discordrat | hxxps://github[.]com/GvnstarSquad/Discord-Rat-3[.]0

Analysis

max time kernel
441s
max time network
492s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2025, 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/GvnstarSquad/Discord-Rat-3.0

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM1Mjg1NDgzNDM1NjY4Mjc1NA.GDqmXA.ZUc7D57M-bPTDQFZvuBsrXHWTytvPXAX8D1-iI
server_id
1352855724509757482

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Executes dropped EXE 2 IoCs

pid	Process
2704	builder.exe
3956	start.exe

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Documents\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	firefox.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
107	raw.githubusercontent.com
108	raw.githubusercontent.com
109	raw.githubusercontent.com
110	raw.githubusercontent.com
111	raw.githubusercontent.com
115	raw.githubusercontent.com

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks processor information in registry 2 TTPs 30 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 = 56003100000000007f5af20c100072656c6561736500400009000400efbe8d5a6f688d5a6f682e000000dd33020000001e00000000000000000000000000000079c30401720065006c006500610073006500000016000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\MRUListEx = ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\NodeSlot = "7"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\release.rar:Zone.Identifier	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4596	firefox.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	212	firefox.exe
Token: SeDebugPrivilege	212	firefox.exe
Token: SeDebugPrivilege	212	firefox.exe
Token: SeRestorePrivilege	3916	7zG.exe
Token: 35	3916	7zG.exe
Token: SeSecurityPrivilege	3916	7zG.exe
Token: SeSecurityPrivilege	3916	7zG.exe
Token: SeDebugPrivilege	3956	start.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	4596	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	3820	firefox.exe
Token: SeDebugPrivilege	212	firefox.exe
Token: SeDebugPrivilege	212	firefox.exe
Token: SeDebugPrivilege	212	firefox.exe
Token: SeDebugPrivilege	3884	firefox.exe
Token: SeDebugPrivilege	3884	firefox.exe
Token: SeDebugPrivilege	3884	firefox.exe
Token: SeDebugPrivilege	3884	firefox.exe
Token: SeDebugPrivilege	3884	firefox.exe
Token: SeDebugPrivilege	3884	firefox.exe
Token: SeDebugPrivilege	3884	firefox.exe
Token: SeDebugPrivilege	3884	firefox.exe
Token: SeDebugPrivilege	3884	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
3916	7zG.exe
212	firefox.exe
212	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
4596	firefox.exe
4596	firefox.exe
4596	firefox.exe
3820	firefox.exe
3820	firefox.exe
3820	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
212	firefox.exe
3884	firefox.exe
3884	firefox.exe
3884	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 212	4624	firefox.exe	85
PID 4624 wrote to memory of 212	4624	firefox.exe	85
PID 4624 wrote to memory of 212	4624	firefox.exe	85
PID 4624 wrote to memory of 212	4624	firefox.exe	85
PID 4624 wrote to memory of 212	4624	firefox.exe	85
PID 4624 wrote to memory of 212	4624	firefox.exe	85
PID 4624 wrote to memory of 212	4624	firefox.exe	85
PID 4624 wrote to memory of 212	4624	firefox.exe	85
PID 4624 wrote to memory of 212	4624	firefox.exe	85
PID 4624 wrote to memory of 212	4624	firefox.exe	85
PID 4624 wrote to memory of 212	4624	firefox.exe	85
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 2268	212	firefox.exe	86
PID 212 wrote to memory of 1672	212	firefox.exe	88
PID 212 wrote to memory of 1672	212	firefox.exe	88
PID 212 wrote to memory of 1672	212	firefox.exe	88
PID 212 wrote to memory of 1672	212	firefox.exe	88
PID 212 wrote to memory of 1672	212	firefox.exe	88
PID 212 wrote to memory of 1672	212	firefox.exe	88
PID 212 wrote to memory of 1672	212	firefox.exe	88
PID 212 wrote to memory of 1672	212	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/GvnstarSquad/Discord-Rat-3.0"
1⤵
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/GvnstarSquad/Discord-Rat-3.0
  2⤵
  - Drops desktop.ini file(s)
