discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0

Resubmissions

24-11-2024 19:59

241124-yqgajasnhj 10

24-11-2024 19:58

241124-yp65kasngj 1

24-11-2024 19:56

241124-ynxjqswphx 10

Analysis

max time kernel
46s
max time network
55s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
24-11-2024 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
123
server_id
123

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Executes dropped EXE 2 IoCs

pid	Process
3180	Client-built.exe
2104	Client-built.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\release.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	6088	firefox.exe
Token: SeDebugPrivilege	6088	firefox.exe
Token: SeDebugPrivilege	6088	firefox.exe
Token: SeDebugPrivilege	3180	Client-built.exe
Token: SeDebugPrivilege	2104	Client-built.exe

Suspicious use of FindShellTrayWindow 22 IoCs

pid	Process
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe
6088	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 6088	1592	firefox.exe	80
PID 1592 wrote to memory of 6088	1592	firefox.exe	80
PID 1592 wrote to memory of 6088	1592	firefox.exe	80
PID 1592 wrote to memory of 6088	1592	firefox.exe	80
PID 1592 wrote to memory of 6088	1592	firefox.exe	80
PID 1592 wrote to memory of 6088	1592	firefox.exe	80
PID 1592 wrote to memory of 6088	1592	firefox.exe	80
PID 1592 wrote to memory of 6088	1592	firefox.exe	80
PID 1592 wrote to memory of 6088	1592	firefox.exe	80
PID 1592 wrote to memory of 6088	1592	firefox.exe	80
PID 1592 wrote to memory of 6088	1592	firefox.exe	80
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 1620	6088	firefox.exe	81
PID 6088 wrote to memory of 4572	6088	firefox.exe	82
PID 6088 wrote to memory of 4572	6088	firefox.exe	82
PID 6088 wrote to memory of 4572	6088	firefox.exe	82
PID 6088 wrote to memory of 4572	6088	firefox.exe	82
PID 6088 wrote to memory of 4572	6088	firefox.exe	82
PID 6088 wrote to memory of 4572	6088	firefox.exe	82
PID 6088 wrote to memory of 4572	6088	firefox.exe	82
PID 6088 wrote to memory of 4572	6088	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/moom825/Discord-RAT-2.0"
1⤵
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/moom825/Discord-RAT-2.0
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:6088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1900 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4141a95-5681-4371-abf8-ecbd41fa3101} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" gpu
    3⤵
    PID:1620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e667d593-0020-468f-ac8d-cd2c2986a905} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" socket
    3⤵
    - Checks processor information in registry
    PID:4572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3016 -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 2772 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c44e10e9-6437-40a0-9d9b-db792297c11c} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" tab
    3⤵
    PID:2296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3236 -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3532 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6117b7a-1745-4094-bdf2-8aabe1ad1059} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" tab
    3⤵
    PID:4704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4304 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4316 -prefMapHandle 4296 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ed414a8-b797-4fa8-aa56-66bfcc7d3aee} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" utility
    3⤵
    - Checks processor information in registry
    PID:5316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5192 -childID 3 -isForBrowser -prefsHandle 5184 -prefMapHandle 4280 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33efdf77-1dec-4590-81de-fb5de3c52d50} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" tab
    3⤵
    PID:6132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5228 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8240fe63-af9b-4808-ab31-5a3b40795b74} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" tab
    3⤵
    PID:5528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 5 -isForBrowser -prefsHandle 5584 -prefMapHandle 5588 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {993d0259-04d0-4f19-9a00-5aa27f569d40} 6088 "\\.\pipe\gecko-crash-server-pipe.6088" tab
    3⤵
    PID:1916

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5856

C:\Users\Admin\Desktop\release\builder.exe
"C:\Users\Admin\Desktop\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2060

C:\Users\Admin\Desktop\release\Client-built.exe
"C:\Users\Admin\Desktop\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3180

C:\Users\Admin\Desktop\release\Client-built.exe
"C:\Users\Admin\Desktop\release\Client-built.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2104

C:\Users\Admin\Desktop\release\Release\Discord rat.exe
"C:\Users\Admin\Desktop\release\Release\Discord rat.exe"
1⤵
PID:5384

C:\Users\Admin\Desktop\release\Release\Discord rat.exe
"C:\Users\Admin\Desktop\release\Release\Discord rat.exe"
1⤵
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
bf10cd2793517815181c6d81d6debad2

