Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/Y...

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250207-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2025 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Yodusa/Discord-Account-Generator/raw/refs/heads/main/main.exe

Score
10/10
discordratdefense_evasiondiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI2MDQwNzQ1MjQyODUzMzgzMQ.GYv6Cs.bHorOgR3dzpv33F18dZaRpWKB43NnKIjozVcS8

  • server_id

    1260407315073597510

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Downloads MZ/PE file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 24 IoCs
  • Suspicious use of SendNotifyMessage 22 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Yodusa/Discord-Account-Generator/raw/refs/heads/main/main.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Yodusa/Discord-Account-Generator/raw/refs/heads/main/main.exe
      2⤵
      • Downloads MZ/PE file
      • Subvert Trust Controls: Mark-of-the-Web Bypass
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2200
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 27413 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c0dee38-d2ed-4517-91f0-04ede3cc9bfe} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" gpu
        3⤵
          PID:3428
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 28333 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56036d37-e017-48c9-bf67-fc765316e5e1} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" socket
          3⤵
            PID:4548
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3184 -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 3284 -prefsLen 22746 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {caf565fe-d41d-46dc-a4f5-87379006d4db} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
            3⤵
              PID:4872
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3684 -childID 2 -isForBrowser -prefsHandle 3680 -prefMapHandle 3676 -prefsLen 32823 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38bceb77-2c06-4b00-b1bc-a01812711edf} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
              3⤵
                PID:4988
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4376 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4428 -prefMapHandle 4424 -prefsLen 32823 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11d884e9-8854-4019-8dbc-4546c6aebb36} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" utility
                3⤵
                • Checks processor information in registry
                PID:3924
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5088 -prefsLen 27038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ed5ad78-a33e-4f43-950a-d4c202b42a10} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
                3⤵
                  PID:1908
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 4 -isForBrowser -prefsHandle 5472 -prefMapHandle 5480 -prefsLen 27038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ab9b966-c788-49c7-841c-c5a51087d6ac} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
                  3⤵
                    PID:644
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 5 -isForBrowser -prefsHandle 5748 -prefMapHandle 5744 -prefsLen 27038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {394c0f13-4115-4f41-a6bb-5ab0353248ae} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
                    3⤵
                      PID:3896
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6636 -childID 6 -isForBrowser -prefsHandle 4268 -prefMapHandle 4336 -prefsLen 27401 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2582da14-4af0-4dee-9eac-6b480a21a2bb} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
                      3⤵
                        PID:1492
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6556 -childID 7 -isForBrowser -prefsHandle 6784 -prefMapHandle 6792 -prefsLen 27401 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efa25216-90b7-40d4-b42c-84ad6852c0d3} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
                        3⤵
                          PID:3304
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 8 -isForBrowser -prefsHandle 5280 -prefMapHandle 5624 -prefsLen 27401 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2139528b-596c-48ef-ab4e-fb1b923137c4} 2200 "\\.\pipe\gecko-crash-server-pipe.2200" tab
                          3⤵
                            PID:4556
                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTQ0REVERjctRDA2QS00MkY1LUJCREUtQTYyMDVGRDI4MjYwfSIgdXNlcmlkPSJ7RDA4MTJEQTgtN0ZFRS00ODQwLUExODktRTQzNjJFMzE0NDlDfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7Qjc3MTg0NDMtODREQi00QTc1LThCQ0QtNDE0QjRCQUY5QjVDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDcxNzgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTY4MDM3MTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTI5MDkyOTczIi8-PC9hcHA-PC9yZXF1ZXN0Pg
                        1⤵
                        • System Location Discovery: System Language Discovery
                        • System Network Configuration Discovery: Internet Connection Discovery
                        PID:3768
                      • C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        1⤵
                          PID:2100
                        • C:\Program Files\7-Zip\7zFM.exe
                          "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\main.exe"
                          1⤵
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          PID:2100
                        • C:\Users\Admin\Downloads\main.exe
                          "C:\Users\Admin\Downloads\main.exe"
                          1⤵
                          • Executes dropped EXE
                          • Suspicious use of AdjustPrivilegeToken
                          PID:2564
                        • C:\Users\Admin\Downloads\main.exe
                          "C:\Users\Admin\Downloads\main.exe"
                          1⤵
                          • Executes dropped EXE
                          • Suspicious use of AdjustPrivilegeToken
                          PID:6112

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\35953ed9.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          21KB

                          MD5

                          ef92e9cc46cc21d57d8d799fe0a092f6

                          SHA1

                          1a331e7b845b9c4fb7e83aebddbcafedf24d7479

                          SHA256

                          05f60c880c28578e4dd5edd7c374aba3b8c89676f047805743bde94c41dcdee7

                          SHA512

                          13cd3ff67b8323e57b801167ce1220824d3f6eb2f09ec377c87394dd3a662e072081624ceff7e85ef19fdf1b06007bdfc670b76eea099d855caf1517a4639d48

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                          Filesize

                          13.8MB

                          MD5

                          0a8747a2ac9ac08ae9508f36c6d75692

                          SHA1

                          b287a96fd6cc12433adb42193dfe06111c38eaf0

                          SHA256

                          32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                          SHA512