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2028 -prefsLen 27099 -prefMapHandle 2032 -prefMapSize 270279 -ipcHandle 2088 -initialChannelId {b0240ecf-4576-4c38-b903-6cc0070e7ef6} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:2268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2492 -prefsLen 27135 -prefMapHandle 2496 -prefMapSize 270279 -ipcHandle 2512 -initialChannelId {024b7483-4e8c-4edd-9dfd-fd39b2ac2c04} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    PID:1672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3812 -prefsLen 25164 -prefMapHandle 3816 -prefMapSize 270279 -jsInitHandle 3820 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3828 -initialChannelId {9e8e2911-8118-4ba0-bad2-299167cd958d} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:5336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3980 -prefsLen 27276 -prefMapHandle 3984 -prefMapSize 270279 -ipcHandle 4080 -initialChannelId {df791f25-2c0d-4948-958b-2d77d5baf09e} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3184 -prefsLen 34775 -prefMapHandle 3280 -prefMapSize 270279 -jsInitHandle 3284 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2884 -initialChannelId {dd839182-5524-48b3-9b0e-568b43eca697} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:3480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5112 -prefsLen 35012 -prefMapHandle 5116 -prefMapSize 270279 -ipcHandle 5088 -initialChannelId {17770f20-8df5-49af-81b5-9a20f0541056} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:4124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5296 -prefsLen 32900 -prefMapHandle 5300 -prefMapSize 270279 -jsInitHandle 5304 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5312 -initialChannelId {39cc7099-12e2-4e96-a125-e85fd53ade0f} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:6028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5524 -prefsLen 32952 -prefMapHandle 5528 -prefMapSize 270279 -jsInitHandle 5532 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5540 -initialChannelId {ec15bbb5-a498-45fd-94e6-0bbcbe11961a} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:3056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5708 -prefsLen 32952 -prefMapHandle 5712 -prefMapSize 270279 -jsInitHandle 5716 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5724 -initialChannelId {51c01c27-4bf6-414b-89b5-fc89a5f3df92} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:5156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2716 -prefsLen 39553 -prefMapHandle 2948 -prefMapSize 270279 -jsInitHandle 2952 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6296 -initialChannelId {7f64a3b4-3646-469b-a995-ec3026799d86} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
    3⤵
    - Checks processor information in registry
    PID:1640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6852 -prefsLen 36543 -prefMapHandle 6856 -prefMapSize 270279 -jsInitHandle 6860 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6868 -initialChannelId {ea679663-34eb-4c2a-ad52-9e84db665ca1} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
    3⤵
    - Checks processor information in registry
    PID:5244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 4 -prefsHandle 6884 -prefsLen 39632 -prefMapHandle 6984 -prefMapSize 270279 -ipcHandle 6860 -initialChannelId {43232f99-37c1-4203-acfe-938439eaaf4f} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -appDir "C:\Program Files\Mozilla Firefox\browser" - 12 utility
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 4 -prefsHandle 6856 -prefsLen 39632 -prefMapHandle 6840 -prefMapSize 270279 -ipcHandle 6984 -initialChannelId {624246c7-97bc-4be7-8f3a-682d9337a24f} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -appDir "C:\Program Files\Mozilla Firefox\browser" - 13 utility
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2680 -prefsLen 36543 -prefMapHandle 6992 -prefMapSize 270279 -jsInitHandle 6884 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6852 -initialChannelId {7cd03de0-d036-461b-82e7-9478c471ac99} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 14 tab
    3⤵
    - Checks processor information in registry
    PID:4580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 4 -prefsHandle 7260 -prefsLen 39632 -prefMapHandle 7264 -prefMapSize 270279 -ipcHandle 6884 -initialChannelId {3864c132-887b-4ab5-b6ee-c65a8ad296b7} -parentPid 212 -crashReporter "\\.\pipe\gecko-crash-server-pipe.212" -appDir "C:\Program Files\Mozilla Firefox\browser" - 15 utility
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3884

