b61e1} 3828 "\\.\pipe\gecko-crash-server-pipe.3828" socket
    3⤵
    - Checks processor information in registry
    PID:756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3200 -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 3180 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73be1ab4-335f-4256-a17a-feedd1171ea2} 3828 "\\.\pipe\gecko-crash-server-pipe.3828" tab
    3⤵
    PID:1488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3972 -childID 2 -isForBrowser -prefsHandle 3992 -prefMapHandle 3988 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b31ea8ef-0917-4aae-a3e1-96db72ec867a} 3828 "\\.\pipe\gecko-crash-server-pipe.3828" tab
    3⤵
    PID:1920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4712 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4876 -prefMapHandle 4768 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62ed23c0-cfd7-427f-99c0-9a2e5e2c4b6a} 3828 "\\.\pipe\gecko-crash-server-pipe.3828" utility
    3⤵
    - Checks processor information in registry
    PID:4660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 3 -isForBrowser -prefsHandle 5348 -prefMapHandle 3684 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd4bba32-ec01-4b8f-a307-eb9966154860} 3828 "\\.\pipe\gecko-crash-server-pipe.3828" tab
    3⤵
    PID:5780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5556 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e9fbf65-2df2-485f-8a14-b15075040ee8} 3828 "\\.\pipe\gecko-crash-server-pipe.3828" tab
    3⤵
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 5 -isForBrowser -prefsHandle 5744 -prefMapHandle 5748 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa281c33-4c8d-40da-b7f9-e1cd308f77ad} 3828 "\\.\pipe\gecko-crash-server-pipe.3828" tab
    3⤵
    PID:5804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6200 -childID 6 -isForBrowser -prefsHandle 6192 -prefMapHandle 6180 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38133794-d2b4-450b-bf8e-9946cad506b0} 3828 "\\.\pipe\gecko-crash-server-pipe.3828" tab
    3⤵
    PID:2296

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x8c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
1fa9096f472828d8aa79ab38bfc18a84

SHA1
eb7fbd64aebdd56ed533a178c198e7ab2e35c333

SHA256
267db0184fa475cf58a0c2e456964d8e1b27652aaa7bb94dcdc13d4f416c748d

SHA512
34f88f0cdd5238720c2e86864bd0958a0ffee9c54f3d8db7451154c42ad2e0e039cd333ac8b830e7c1b24b10cf13d040c9cb797b56d8333b4189ed9adbd1f0fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\cache2\entries\D500AD994A7515157BB2A6ADD5B18B754E4D2F99

Filesize
13KB

MD5
db7c74528d183f86a8f446bf4101e072

SHA1
73bc27382d2caca968ee713fbf34e02489e0425c

SHA256
3a6401eed8965863a8bbb6e4a795426bf332fad7d64c9e587a7c221a2f25acab

SHA512
f93bcd66a67dcedc395d7bbec5f584bf82d79d1d45e60db38d05028a526d3cb45b5e2dccc6d02158e73f480cf9210deeb450b8095cc0da1aac82ed10de3cf80d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\AlternateServices.bin

Filesize
7KB

MD5
dfaa3bc4ae1784eee36dec8570765f49

SHA1
37eccaf3ed5cf2d2d1a850da09662eafc1fe4f1c

SHA256
fe7d153098eba055e8ee538e514ecdfe1817929c618bb78fbbbd47f71da63d1e

SHA512
554277ab591ec85f755d2b7d0b922b3636d1769a0a40c1493faf4115e4561186461e4ab19db0b9d38e01196c3d52d257d16e5fffca440e0bc4b41b10ef8aa40e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\AlternateServices.bin

Filesize
12KB

MD5
8f47b7f9bfd2704e39bd4020a065ad49

SHA1
9dc8435068f8251151c94f86050dc07d92025376

SHA256
8a6d75d116d76ec3bff1cacb6f8a67c95df010b70d5fd7493004cbedd38f2443

SHA512
f7bcca02c565b3ec64f50a6044c50765c55c89e542c98cc1ffd904aa02bfdf75eef2b7eed90182e85f7fb44a7b440583845e21201353de4d0f19f13eb7a2ba7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
3a8c2ca8d9f5b94b451d13542fc5f9d3

SHA1
c9d29942426708fecc827733cdde11e9d65e345a

SHA256
20377e4bf8c969890f4f04ebd3d74a7fb4412751ec34b5bd549335a499bad9a3

SHA512
08697e94ba74afd97bad184895316fa4c1d26624131c719122d2ae420b5595a44ec97bcdf4d8689a41d9dc2296c0a263df1e3b6ed0b1a0430783f8b53b17476e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
22d0dda7d640ba8903448f744469cbd6