                          59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                          Filesize

                          442KB

                          MD5

                          85430baed3398695717b0263807cf97c

                          SHA1

                          fffbee923cea216f50fce5d54219a188a5100f41

                          SHA256

                          a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                          SHA512

                          06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\AlternateServices.bin
                          Filesize

                          7KB

                          MD5

                          374684d1fba0020f2e572fe497d9a26a

                          SHA1

                          2e0cd92a0b39a3d0a42bd3a98e4d6eaaf097b857

                          SHA256

                          d44996b77c78751eae3ae13b10890504a23ebd56c5305d05ab667790b814963f

                          SHA512

                          6ff663a04ea02cfab76cbe2d8ba425c7112351ee8b60ae8a2902a1ecd169754778e54b630cf8d0c2ab2f9ce3907668935dfe6647e014b793caf1aede4383a386

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\AlternateServices.bin
                          Filesize

                          17KB

                          MD5

                          fed45627f99aab03c6193dafc56edd44

                          SHA1

                          8baadb02540bdbc73c8fd336d028b4e73f275bc1

                          SHA256

                          8589beaa9826566cdee29e799e695826b80420d27bb10e3c57b39a5acc9bce7b

                          SHA512

                          be07a0ac14fa3ce6a17f408120dcfd7084dfe770aba5ab6168b890cedf044a840bc2fbacce30b9d7d53db78f22f4c2c30a27f3129b85bfc3237bd0fbc4691cf3

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          5KB

                          MD5

                          868b954226942b06842b844ce76d280b

                          SHA1

                          2e962f0953d5d0f3a13d2c68f87a1368f29773a8

                          SHA256

                          90706f01d7a7b9d16697811ded4b0dda322de1eae74d674e7550f1f980867fa9

                          SHA512

                          2275964a82f14c870c5f19b4cd8e8f5494127e23752884357fe642685f27927b078b1e4de8ab51efe6eec4ad97cfab4d0b77ee7156ec97bd8062b0a3981b1a90

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          7KB

                          MD5

                          5ff2a065fa1491996e7cb4669531e78a

                          SHA1

                          52af5df65af6d9eba484ae23d5471f0dd76ce5ff

                          SHA256

                          32f42fd5a05c9fc8beb07a44bbe23441794ebeab518ab321c31d803799404fee

                          SHA512

                          213ac86c0a15b9390fc56f5c979c7cfdf75993210e93a655e2a463698a24b494f70718165b221d79153501262b38d7c9c339ed1566b79a7d3955eecdefbb1614

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\datareporting\glean\pending_pings\06e947b7-8156-4548-887f-816ef23b56f9
                          Filesize

                          27KB

                          MD5

                          b675a84f5234bfbc70bce8067231797c

                          SHA1

                          956dea652f0b1d6a21ebe791f3dd8a72d031a3e7

                          SHA256

                          d59d52d5d148bc08b3b6df201f8ce6d13f0951422b1e8245ef9208eb9ef27368

                          SHA512

                          7b224d1c4a6e7ae1f85e0847b9d2ff90aa017a54d11e02eb50badbc33de79ed054218c7bd44571008b9803fb45e29ad8cfce6a5c744d62d37cf179a2c95bcbdd

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\datareporting\glean\pending_pings\3ef15d5d-18fd-4cbd-b274-c5dc082c4865
                          Filesize

                          671B

                          MD5

                          47501ebcf9e2ff2dca3f99e5e4728798

                          SHA1

                          147f4fdd0d278921b941df2119ef7c05ffaf6193

                          SHA256

                          4491e6514c7b01814b8e5e5818802e74a4797b0b405f9c66846d01e16df7a566

                          SHA512

                          c06bc901ac72550c2307f954cf55b53fc143aff9799ad2e8d6133bb52062f5f8607f412a18e44df9157543487ae62d276d981873ad69dea8631b6056539eb7e3

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\datareporting\glean\pending_pings\6284477f-a9a6-45e8-b79a-314045bacc51
                          Filesize

                          982B

                          MD5

                          9a6b69dbf6d7aca973799c8b6195c9a3

                          SHA1

                          21252cfa8a5950084b651954a3f7271b7d40c414

                          SHA256

                          f2c0146ab7a8a5185fa6e4f48df05de3332430f990ee176998bb44901816f5ee

                          SHA512

                          3586ffdec8cb96c22a12c85a7d58a753d3e452067d3c88062b2776bf3c921325b49810d227516dcf73e469b96754c073128fe5c532c8b9a5c5c46148128b5d56

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                          Filesize

                          997KB

                          MD5

                          fe3355639648c417e8307c6d051e3e37

                          SHA1

                          f54602d4b4778da21bc97c7238fc66aa68c8ee34

                          SHA256

                          1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                          SHA512

                          8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                          Filesize

                          116B

                          MD5

                          3d33cdc0b3d281e67dd52e14435dd04f

                          SHA1

                          4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                          SHA256

                          f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                          SHA512

                          a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                          Filesize