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3664

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\release\" -spe -an -ai#7zMap4163:76:7zEvent5509
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3916

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2704

C:\Users\Admin\Downloads\release\start.exe
"C:\Users\Admin\Downloads\release\start.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3956

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\activity-stream.discovery_stream.json

Filesize
25KB

MD5
fbfe3f020c0e75a32a8e22b323c28a61

SHA1
38443219005552fcc3de1266d5b16d63e90cad72

SHA256
c52922e821b51237f578b2185f6fb3d7c48738014478d83f49d288ce77f58871

SHA512
564841b3ce82480e34dcaed4e7f3b7b7df3987938f86d4986bb65ee0500d3d0513c9fb2c82964ea2f3cea4b33d9aee6cd31e070af2d171746e271711cff56f3c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\cache2\doomed\1721

Filesize
15KB

MD5
705903b1c4f5c893322d828797cd24c3

SHA1
298383ca8d41b9df65328469ae666b0164239364

SHA256
d21a5bdbccb03c28435224ef80833f963e6a08d12484f47db4c7bddfd86e7249

SHA512
02d333562264737658da29f66dc7888ed820524d1b9b3285e25b27cc525a635719a7c38551dd85d5fe26ce645ebe599312d18227d571668850f0174e0097a29e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

Filesize
13KB

MD5
ddb6839650b95e1080aec9149fe3216c

SHA1
b77957ec628c2e6f949e7b0cbc667cec8d49b74c

SHA256
20f07f206921e4f22326a132d7cdd1d97dbd7bb91d9c1c99fcabd8a031d1b5f6

SHA512
ca11b79523bebfa36349c8d260c0ce3af53353a5729c0be9cba6c428d85fe6f302296e346c6410c48b3acffdd16d1b0eb6f2d8f62614a50ca96de250c00297f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\Temp\remote-settings-startup-bundle-

Filesize
210KB

MD5
9a5346ff07af24837a18ae3f52b5dc1b

SHA1
439b2064cd228eb60a2f5293a8ee31d71cf0eb5b

SHA256
b4b34dc0b6843360bda6afbb614f241e1a8439e2ae261e589c5b1e496a1cc590

SHA512
c25587463aae2802a8325585147e98067b8f2e17631d1dd72d5f46e93bec637e2c812f9025fb6bd4729b5371f27dce4b0c669d8c0527410795e410bbc0471e61

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
11KB

MD5
25e8156b7f7ca8dad999ee2b93a32b71

SHA1
db587e9e9559b433cee57435cb97a83963659430

SHA256
ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

SHA512
1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
6e7c060ba85ffc5f41045d30c841bfef

SHA1
675da27a569dba55c5c79131962fd4af74f63800

SHA256
e94b13d703cbc15cd4295a7d36effd5fe98cc47c77e53373a3228b0387679fb3

SHA512
bd703e4ad2cbb2391050e83b16789c85904d028ea5d59989f8a42513277e8fb82c7fc78e4e2e33fd96e4a9aa4756909597be662537992f2dc18d9863b6de0ced

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
6478d4322a1f913b856b5ec8247b6a49

SHA1
d6940f052f0314f2aac63b9f4e5752af332d479c

SHA256
b6cefc896ab46dbc0d235985452c734f0b3a01f57082b025e56c0f890379a9ea

SHA512
bd28ccfee6485719b248d3a3cb67746efcb37d9048816e1880a3cce69687f98938307fd5cc76d5730b191ca5eca4785d47d72e7142e586c21ff8ce7ea861a278

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\AlternateServices.bin

Filesize
6KB

MD5
d15c44bfebfeb4fb983a571452987765

SHA1
9a9bcd369f2622a42b61022361e08371554ff83c

SHA256
8b46252e7331ceed310702167401b25a8bb8ff0931bf3dd33952e4c8bd9a096a

SHA512
93ca380acc268ab388831c0ae01676a9c156c5dd497f9750d12b40b273e52d97b61311deeaa2635cf686016f7fea0e43f72a1e43c6101158970e6eac56107fd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\AlternateServices.bin