SHA1
df665d0e93090d2d4050d75d479e5649b72075d2

SHA256
418d9d68c5730a641e00f46bce65f19a3ef7c3e3a5311e4c45a9a4af0fa54d7e

SHA512
8a8044b037c4a3fd86e3d7d3613d61e7231f0243893d0b7782cd02bf09d29b7d52575da060ea811ee2c48f43f7306711a86e8b8f8a7b947926cdfb40390000b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\cache2\entries\E8BD986722565A28F40356B72AB577075CED36B9

Filesize
111KB

MD5
b0a7c4a23ea3d0b5c0520e3c13e73867

SHA1
a6b9784aa57d694622f820086d8d6dfdb6d0f1cd

SHA256
50a1fe4355f1f10f5238222931facdb24f87047fd0595f74acb9065620146b69

SHA512
7f4b26148055ee4aec947810dd2bc0c95a3282caa061b09a3862cf1451e665d2aa366e063f93e3021cf008b34818c6ca2e7006f9b584bc8dd4e614ba985c7738

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\AlternateServices.bin

Filesize
6KB

MD5
ebd0a7dc240805261173324a42684792

SHA1
599747ca6db99c63453a5d6350678779285195d9

SHA256
cac7b6735acba9083de7da220cfaaa191e25a7e7779c5bb29297201a3a03b657

SHA512
213a472509c720a1dbfae0bb096d63f910aff1f31090af3526d1197feb2bc46eeb817bc3b61302e50e3b6e10b69627319abd0efeebc3549176ea244d862477c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a2369871c26cb5bf61ae62953bfee80a

SHA1
093d0dc1a6e7a2de2d0a41c88135cf3153da95c3

SHA256
840ba986825087e05679efdab5c9b1e5b8ff59c782e1b5f50dd091a69263b8a2

SHA512
4e7cab3d935be6e85c57cf431e2feb085e59fa86ea59fef8c59188892fddd67e4da7e1553d7108b012e9f4a6fc73b83365764c316a04f19647bb9d11aeab4087

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c5018b5676bf9d6bf33e9736a7d4d2f5

SHA1
c38c8f0cc3d7861202af9004e714d497a90b7a8b

SHA256
289d300c140cb1076fe3d0b9b5e8feafa79924ee68fc9de255441cf00c974442

SHA512
7d99df97654a5be7322d81a7dacf6424bc9e9d33bf5007a6e18f747141e44ff7ffeacb714ae26c48d9b2e3038a181da89dddb16d2f54856857983062765d82d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\2eb8d287-d8e7-4886-97d2-02fc639eaa09

Filesize
11KB

MD5
81f52b22c9eacbfc50bbca5fc2fd64f1

SHA1
f6535275708c2863bac90a50a7e0784fc9ef7008

SHA256
d110a5f48fb26b83fafdc50193eabe2dcae9abbf641a7ee788de04b2cd8bca54

SHA512
d9bb5f99b36c2ab0f8503b518e77ecf710be4b2c76e0ff14f66c03877f8ab3994f5270becba87e56ec6cccd9c7677beefd683c46e298b184776389fa076da707

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\5d5f82f9-aacb-4611-ad30-0cc6ea9257ce

Filesize
671B

MD5
8dc3ac1be99940d3f2bb90fa0761dc70

SHA1
2d43892f50eeaf23728a165e4fa4d0e69547c9a5

SHA256
e540f8d9943e8b1b6151fcde04ad8acb46869c5db6093ec61ec1267aed6eb643

SHA512
85491f6936f22f215b403e331b6c14d3bd03d510d77c201c4aa782154c5e06c151dbcba29d2d5a46cd366add453804b1c82f10284d4f2a67eaaeed7d648a1bf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\6382ec47-b88c-4576-84fc-5bca527370a2

Filesize
25KB

MD5
7c691032e727a865bf338ed9d10005f0

SHA1
92d8c367835527f1ab8c6634899610276147a074

SHA256
564ca887167ca2c2843eb7ebcfee977efa14497e21b7c3a6b8cbf4a3b7dd4c7d

SHA512
897f17f5e60ab249ff09f0312da72acea4813e07f96086bc91549e74f03b795556d2e3a9d5aeb6b0456a588aa9043511e59b839fc2f20137414f8cc3fd4323da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\a0156e68-27e1-46b0-8b0c-5975afe1279e