SHA1
7c9496599afeaf0b1ef01730f976a739cafbc26f

SHA256
dcb0ab19c2f1791c62c9d75f9af5422ec2e6b3ca7495dcc8299d5765a8ecd93d

SHA512
219bb3301c5881448c836437fa1d93741c2dc12d20d17a401d5bcbc6fee4a5f7e486889060c7ca0410dfc6c0c2fba46b1b94d0fe53e116639ff438a955e0a778

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3ebd058f5c4f13a3c9793c5a55513f47

SHA1
68c5443719ed13850d144eb84f59b9cd83727a62

SHA256
90882a82a5e9228b1c0447c7eda9e914e85fbad06d79304f7dff5e829cd93788

SHA512
4f92af4c0d229f8a4777e472d4c26afd41bfd689bc13922887e3fbc92ef1f6b8adb698d1fdc17153efd7164937cbd6384a8a134e55f0af55e1e08c7064d2c3a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
2d93e0bb2684ccc8412df1645b14fa6f

SHA1
3e463e8ffe33118c86168ab3aa106f737000365c

SHA256
0eed6d88267523662e692be19751390bab340e799f5073496a77a226be36ba7b

SHA512
c1979ef8a02b09ba2f99349339081be57b68669a9b27164144952daa4123ee9b6126c3f64d45c1612b0ab5a17054ae11b805b4aa3a8283a0fbf74770dae7b22a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\767f4509-740d-4502-a09a-6b38e9098382

Filesize
982B

MD5
ff4847cd204c83c47d2f5be7498ea1c7

SHA1
c9f229f5d604ad334450aa441ec70f2293d3413c

SHA256
80a89145c0dc0fb1e27dc8ea21e0f1bc32ca466d47a5fa89c4a5abf0e2e84b80

SHA512
e401d981662b9fe699ea7c6c171d1bc661d37622ad8eeba49c29bef124858a239b13a9692b34042e32423179544483373a17a38ad373dd056986193fb48fd6cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\9af95d27-ae21-44b1-a383-3b0d24c85926

Filesize
24KB

MD5
1822316daea5f16d779c986e5cfdb55f

SHA1
a3582f8bee5771717b440e593b5ea5433b951a1c

SHA256
d1371e71c5df4e5ad8781a5312686a36aa4bbc7ac0c43b83a093ed0220213702

SHA512
941bfd801bef2846a0d398d92bc6f6df079177dc2a9553b704f70a15e8737c54e2636d0401423e76b9d9c94cb21363db864fbcba87f3f3b403be48544dd12694

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\c76e002b-1ba4-4dc9-bdce-212a1ce84707

Filesize
4KB

MD5
9c089bb36a6431e4c3c1395c6d18fbc3

SHA1
f4afabbc8aabe757bbc1e799391b7d64525e44fe

SHA256
3ffe00a23deac8ffa7a3892b6edd7f99cf2f50026774eec5880cd821759b03f9

SHA512
b449b2f9b26ec950e689539b4a7d3752b0447051d19eae618a0a2b9143e26263217cda3ed4ee7335b3476c6fcaec38e240d714748e06db7f198bdc580175a840

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\f517b6fa-6fcc-4772-9884-8ba166439765

Filesize
671B

MD5
2db8a0a604608febae15ec23b9dfc6d2

SHA1
88f4c5563f3945cbe3baafe56d3e310709f4984c

SHA256
e58d4fe2fa2caeefa80c8616ff8f23817917ce3719c1c1be1a80375f7c381915

SHA512
044f6fda44f0ce4b1a803408ae8e141ae414be95c112b82b788d43b97ce1b3242bec6e3bd0c3577bbc35ba03ce45313bef849403422b730e495dcecb0034322f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs-1.js

Filesize
12KB

MD5
42a39efed6fec7861dd6a77e4fee1765

SHA1
3fdc8674b1f1424d4911865ea562b66322e62ae3

SHA256
6e9ea36dfb2b43222556a9105101d294e6843b05af77eef39989d99f5ba43eb0

SHA512
53ef6e7d43a5874b5acab343b53441f9068d7ddbd3f8d967f9752a71857a2c260db6092df2dd109a53eb56d1ea12a4384c79936346ace94049c6beb3f61d2d9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs.js

