249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Analysis

max time kernel
1803s
max time network
1803s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/BgImage.dll
Size

7KB
MD5

487368e6fce9ab9c5ea053af0990c5ef
SHA1

b538e37c87d4b9a7645dcbbd9e93025a31849702
SHA256

e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04
SHA512

bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7
SSDEEP

96:8efk1LFJaO1/radJEaYtv1Zs4lkL8y3A2EN8Cmy3uT24j7J3kWyy/:tcTJa2roqJyA2EN8diuTHje

Score

8^/10

persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 13 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Discord.exeDiscord.exeBetterDiscord.exeBetterDiscord.exeDiscord.exeUpdate.exeDiscord.exeBetterDiscord.exeUpdate.exeDiscord.exeDiscord.exeDiscord.exeBetterDiscord.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe

Executes dropped EXE 40 IoCs

Processes:

DiscordSetup.exeUpdate.exeDiscord.exeDiscord.exeUpdate.exeDiscord.exeDiscord.exeUpdate.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeUpdate.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeUpdate.exeUpdate.exeUpdate.exeUpdate.exeUpdate.exeDiscordSetup.exeUpdate.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid	process
3400	DiscordSetup.exe
6788	Update.exe
6188	Discord.exe
2368	Discord.exe
7200	Update.exe
7360	Discord.exe
7460	Discord.exe
6384	Update.exe
6256	Discord.exe
8112	Discord.exe
4600	Discord.exe
7324	Discord.exe
6804	Discord.exe
7612	Discord.exe
7164	Discord.exe
4956	Discord.exe
5100	Discord.exe
656	Discord.exe
6404	Update.exe
492	Discord.exe
6764	Discord.exe
4956	Discord.exe
4964	Discord.exe
3608	Discord.exe
772	Update.exe
1928	Update.exe
5792	Update.exe
1212	Update.exe
6536	Update.exe
2868	DiscordSetup.exe
6576	Update.exe
7988	BetterDiscord.exe
6480	BetterDiscord.exe
8036	BetterDiscord.exe
7404	BetterDiscord.exe
7828	BetterDiscord.exe
788	BetterDiscord.exe
6660	BetterDiscord.exe
1004	BetterDiscord.exe
7960	BetterDiscord.exe

Loads dropped DLL 59 IoCs

Processes:

Discord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeBetterDiscord-Windows.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord-Windows.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid	process
6188	Discord.exe
2368	Discord.exe
7460	Discord.exe
7360	Discord.exe
7360	Discord.exe
7360	Discord.exe
7360	Discord.exe
7360	Discord.exe
6256	Discord.exe
8112	Discord.exe
6256	Discord.exe
7324	Discord.exe
4600	Discord.exe
4600	Discord.exe
4600	Discord.exe
4600	Discord.exe
4600	Discord.exe
6804	Discord.exe
7612	Discord.exe
7164	Discord.exe
7612	Discord.exe
5100	Discord.exe
4956	Discord.exe
4956	Discord.exe
4956	Discord.exe
4956	Discord.exe
656	Discord.exe
4956	Discord.exe
492	Discord.exe
6764	Discord.exe
492	Discord.exe
4956	Discord.exe
4964	Discord.exe
3608	Discord.exe
4964	Discord.exe
4964	Discord.exe
4964	Discord.exe
4964	Discord.exe
3952	BetterDiscord-Windows.exe
3952	BetterDiscord-Windows.exe
3952	BetterDiscord-Windows.exe
7988	BetterDiscord.exe
6480	BetterDiscord.exe
8036	BetterDiscord.exe
6480	BetterDiscord.exe
6480	BetterDiscord.exe
6480	BetterDiscord.exe
7404	BetterDiscord.exe
4604	BetterDiscord-Windows.exe
4604	BetterDiscord-Windows.exe
4604	BetterDiscord-Windows.exe
7828	BetterDiscord.exe
788	BetterDiscord.exe
6660	BetterDiscord.exe
1004	BetterDiscord.exe
788	BetterDiscord.exe
788	BetterDiscord.exe
788	BetterDiscord.exe
7960	BetterDiscord.exe

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service
T1102

Processes:

flow ioc

314 discord.com
315 discord.com
316 discord.com
373 discord.com
449 discord.com
313 discord.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
314	discord.com
315	discord.com
316	discord.com
373	discord.com
449	discord.com
313	discord.com