Filesize
982B

MD5
c7bad54a13aa7b8923389b7f5b64706c

SHA1
802e1e292cb73f6a37f01916a8562899913073c5

SHA256
a9230d6916647519f4eb4da22f5177b7c1e51468c0a11724f7f0c8ff1c130803

SHA512
435de09226153dc19c5418a81f2585a08cf2caea27e0e8db4f1345a78393a95e5cd9095dc485c806419401a4f785a0fe21665e3934a85ac850d6088781d5cd9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs-1.js

Filesize
10KB

MD5
7f97d6773b08790303b5cee6e953b722

SHA1
e545536f97cbffb38af47e21d30fdf0368d6a4e9

SHA256
512340a0553e39124a4bae737fdb722b34ba7c899c67327e740056c771811d14

SHA512
102328245488ad3313b5af72c72e6eb8ce284162d710319768949f4ff6c1e964d91e2f69f4134929912317458298563cd14fe032d43266f9b3f3e2d5979a8dee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs-1.js

Filesize
10KB

MD5
6d73156dd917c4eea0b4b62274f5c635

SHA1
fda8b8e1024765e16348a2989739b8e7e57f219a

SHA256
7fa20b3e2cf20be2c5514dfc79ace69b5fcc25d863a71dd06479a450d5f3c91a

SHA512
4e11bf13ecfc215648dce7a599064787458d78cc1bb440cf600b53fa48026f6477c9f184063c26b4c04cdc189f5c4e3051f5c086abac15ba630978a06fa641b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs.js

Filesize
11KB

MD5
d3fb1636b231a85bc606b93ab46ea460

SHA1
9d403387f3d108646dfec7f88d130d4cff2f9992

SHA256
a91bba727c13419fc7a80b70afcb22282095e325da62c0b46db6fa3c7755b893

SHA512
7e58b6d665cf6a1126511d28ce1170bd360d635eb4714e05be736444ea13fc18a63da0061fdf3c5c51b2e14560e8aada7636bc4b7c4d0dd76cae798cd2ee9aa9

Download Submit
C:\Users\Admin\Desktop\release\Client-built.exe

Filesize
78KB

MD5
9c9d5fbc4921d5de3e06c2f4b436a8c3

SHA1
e6de603fca03034ea36944dfd71461c34ef78ac5

SHA256
8afc271bedd8f053959804d0c617cee96be554d333e8ecb2ed6dcaf107d4ff63

SHA512
8dae259a9638551a3473dfe529ee535669960cb6e426757391d5ba9b44555767ad1a880f3a813969913ba33827e319a07dba339700f3380c36b4656a4fb8e96d

Download Submit
C:\Users\Admin\Downloads\release.VOix1m3U.zip.part

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
memory/2060-576-0x0000000074660000-0x0000000074E11000-memory.dmp

Filesize
7.7MB

Download
memory/2060-577-0x00000000056C0000-0x00000000056CA000-memory.dmp

Filesize
40KB

Download
memory/2060-575-0x00000000055F0000-0x0000000005682000-memory.dmp

Filesize
584KB

Download
memory/2060-572-0x000000007466E000-0x000000007466F000-memory.dmp

Filesize
4KB

Download
memory/2060-573-0x0000000000C20000-0x0000000000C28000-memory.dmp

Filesize
32KB

Download
memory/2060-578-0x0000000009350000-0x0000000009472000-memory.dmp

Filesize
1.1MB

Download
memory/2060-574-0x0000000005C70000-0x0000000006216000-memory.dmp

Filesize
5.6MB

Download
memory/2060-581-0x0000000074660000-0x0000000074E11000-memory.dmp

Filesize
7.7MB

Download
memory/3180-584-0x00007FF9B0D63000-0x00007FF9B0D65000-memory.dmp

Filesize
8KB

Download
memory/3180-585-0x0000025DB94F0000-0x0000025DB9508000-memory.dmp

Filesize
96KB

Download
memory/3180-586-0x0000025DD3C40000-0x0000025DD3E02000-memory.dmp

Filesize
1.8MB

Download
memory/3180-587-0x00007FF9B0D60000-0x00007FF9B1822000-memory.dmp

Filesize
10.8MB

Download
memory/3180-588-0x0000025DD4440000-0x0000025DD4968000-memory.dmp

Filesize
5.2MB

Download
memory/3180-590-0x00007FF9B0D63000-0x00007FF9B0D65000-memory.dmp

Filesize
8KB

Download
memory/3180-591-0x00007FF9B0D60000-0x00007FF9B1822000-memory.dmp

Filesize
10.8MB

Download
memory/5384-592-0x0000026E546A0000-0x0000026E546B8000-memory.dmp

Filesize
96KB

Download