Filesize
10KB

MD5
6896023f0a73da513dd45af054eddeb3

SHA1
29e1c87d23ee4cf14b4d5a7d8347fa26bb2f596d

SHA256
79449ff6da4504ac4af13fbe38bb6b06be7255f145c846953e8776bec2284238

SHA512
0e234c339d58065a76b0b672cd6066d26ec7d0c62b1c123ec614cf8045cdef1a0d73064e3734f2a61985a2828565b882eabe960dcb02401131442327bb9671e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs.js

Filesize
11KB

MD5
f91c46d25d86ec846495bbef10d5551b

SHA1
bebd07dd468fad8d50334f52399c65fce5cc0c21

SHA256
2f650a1e430d68d34a3518e45c72b92dcfce600b6e5481ef8162eeee28bc32ec

SHA512
0a3d440c6cf17963a700c2a693c45edd437df5a3a32338dde265eed93dafb6c06fff7c66cd7d82ff7b614578c7ac24e01909d15c2909f9d197b980413c207c48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
d9a1eb25dcc9d29d3576ab308cd3ddc1

SHA1
54b71e7060ebb1acc5c5ff40544bcb06bbf677b8

SHA256
ffc5fa401539f625b0baae7a2f7f69fba2668fe3b60a9a1554dd47b3391b5af9

SHA512
1658cb6c64eaebb6673bb63e78a3bcef3ea0df182efc2d4b9803d305ff83da18b9dc095d7946695f52e3a8cf6b61b2783efcd899fe5f63c6b146a78a7d8f3969

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
920KB

MD5
c278248629cf3cca8f746d45fb560f55

SHA1
deddec9cb5e9b1c720007339c8d3d936ce4f5c58

SHA256
b93ff446e2f5b7b405ee6895cb5b9ddfc232a039a60107976a07a4396627c0f4

SHA512
abd7814e1adf8ad3c9fa74f2fc46bf46033e13f38f6061134d6d7e391afde0d13ccc20fc51c31fee9e42629d622186aad0a78e505d2177110247fca195f5f2d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.7MB

MD5
6fe1f0333fdf01fdefe6f1de11abb944

SHA1
2092379e62acc5ab0ede68442cb226ffb7fa74b6

SHA256
1c5ef2d61f5cc18b44c3a8aec8263e990913d7e8966921ff0254c90def3845c2

SHA512
0081ddeb24719c532bdcd545fb888b9b1ace93f2194b0de2d72ee6812d0c8f779d53a5dc1eaada001a9d781ddf5cb5044ec2e2f854326d999eb78675daa3154a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.2MB

MD5
0b500529d11dfa454b719f9e49c312fb

SHA1
98f822d909ab56e2cdd4e35a2e1d494655aa8efe

SHA256
ebfaf0b207a7d1d8148da32bfe93a9d42dbc84afeb1d52a60a16f410028f053a

SHA512
fd15563dbe363ee90948594949da98c8a295eefe4ccf2f43626de58ec9701b7d9809f6c13948e8fe035b1c65e18351d9cb7ffd6472e282d079d91473f67690ca

Download Submit
memory/2632-367-0x00007FFB94870000-0x00007FFB95332000-memory.dmp

Filesize
10.8MB

Download
memory/2632-6-0x00007FFB94870000-0x00007FFB95332000-memory.dmp

Filesize
10.8MB

Download
memory/2632-0-0x00007FFB94873000-0x00007FFB94875000-memory.dmp

Filesize
8KB

Download
memory/2632-4-0x000001EBCF0D0000-0x000001EBCF5F8000-memory.dmp

Filesize
5.2MB

Download
memory/2632-288-0x00007FFB94870000-0x00007FFB95332000-memory.dmp

Filesize
10.8MB

Download
memory/2632-3-0x00007FFB94870000-0x00007FFB95332000-memory.dmp

Filesize
10.8MB

Download
memory/2632-5-0x00007FFB94873000-0x00007FFB94875000-memory.dmp

Filesize
8KB

Download
memory/2632-2-0x000001EBCE8D0000-0x000001EBCEA92000-memory.dmp

Filesize
1.8MB

Download
memory/2632-366-0x000001EBCF600000-0x000001EBCF8CA000-memory.dmp

Filesize
2.8MB

Download
memory/2632-287-0x000001EBCEDD0000-0x000001EBCEE7A000-memory.dmp

Filesize
680KB

Download
memory/2632-1-0x000001EBB4310000-0x000001EBB432C000-memory.dmp

Filesize
112KB

Download