Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.to/Wo...

windows10-ltsc 2021-x64

10

Resubmissions

01-12-2024 23:06

241201-23wgrs1phm 10

01-12-2024 12:53

241201-p4tcks1rcv 10

Analysis

  • max time kernel
    64s
  • max time network
    73s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    01-12-2024 23:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gofile.to/Wox4/atrgnp.scr

Score
10/10
discordratdiscoverypersistencephishingratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxMDIyNTc5MzIzNzkwOTUyNA.GO7zwM.BLjqjzDn0kcO7VsPUa5W6XeYU7X3NlqlEDHvk8

  • server_id

    1160151795734163526

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Downloads MZ/PE file
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • A potential corporate email address has been identified in the URL: sweetalert2@11
    phishing
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://gofile.to/Wox4/atrgnp.scr"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://gofile.to/Wox4/atrgnp.scr
      2⤵
      • Checks processor information in registry
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4940
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74ace0bc-0023-44a8-a27d-d02fd6682bf1} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" gpu
        3⤵
          PID:4560
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2432 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff04f2b7-984e-4a3f-b4b2-f19a04ccf78e} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" socket
          3⤵
            PID:904
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 2992 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dabb8ec-14d4-4c84-b8ef-2d651acef6d0} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" tab
            3⤵
              PID:3056
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 2780 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d7a3679-438a-44da-a522-3355de35bd54} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" tab
              3⤵
                PID:1928
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4300 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4332 -prefMapHandle 4328 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1cf88f0-640b-496a-b9a7-d627f9828d9e} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" utility
                3⤵
                • Checks processor information in registry
                PID:1240
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 3 -isForBrowser -prefsHandle 5440 -prefMapHandle 5520 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {687a1f7b-4c9b-4cd1-aebd-2021b1693c63} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" tab
                3⤵
                  PID:1916
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5572 -prefMapHandle 5360 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85884be9-dd69-45d5-a833-473a56d24a6d} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" tab
                  3⤵
                    PID:5092
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5968 -childID 5 -isForBrowser -prefsHandle 5960 -prefMapHandle 5956 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0cdae03-4c25-4b97-a8f3-3f945b24eb51} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" tab
                    3⤵
                      PID:696
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6700 -childID 6 -isForBrowser -prefsHandle 6604 -prefMapHandle 6672 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5f4cbcb-bf0f-46ec-ae72-b51859a25423} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" tab
                      3⤵
                        PID:1284
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6428 -childID 7 -isForBrowser -prefsHandle 6732 -prefMapHandle 6728 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0176eebb-49ec-4627-bc38-bfa766d41e3b} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" tab
                        3⤵
                          PID:1484
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4704 -childID 8 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {922409be-21b1-4243-96cc-b1fc878ec473} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" tab
                          3⤵
                            PID:2956
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6156 -childID 9 -isForBrowser -prefsHandle 5964 -prefMapHandle 5920 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {446d70cc-be33-40cf-a530-0bec985cc2ef} 4940 "\\.\pipe\gecko-crash-server-pipe.4940" tab
                            3⤵
                              PID:324
                        • C:\Users\Admin\Downloads\atrgnp.scr
                          "C:\Users\Admin\Downloads\atrgnp.scr" /S
                          1⤵
                          • Checks computer location settings
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          PID:1640
                          • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Client-built.exe
                            "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Client-built.exe"
                            2⤵
                            • Executes dropped EXE
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4324

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\activity-stream.discovery_stream.json
                          Filesize

                          19KB

                          MD5

                          22b4a637bde60b0c74df4e7fe4a0df10

                          SHA1

                          e6ca4685be471fd830fa230660c961d5122f6136

                          SHA256

                          d56e751bdfe4ec27fb457ec2f19b795e0e425163fbd1ea7368627262560c057f

                          SHA512

                          3d4ac89d636738f2cd9a5d97f565632b555c332b86d9332c78707b7d8caa1a7dc281ec6ec741517fbfa04d394e822edc0e503c1f6e369f25c6d4bcc8d2ba7b4e