Filesize
8KB

MD5
7e78089f117523a26fa60fcb54c5d492

SHA1
aa05162fb3f3d7ec32f4356f4af3120338d9ce60

SHA256
0ae77a38adbfac2f79dd2bbaa938f7a7708ba4d7d401c19fcb3b44c3f3483530

SHA512
c3f4c18646dd3dc05b78ebbb9aa229e782366fe197b18da9df36f0ae9f2699f60f7225d1260d1ac61724e4b60cf50a4d01ae3159709caa4b4337d7a796f4c22c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\addonStartup.json.lz4

Filesize
4KB

MD5
fea329a21fbde5d3b976e7aac736a8b2

SHA1
b7fed4ca5211869798dd440b56ec759f1a6f2f46

SHA256
500899d7bb72d128dfd2dc9fd06c9d00e20b07a069c3a5469b686cb982e0f5bb

SHA512
e87964668ab7bd05844391afb82f99ceba81bcfcb4c4350b29f610ecc4ca13a6732bdb383300771c158689466381737d11e50f2a4a2f02127ca63c93571db3ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\bookmarkbackups\bookmarks-2025-04-13_10_fEYofKr411Ydgp7AtHLL7cFm82yVd9AXZ5XWptDGjh0=.jsonlz4

Filesize
857B

MD5
62eb601601060d63a01e4af594182d91

SHA1
a8879e911f6795469117700aef9f378a70c6395f

SHA256
6a4dc8b94666ef9cb9611f20bcb7a438598fccb63c0723f61c061a74a89832e8

SHA512
7f21fe0bd1ff95cccdf89d8c7835573bc9bb87cac55516a64f0d496fd51a2cb448678fa1438e8061fcc0f2db9702c49df1c8df8c32697260903cad28ec407b01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\db\data.safe.tmp

Filesize
103KB

MD5
7f221f409d07681b2db31cb2ddd1f0e7

SHA1
24bf6a80edb02929340b1c5dc3e77a92110021ba

SHA256
f0309479b4eb76da93356fb64915763f248d72d8668e684f64cbe9627ab3d7bd

SHA512
f11275a2e86ecbaab9832ae0a1ccadb677fbce913846ffa5ca0ccba383a5132aaa09bcaeac9792644f77a0c9b01606228e90116691b198f09bdc34f14eb90813

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\db\data.safe.tmp

Filesize
103KB

MD5
eb3d1420b1a4fea2a6d7ad8156704c91

SHA1
de489941a0277722607f48dab9db24bcc25719e8

SHA256
85a68de0821089d51067d102bc5d94a663c6597cc890558034f603ab6dc874a1

SHA512
13c3764b35aad257ec3f1d69f233dc445c70f30b55dedf7f27befd81f78379afbcfe16f221d6cf0cb4a48adad09ec96b3703ce393ebebc4eee40b4fd7c58c48c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\db\data.safe.tmp

Filesize
103KB

MD5
f8152751d0908940c95c785166057d2d

SHA1
d01b7eb8635d4bc1445812169b8037ed65a83e2c

SHA256
b3e32881a5e5fbbc173bcb954910ae50fdfde848dc4d1877d96cc2a7c6cbad69

SHA512
b89e5cb2b6ee25ce0df6516bb6891547cf9854ff3d26675d856f6e6e3f23c791cf950091dfc48b037246f445841619ab1f01ddddbeae4575373d37a241c3130c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
10c8e1841446f741452c1c0de99812e3

SHA1
1be87778f0cd7e7b0cb057bccfe9a52bcc68ea24

SHA256
3d9e791b3cdfabba0920735cfa0c7eb5871a0331d835b5c9cbf63949357cc5c9

SHA512
29c8ee889c4546667f7e696eb8a5d55f4da32b33ad42d59c6c909e431a59dc93fb390de5806b955885e79c57da033d7cef0a181e1ec55848dd1bcf99cc8a53b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
f91eb089c178d9dbf70e5037ef2e97c9