                          372B

                          MD5

                          bf957ad58b55f64219ab3f793e374316

                          SHA1

                          a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                          SHA256

                          bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                          SHA512

                          79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                          Filesize

                          17.8MB

                          MD5

                          daf7ef3acccab478aaa7d6dc1c60f865

                          SHA1

                          f8246162b97ce4a945feced27b6ea114366ff2ad

                          SHA256

                          bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                          SHA512

                          5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\prefs-1.js
                          Filesize

                          10KB

                          MD5

                          2340664cabd3d8d92b62dcf2c1244203

                          SHA1

                          8d5b58eb5065866d59c214408140902c682b9e64

                          SHA256

                          d023dcae4cfd97332dba88d136648a3c6b984c061b7219fdc3dd4d03cf67b43e

                          SHA512

                          50ebd58c71e8779f69e7b0a137ec0742aa0260c479c43d59ae50873d3bbd119f1a590079244ab7708bfd6a64b11dafaae3767890868a7d4f65e80028a6b90599

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\prefs-1.js
                          Filesize

                          10KB

                          MD5

                          c97b858f4dcce85248703fe4c743ef6f

                          SHA1

                          0ecc1e732ac3f6a1535dfde348114ae9c13d6979

                          SHA256

                          2e3b2549f5f48caeebbf1fa89d0529605123adaeb6615561fa0adc168f696d57

                          SHA512

                          c575bcb6a359097e700ae4ada77998039651e31906fbb10bfe51c209843bdb0e31d2bc704255e199bbe98f4f333c19e5ea5f1658b45ff7908aae082e37520b8e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\prefs-1.js
                          Filesize

                          11KB

                          MD5

                          c17913568c03489645768e619f31ba51

                          SHA1

                          a2c1b1ec6df0e78b91c68bcc8afcb95bac6ab758

                          SHA256

                          3e7c04d1aef434a5418345e2edd17884dd6ad89400ea843f78ba7ddc1b3936df

                          SHA512

                          eaf7a8ba6bee57d933857ee08b22666182e166845d6fb3bacf18d40628ff4ea0fc1c1eb7233d129f6fc3f9af59dce7c2dba50621526a0428789a2a640eaf6314

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\prefs-1.js
                          Filesize

                          10KB

                          MD5

                          67724fce6b75482a551d1c640ccf9dd6

                          SHA1

                          80c99b05f43a9a8441e6e8aedd7554ca12407e73

                          SHA256

                          a0401308ddaecb71b5c0fbd64a1d56e4f66ba8c52d4fcdf0beb9924762870d23

                          SHA512

                          42417c3fa8a88db8641d684a3f96cc255750aec820632c136adfadfda2b7b895002488babd6f617aa4985152a43d53c5863bce0b342e7c282dbf17573062fac5

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\sessionstore-backups\recovery.baklz4
                          Filesize

                          1KB

                          MD5

                          190d2945ae842d2e4dfd31973dfe56e7

                          SHA1

                          32429d5b5770736f43767d6510f2fe675c772726

                          SHA256

                          4f9362da6c1b4d7c6f3002e25395e84daad87771e1b5e85cf5c174e2ed481922

                          SHA512

                          020218263edac48dc6a2589406b4f70c7741315fe43b746734c555e1e9b74ea99534dccf0ca442824e8ac4459bd45222b46ccdda93224c431308a9f96df1d3a4

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\35953ed9.default-release\sessionstore-backups\recovery.baklz4
                          Filesize

                          2KB

                          MD5

                          289eeeea3f52ec660f0949e8b1120f42

                          SHA1

                          13968d2e349bcb3735be57190316acc48e039f36

                          SHA256

                          bd9b8e68ed5f3e45fdfd69041ea0af5d014a2adbf4c4bbe6478078184d5eafe6

                          SHA512

                          508a05ee95c6040fe5fb61246d2edb8d52a8719d66411ab6d8956585904a47dec848e33126294b49598a161909f195e2c6eac81d0912e8f003da932d12159a5a

                          Download Submit

                        • C:\Users\Admin\Downloads\main.dkuhdTWc.exe.part
                          Filesize

                          78KB

                          MD5

                          2dfd2fba1022292bcd1867b126624260

                          SHA1

                          ef374c3639e3f28a8594e1385a0f45a8e51f2673

                          SHA256

                          954bf7c432eac4d4291b76b598fe25f28275800eb9d06fe7f3f0b53b41f72c74

                          SHA512

                          1cd7427295950491b627945c4f848906e3ee710e593033ed24638b7e29ace004b7ae8d3cfc7726b3e1dea53595336ba165b1fd5282f8637b047a50217238c9fc

                          Download Submit

                        • memory/2564-505-0x000002056C690000-0x000002056CBB8000-memory.dmp

                          Filesize

                          5.2MB

                          Download

                        • memory/2564-494-0x000002056BE50000-0x000002056C012000-memory.dmp

                          Filesize

                          1.8MB

                          Download

                        • memory/2564-493-0x0000020551810000-0x0000020551828000-memory.dmp

                          Filesize

                          96KB

                          Download