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Client-built.exe
                          Filesize

                          78KB

                          MD5

                          cd92dc0ece8c10cd8ba6a5590ecb8408

                          SHA1

                          dbbea74031adf85e0356772e2c58d3152e9bd357

                          SHA256

                          7cce0dc8fe5f2449e4d4357f3bfb759e3ea454735e2e413d03c84526c8002c40

                          SHA512

                          a94f2a1030f8eb282a504312e9623c23f00d4d649a3e1568bfedc276da307a542888945f2ad3494150cbe29e0be95361b0f90ec461a71eccace26a233ba5778d

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                          Filesize

                          479KB

                          MD5

                          09372174e83dbbf696ee732fd2e875bb

                          SHA1

                          ba360186ba650a769f9303f48b7200fb5eaccee1

                          SHA256

                          c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                          SHA512

                          b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                          Filesize

                          13.8MB

                          MD5

                          0a8747a2ac9ac08ae9508f36c6d75692

                          SHA1

                          b287a96fd6cc12433adb42193dfe06111c38eaf0

                          SHA256

                          32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                          SHA512

                          59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\AlternateServices.bin
                          Filesize

                          7KB

                          MD5

                          09892d7a67b8080276f7519019b0307f

                          SHA1

                          2ad562463f2558e76a9826af679c06ce618409e9

                          SHA256

                          65d79aff7900b9c8f21945ae3b09a1a846056535842c792967d446347e6fff03

                          SHA512

                          db8986b35a46764bd67453581bae91fedea419d867f42b786a57cf2a3bc8a1edee88a383866c6335c5e73b6e3476ebb07f9cdc946fb238c512d27967e73b2e11

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\AlternateServices.bin
                          Filesize

                          8KB

                          MD5

                          2f3a48b704b981616f2d85e60d0286bc

                          SHA1

                          d5a217516447ba338f6eadebb796dde9923b509b

                          SHA256

                          bf3e3780565a9c251561e4fb2b03980d16082ace4ff0736810bec9844fd68587

                          SHA512

                          0d6e3055ac56081493f532bd3579e8ef224bb469cc2bf8c4d6e16b04f7d0b8e0a72de424e9662fb196e7a4ed431d379a28cdb0c4ca7708a3a1f3bca4e1860153

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\AlternateServices.bin
                          Filesize

                          17KB

                          MD5

                          b8d37651a1ef68f375d69b6549c65056

                          SHA1

                          8ecadf1d5eb93b7b90b99d474a351e5d5af57307

                          SHA256

                          c62c98fc898d110d59b5fb9f7611c91e403e2b1d1b2bfc3ba00d017464733886

                          SHA512

                          cc1fd8b72190c5d98f962ac121af95e2adddfbdb11ecc57cd15a83cebc077a8dfce2f080086484e47f590f91cadd952377d57ab880da0943be7558ad0410ec60

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          5KB

                          MD5

                          3b029a59ef1ce0c87956003ad42b3cf4

                          SHA1

                          dc991da2ec28ede29568f590e48ebff7b44c1b64

                          SHA256

                          bd3fb467c4a7f06a1bf1d49960a838e3d405567b9d933004b490ec8ae07a3db5

                          SHA512

                          9a0b7ec6750f41230df8adf549f63319e37a173859c803870275303c412c2005d5698c0055222087be163222f4f7c47bb9cabc26e3e9cbbaceb3e84b3611b5bb

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          6KB

                          MD5

                          6f0161937d11d5f9f075dc86102160b8

                          SHA1

                          91d3b0da09ed7550bdfbd60ca386ffac04f11d23

                          SHA256

                          24ac2a9fe236f102be5acfb43f7e9290aac7038a71f7fbed13c7a414a663bace

                          SHA512

                          f46d408bc4d1c04dd50efb362326cd91a3295f5a271ed70b38b250dc5e7f723cf163607b3c3938b7f26342fb82d0724d72c1f3b9b9896f48e90af5ad81d7f6a0