SHA1
8be5cc4da678b87f8b83c93ce228401f602dc288

SHA256
a6f2d7f4cd60b9835a00ea55bb207f665e210ebbe67ca572bdd904069a346edb

SHA512
526997fb46bcdd6a463d4593581cf94386916c77099a1892f9e3e8b824fa22f0d701daa6c28461837bbb1fe33b7fae2e4924fb769e0a0ac9a9177663c8341c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\475d6fd4-2da6-4b89-bfed-8a6d7cc54e70

Filesize
886B

MD5
857f995a9e11a3b6dc53eec393c026e6

SHA1
df4e979d59afe48d984844a2534567a97cd07173

SHA256
4663ec9220bf4fe790a89d1cc9a2c2cf242c94adde1723c72c42d92e26f4152e

SHA512
8b55e57ad8c0b6db41979248a94244c2160fe670a866cee5a8fb8868d43d4743e381e01147249b9323817cad5f0e267dd40aead87b9a763cf9c6f2a80b7ad39f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\48421cba-c720-4d56-88e4-573072ad6b96

Filesize
883B

MD5
44f38bdee260a979ffa92f9cfb0994e7

SHA1
4ac4d7a9609f256dfc182d30c6c86a21a75ca101

SHA256
3dbc81d4e5a096d3cc8361c7ef273991243891667aee976366a6fceeb4b03ce9

SHA512
cb8e03d3022b8e92ebdf960476491cc404a4fa27e3e698c733ecdf08d67f7e4b609aae2d924f1ddfb3dca1d1eea2b9f8a625b9377a279b67d6f0b900ca147f4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\69d04471-51b4-4bbb-ab22-bb59a38e5de2

Filesize
235B

MD5
e51ce3ac8a1f536f9af8033c9225f07c

SHA1
b3bd55418214f783b3fd3d86e2bde59c862f5f2f

SHA256
f469937fb44565b82edbc02bb2274db3d701a8f9de1ec8d3393773d17f3eee20

SHA512
0246d08fe230f23b37278c27ed841f38510ae064c50218c26ea9acc0e650d4d6f00573ee3103da279d3fcf1e83e07625d88ac49a56425b94e66b9c99b04a5913

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\957ccc95-e0c3-4c3a-b95d-5108c9664634

Filesize
235B

MD5
86b0aa12713b7c80c756e9a946613648

SHA1
66dbe2f0b87224420a9b53f6c605c16ee25886a9

SHA256
3d5955607ccc055faea1a4041350616d2779d7b1bd7b64b01fd4facd7735c438

SHA512
22375414029a7e0076fdfc9c9f2fcbf14aed952ff60806c59dae98d7f6dba8403817edf05c943f60afa326a0c7ea8ef9b45f0ea977a691ccaad7556f79a1b74c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\b84e161a-efd0-470d-af26-1d9eb6d609ed

Filesize
16KB

MD5
d9154bbc829698dfe4ef8c64e3c58a2b

SHA1
88a513f876850348e34ce36b89fdf2182f7aef0e

SHA256
60095047ecc3eee959e1d7237b2d872c1c6daf037c007686d8141c920a481e76

SHA512
39dba664b9d0d6b78859a5f845278053eb54d2880fc44a934bbae32f182665e8ce87f4e8f66062af1e5263c0b5d95aa587c87dd8beeccbd3a74351e0c4829c10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\edd0c2bc-5a18-4cf3-b594-04f79f576bf3

Filesize
2KB

MD5
f43362d8faa623b28435e6f9344bb4c2

SHA1
8877d505eeb5b7ba09bab2db81cbb4f648a79e26

SHA256
fcc81d2a66428cb8c5474d7303af9a1a2d92378fbc49883607d0d0bc27c10150

SHA512
91420fff3c1fa8de424f774da3f234753c6d2f21b470ce5ce079a5f4bc2e5583107407d5c1608282bfc9f5886b3d0c90ed17dc927d0192fe4bd82c739987569a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\extension-preferences.json