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\38f1318a-7a94-476b-8f32-3accae236f72
                          Filesize

                          671B

                          MD5

                          db0030003d166655ed063aeaa736794f

                          SHA1

                          2e677c0e21bd85ab06f73dd3cbae935e30684360

                          SHA256

                          725ae25db9a1e51092fa53f3e207a0eca94c2cb17c1024c6080874f2c02d9742

                          SHA512

                          5994cfefdbf65c13c6a3a795c4e1de2950db423666d50d2d210b696ffc0a1c9e3ec96034e701ac0ea91c5425305261f6dd9e3459c0016a9945ee93326c593e47

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\a7ba9af0-0667-4d5e-85fb-0abfd1dead6a
                          Filesize

                          26KB

                          MD5

                          4d2725cc8bfd45d4dbb1e87ea397ca0c

                          SHA1

                          51634494e4e9b4752dd1d7da27f1247695ccefb5

                          SHA256

                          63585a2210ef4e732123fa4b6a2a72d1d9b6063fc86f871d4962067dcc202043

                          SHA512

                          b2ed19796710b95d15139edb2bc809bef2c465cfda5e7d71aee2434439e8517867496f24ba08d3385186a5b8e2acb6676ea0982f1489804ad84cf3bb8cc5da7a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\e8ad590a-074f-486b-a9e7-133d41e9d0bd
                          Filesize

                          982B

                          MD5

                          e9a7f666870cc3d22977bf38f8173de3

                          SHA1

                          e9246f86eb808a4d040579707e21be4deaabf0c4

                          SHA256

                          773ab86a59cfcaa74e7dc3e6128e4e08fc4d43252febc36a52636cbad7a77916

                          SHA512

                          525cf88c403a5d332fb6155dab5750c7ada7c510ce0b466e8d01ef23ff5e4432678089b9bd49836efeec41a9fd0254fd1321bc2793a6a202e04ec5260bd178bb

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                          Filesize

                          1.1MB

                          MD5

                          842039753bf41fa5e11b3a1383061a87

                          SHA1

                          3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                          SHA256

                          d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                          SHA512

                          d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                          Filesize

                          116B

                          MD5

                          2a461e9eb87fd1955cea740a3444ee7a

                          SHA1

                          b10755914c713f5a4677494dbe8a686ed458c3c5

                          SHA256

                          4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                          SHA512

                          34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                          Filesize

                          372B

                          MD5

                          bf957ad58b55f64219ab3f793e374316

                          SHA1

                          a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                          SHA256

                          bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                          SHA512

                          79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                          Filesize

                          17.8MB

                          MD5

                          daf7ef3acccab478aaa7d6dc1c60f865

                          SHA1

                          f8246162b97ce4a945feced27b6ea114366ff2ad

                          SHA256

                          bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                          SHA512

                          5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs-1.js
                          Filesize

                          10KB

                          MD5

                          f0ee328d1cdb0773655be4e3583a03fd

                          SHA1

                          13030e8ada6916176159275069f343e4d1cf9f77

                          SHA256

                          f58f5051e3e7c09d94d7cf1b920f700f4b83490e0517f64d4f8f224b39d4f3a8

                          SHA512

                          20ac8641b28f971f807b142eb4b2fe46d7a3c7f4611b65de028bcfb23e8adb13bf9d517360cd88795b77c51ef3020d37869db15355d9068936a6a90d8a0300cf

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs.js
                          Filesize

                          10KB

                          MD5

                          53e4fb06c07110a071118068d51081b7

                          SHA1

                          5f8f910e29ad1c0a6fd08ebb180e969363c8027d

                          SHA256

                          037727f1b96413c197f6a6aaac0387c7d849d85a497dfc9d9b0b9c8b91b681a6

                          SHA512

                          b5cd0b485fd438b8c26943515988fcd4841b25e9bb2ee73a6c4cf05f4c89513b5bb6144f23b8adb80766b9afdfcfe5e8e5dd036c71b482114ac8e43a08b5d3a6

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs.js
                          Filesize

                          11KB

                          MD5

                          d9fc748ec6f96951e2782ea8d09d9604

                          SHA1

                          7f2be02c72754dc6685d19aa973064639a2d695e

                          SHA256

                          774faf92ce29aab685f42a7266b3aaa3de55602ebed61722ab1258c72159cba2

                          SHA512

                          7a5c9f774ff57d69c3edc4e43c5ce5560487aa5872cf56ead8b01724b9bb166d3d9be9866179854bf0419651056689b4678b0e438897ead00d9fa17385163a6d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionstore-backups\recovery.baklz4
                          Filesize

                          23KB

                          MD5

                          88cf63d0f10dd0bf8aa7e4977e497469

                          SHA1

                          5f6f8b9b0366451fe5046694ac0cd075afdef78d

                          SHA256

                          d805c31f365f6a2d8da10df7dc7e423356dfa1138fa366f76848ac7e24cdf652

                          SHA512

                          599fbfc28014d360e74811ec544883bee187d5f11a9517ad73dda569de7c4db698090e075d8f3032b616aa5a0ecdc3cae3be3c496fa562e1796c7ee36ae6c466

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionstore-backups\recovery.baklz4
                          Filesize

                          28KB

                          MD5

                          47a4263b4500428dab64451f75da06a5

                          SHA1

                          3e0095347011e8d3c05eda63add985bafaf2336d

                          SHA256

                          3274ceddce2d9acea899c38de5639fc3cf37c78346c1bb0e0dd9a85815550d69

                          SHA512

                          d5f542e035a609cd00d8cb5bcaa46b3d62c5b94a11c435be88dc4ce7d848ca835e7504ff9544e2f9b05dc45a96b83b44e817257575d9f28adadfbf14b981c02f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionstore-backups\recovery.baklz4
                          Filesize

                          23KB

                          MD5

                          cb27bf4cc883eb3e9dc767fe1a5f96d0

                          SHA1

                          6a3ac1a4bb87a7b1c1be009c6212c2e66660bd44

                          SHA256

                          96e9991e1a0edb932fee7f1d13010cbf7ed6e306c21dc1476242209570ac6aea

                          SHA512

                          d1e7553df6bca75c42b4e40347515c2691e702e3c544137149920ddda2793b11eb571dd22e1be6fb6406607f6b70629db829212ebc9a63c428ae8dec3974cc79

                          Download Submit

                        • C:\Users\Admin\Downloads\atrgnp.fz2xo0VP.scr.part
                          Filesize

                          686KB

                          MD5

                          f63299c4377c4d75b31d58e97d7ae4e7

                          SHA1

                          a6802ca3880cefccbc5081a78831a3d978c844b3

                          SHA256

                          37ed0e9e2b26df1b341316d0b45c32d14b7b19f7667c496e01d4b117636eb870

                          SHA512

                          dc8ef84530888dfb82b49bc7b2195c2905c4d94ccf92322f2c2ab5a1a3c447b70cffb6355c59a34ef3c06a1b5ee3b66c2be8212eb42083c9477ce7d93fcc4875

                          Download Submit

                        • memory/4324-682-0x00007FFF10D33000-0x00007FFF10D35000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/4324-684-0x000001DD76530000-0x000001DD766F2000-memory.dmp

                          Filesize

                          1.8MB

                          Download

                        • memory/4324-685-0x00007FFF10D30000-0x00007FFF117F2000-memory.dmp

                          Filesize

                          10.8MB

                          Download

                        • memory/4324-686-0x000001DD76D30000-0x000001DD77258000-memory.dmp

                          Filesize

                          5.2MB

                          Download

                        • memory/4324-690-0x00007FFF10D33000-0x00007FFF10D35000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/4324-683-0x000001DD73F20000-0x000001DD73F38000-memory.dmp

                          Filesize

                          96KB

                          Download

                        • memory/4324-699-0x00007FFF10D30000-0x00007FFF117F2000-memory.dmp

                          Filesize

                          10.8MB

                          Download