Filesize
942B

MD5
20357ec0806e9826d6daf456b6b16bd8

SHA1
7d5d7a921213989294eb5cea2ee760e562ce5293

SHA256
aecfc11c0db969b2c79da2144415a8859c77d66fbfc37ca4924ac58a0ff29834

SHA512
2333fde606ee727a6b6d9812ed40e56e5d0dba4ec35abcc11b67f8ad61d1d3d4af5db699d29b3ed6b459b9e142badae69ffbebf18974b5a1c72e45ecc8cf93cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\extensions.json

Filesize
16KB

MD5
037000491b6222aaa45447041c200f6d

SHA1
b09ca2133bed7e7a6567d9cc3ecafa9b78de5531

SHA256
4fde3c36ec8c5d5e0d267826330f3a504f2f83b9f3f72a99bd162d960d5a91f3

SHA512
ff0e822af8f2f3c103c7c94706dda4b932b2bf0ea5ad7d20b763b7aaf21b734c672d13565277a943abf90c8c302150e1a24bb5447357d84f71a07e5c9fbeab22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\prefs-1.js

Filesize
6KB

MD5
f1115090261fde3a19aa1d713b1fe81a

SHA1
8236dadee51de11500af295b50d600022147bf55

SHA256
905429da6df1d31ec55f56351a60326e0a90d5c9d1131a7bd23c9f6349ac26ad

SHA512
0665f6879c0e0a2e49cc32f1eef96de8ba32901282b3c5e2d9105f2046d5bd203ce5980f20ffd0aea3f2f3c63746ddb4021051602910886424277b31f976816f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\prefs-1.js

Filesize
12KB

MD5
cfa3040e9fac7978e1559a439ac25f39

SHA1
5fca1d29ead620243ba6a73651f3dee4c463b995

SHA256
79655cae59642dd9c049ca4817da48362a9a4f3dd57badd4fa0f16dac3699169

SHA512
34baed91ed0ff1068b1fa5ddee3023909a5d64ed3208c825112468bbd60902b0fd812b95cf8b80ca7a239ca0104fa1e4b0859d5d3b1ca46fbd102af3abe1393f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\prefs-1.js

Filesize
8KB

MD5
148bacd6ca17ab1608bfbda346318047

SHA1
e8fcbb9d56fb9117c4d0bb86f0b80b2b8e96b987

SHA256
837e97d74d2e5281de1b0cdb8c4b4b58d89aba52ab5a0ae18affdfd0660068f4

SHA512
4fcd0e6165fc2c53483ce8f3d5f211bb11c360cec3ac95444dbdb867a87f987f6826fe4b20d7144180ec4910ddda4a70915798a752d1e8515f56668d5fc03306

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\prefs.js

Filesize
6KB

MD5
c3e2df8d41511b93d85c43dc4558dd70

SHA1
4a26abb896ea9be59989cb0e008c4a21d47fe3ae

SHA256
e8c506be75ff44a2d75eb5291589dc5b7c5522e3c87cac2992025e8ac3703a29

SHA512
e62070923ad6d41a634f116aee1ed609c0e4e1f491520e1ff147aa1c18a8ae66bbe0b2e858bcf88c2e3ab0d0d9c6e34051e0331d3bb97b6873b3dd2e2d2063bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\prefs.js

Filesize
7KB

MD5
a49f04e067703efcf1e29c3ff4711b34

SHA1
0385626243d3424934fdb6e5727b86234a9c3e1c

SHA256
67d9af11985c62693ecd93e1b65faa406b47232f40ba42ef3c640a01dcba0958

SHA512
2aab1198d41d77ace3695b86d73b62b357ba6bff62a4703db578b14afe4e4147fa8b6d6889c295ea3525c7ab7c9b2be90f70afc747c0b920bd70d899fbd4dadb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
30541d5aca6208e7c1d3ec652aee26c6

SHA1
97655c00c5ad68060846201f30afa87ae1ee73bb

SHA256
0d674c83b918aa0bcbee26ee9d5d6079ad2a87f7b82513f4ea82a7bfd4a17958

SHA512
9102ab842c1469fd1e9e9e141c9819f21fb8b926771597563aa4c3090731f1204e68490958af1df797df13d56d712fbb645ffb9ecfaee2781f9f52a087bffe31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
db663d629b5e0d5f0a967c9977740421

SHA1
e652fdf2886725156f884695d62b2bbf6cb8fd9f

SHA256
1876ea0e4cd829a6a73923281c73084f101a3e071fd9dc644f4f65592daaa0cf

SHA512
1dd12de14d9109f6b6d39bd37f50ff451f94171b284164a09dcd26e389ab7695335811d60d908238255df9c3edcc1cb3431e56844d78673889b8a87ab36956f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
6f6391085cfb8a9527b2d33e322beed0

SHA1
63c586b586aa2f3a2a530d7a16982a2df2e99766

SHA256
2f5cb12f576da0c9695013b1713364f3649dd8d0f5644733ec613bc17785917f

SHA512
904037981e5b78e0abe94d4d593f789df8544a9af38ca46679d2f695603401930c3a025dd5da1d599656489effd0b419d64336f9fedb39934ec2c7f5be8327be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
9e492bb837d62ced420250e67ac29f24

SHA1
5260d1aa870105b7c394e51def9ab271003c58de

SHA256
7644a239fb6275e36026e9dc222d87b7cce21a43ec37470ec5bf3e8222ba62cc

SHA512
05799e3d7ddb0dd29b6171b4d970ee5469e5a98ab23089d50ab5a3598e7170c9a2603ced21f0a44dd61055cdd86495e5d9ef36445b04ccd706a71d1a5c6b7986

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
ec8fb463cbc1f00504da5af5dc57ae31

SHA1
84c6a6457edd1c07be2193bfb0bda81babf8dfc4

SHA256
47f7e44a457663ddb5429d5770c7dd6f6b6fe499ed55d24769f91f82739f2162

SHA512
5ceffdf40fda57781dc58abe070f26517d8a2a9ed89794bd59730c51f53f207088328d8d95e854e3d5fc14ba89832dbb4176207b80c074915e9ab1a9e7ebfad6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
0cf37f56e8d15b600dfbc65e479d2d87

SHA1
40f079d1a9a841aed62b50992aac7a9e28fd6752

SHA256
5d81a291025c3b3a9546df00385f6747120e46541f5c72c40f19850f23701053

SHA512
1e059fffa936924963112fcb8031cfa528fa876a11295547ab4bac7a912f085dd75669d19e01c1e2f8f3d0aaee3381ea23918c3ce8a51900bcb4085c623b6594

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
60509c61d549d6b441ebe545b409b2ed

SHA1
6db8886b499847ddd5bbebad9b03105f20883167

SHA256
fd3e76e2db316d4366a1913e60ccfee3f6f9d2a473267ec4770650549e0b1fc8

SHA512
cf66877ee9b01517a4d345388e5df1327f46fe2fd3782818028038504fa403cedd9b8d8cf55a1c8b2832f9128cdd6a25600b49a5bef022502e64931bc273c2e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.7MB

MD5
9297bb8dde1e046a1432b9cd02a8fea2

SHA1
17dfb6b4b8135622f14265ce4e451cdba382d3fd

SHA256
d06039362b134bfe9fc257004f11413668cd4ddb26406ec7e8d65f2a873ab527

SHA512
63b24787a0bd88469f355c471cf64d4fcd3358add952f0979a090fe8750695a1fa674ca20041ee120b3221a69ca7c99231ca71e19d5aadefe19f0134a26926a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\xulstore.json

Filesize
170B

MD5
a4ef41fec5a2bc8c111032223ffceee7

SHA1
db947ff0d149f65dfec7c3f6669022f047b24bf1

SHA256
9c0214e2e77543f777429cd6bec14d90d00457c2cdaa7d736a847686c9f2b32a

SHA512
a9a0e0968e3146fa42a3ee097347983e51a339921cee93bff20ee57b91a97403546f33799c093d0d28edabe667a2d4f9d9518cd6ec1753eb59cdfe58fd0c8920

Download Submit
C:\Users\Admin\Downloads\release.3fFGdcBU.rar.part

Filesize
637KB

MD5
56770447940d79caaad7159321f5bd3e

SHA1
5b7273860bd9d120d292321f6ce7c1d344280545

SHA256
83b47a953c857b8df2ac2d8362c57ab668f0d909bed4d1c4e5f67859353a1a4c

SHA512
39d1064086853cd1f4295183d1e3bfbfc184ca7ecdb9bcf90728fbccb950293834187ace6e9973e28c595c34cdad3c7773bec1c63251c18e80b1766a1456cb51

Download Submit
C:\Users\Admin\Downloads\release\Release\Discord rat.exe

Filesize
79KB

MD5
d13905e018eb965ded2e28ba0ab257b5

SHA1
6d7fe69566fddc69b33d698591c9a2c70d834858

SHA256
2bd631c6665656673a923c13359b0dc211debc05b2885127e26b0dce808e2dec

SHA512
b95bfdebef33ac72b6c21cdf0abb4961222b7efd17267cd7236e731dd0b6105ece28e784a95455f1ffc8a6dd1d580a467b07b3bd8cb2fb19e2111f1a864c97cb

Download Submit
C:\Users\Admin\Downloads\release\Release\release.exe

Filesize
482KB

MD5
9e8a0b93aa26a1bab3590475da9e8b82

SHA1
ad80d748f96e1fdc15f0f92d283bce5beb262267

SHA256
79047f12b6fc63ae5f4a3dd45b2021fc4ceada1b5f97aba316f295f13b74f14b

SHA512
9ae21fd84e6a9e7cc0b1ae20c9008cf4a316a9c6b6aeb7b6fefd4d4357c910842493543a22bfa2caad50d6fe2837a607f64acccbbc0d859321a39eb53ffc5917

Download Submit
C:\Users\Admin\Downloads\release\builder.exe

Filesize
10KB

MD5
4f04f0e1ff050abf6f1696be1e8bb039

SHA1
bebf3088fff4595bfb53aea6af11741946bbd9ce

SHA256
ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa

SHA512
94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12

Download Submit
C:\Users\Admin\Downloads\release\start.exe

Filesize
78KB

MD5
86a4dbd78af9a1cdcba7feefba888358

SHA1
7ddb27c19b4f9960833a114519f33af1b055d7cd

SHA256
02cd7a6d246803c951e5788178cc1b0fb0ba7d9b077d355106a66e904f17ce91

SHA512
3c27740e788004be7c788cfd13dca6f49e5843b8ec645a542415441c565ed48adf821cb0a4eaef5c50940bc85fe88b4c0ef022c90dd7604a1765465235460b06

Download Submit
memory/2704-565-0x0000000004E60000-0x0000000004E6A000-memory.dmp

Filesize
40KB

Download
memory/2704-568-0x0000000074BD0000-0x0000000075380000-memory.dmp

Filesize
7.7MB

Download
memory/2704-566-0x0000000074BD0000-0x0000000075380000-memory.dmp

Filesize
7.7MB

Download
memory/2704-564-0x0000000004DA0000-0x0000000004E32000-memory.dmp

Filesize
584KB

Download
memory/2704-563-0x0000000005250000-0x00000000057F4000-memory.dmp

Filesize
5.6MB

Download
memory/2704-562-0x00000000003C0000-0x00000000003C8000-memory.dmp

Filesize
32KB

Download
memory/2704-561-0x0000000074BDE000-0x0000000074BDF000-memory.dmp

Filesize
4KB

Download
memory/3956-571-0x0000020779800000-0x0000020779818000-memory.dmp

Filesize
96KB

Download
memory/3956-572-0x000002077BD80000-0x000002077BF42000-memory.dmp

Filesize
1.8MB

Download
memory/3956-573-0x000002077C680000-0x000002077CBA8000-memory.dmp

Filesize
5.2MB

Download