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 33 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Discord.exefirefox.exeDiscord.exeDiscord.exeDiscord.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe

Modifies registry class 64 IoCs

Processes:

BetterDiscord.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	BetterDiscord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9034\\Discord.exe\" --url -- \"%1\""	reg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	BetterDiscord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "5"	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	BetterDiscord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9034\\Discord.exe\",-1"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0	BetterDiscord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\shell\open	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	BetterDiscord.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	BetterDiscord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord	reg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	BetterDiscord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	BetterDiscord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000066078fe0bd68da01fb5ab0357970da01fb5ab0357970da0114000000	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	BetterDiscord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9034\\Discord.exe\",-1"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\shell\open\command	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\URL Protocol	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9034\\Discord.exe\" --url -- \"%1\""	reg.exe

Modifies registry key 1 TTPs 9 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exe

pid process

7972 reg.exe
8128 reg.exe
1092 reg.exe
4744 reg.exe
7236 reg.exe
3172 reg.exe
8032 reg.exe
8076 reg.exe
7888 reg.exe

pid	process
7972	reg.exe
8128	reg.exe
1092	reg.exe
4744	reg.exe
7236	reg.exe
3172	reg.exe
8032	reg.exe
8076	reg.exe
7888	reg.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Discord.exeBetterDiscord.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	Discord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Discord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Discord.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BetterDiscord.exe

NTFS ADS 2 IoCs

Processes:

firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\BetterDiscord-Windows.exe:Zone.Identifier	firefox.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exeDiscord.exetaskmgr.exe

pid	process
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
6188	Discord.exe
6188	Discord.exe
6188	Discord.exe
6188	Discord.exe
6188	Discord.exe
6188	Discord.exe
6188	Discord.exe
6188	Discord.exe
6188	Discord.exe
6188	Discord.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

taskmgr.exeBetterDiscord.exe

pid process

3256 taskmgr.exe
7988 BetterDiscord.exe

pid	process
3256	taskmgr.exe
7988	BetterDiscord.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exetaskmgr.exeDiscord.exetaskmgr.exeDiscord.exe

description	pid	process
Token: SeDebugPrivilege	3744	firefox.exe
Token: SeDebugPrivilege	3744	firefox.exe
Token: SeDebugPrivilege	3744	firefox.exe
Token: SeDebugPrivilege	3744	firefox.exe
Token: SeDebugPrivilege	3744	firefox.exe
Token: SeDebugPrivilege	7036	taskmgr.exe
Token: SeSystemProfilePrivilege	7036	taskmgr.exe
Token: SeCreateGlobalPrivilege	7036	taskmgr.exe
Token: 33	7036	taskmgr.exe
Token: SeIncBasePriorityPrivilege	7036	taskmgr.exe
Token: SeShutdownPrivilege	6188	Discord.exe
Token: SeCreatePagefilePrivilege	6188	Discord.exe
Token: SeShutdownPrivilege	6188	Discord.exe
Token: SeCreatePagefilePrivilege	6188	Discord.exe
Token: SeShutdownPrivilege	6188	Discord.exe
Token: SeCreatePagefilePrivilege	6188	Discord.exe
Token: SeShutdownPrivilege	6188	Discord.exe
Token: SeCreatePagefilePrivilege	6188	Discord.exe
Token: SeShutdownPrivilege	6188	Discord.exe
Token: SeCreatePagefilePrivilege	6188	Discord.exe
Token: SeShutdownPrivilege	6188	Discord.exe
Token: SeCreatePagefilePrivilege	6188	Discord.exe
Token: SeShutdownPrivilege	6188	Discord.exe
Token: SeCreatePagefilePrivilege	6188	Discord.exe
Token: SeShutdownPrivilege	6188	Discord.exe
Token: SeCreatePagefilePrivilege	6188	Discord.exe
Token: SeShutdownPrivilege	6188	Discord.exe
Token: SeCreatePagefilePrivilege	6188	Discord.exe
Token: SeShutdownPrivilege	6188	Discord.exe
Token: SeCreatePagefilePrivilege	6188	Discord.exe
Token: SeDebugPrivilege	3744	firefox.exe
Token: SeDebugPrivilege	3256	taskmgr.exe
Token: SeSystemProfilePrivilege	3256	taskmgr.exe
Token: SeCreateGlobalPrivilege	3256	taskmgr.exe
Token: SeDebugPrivilege	3744	firefox.exe
Token: 33	3256	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3256	taskmgr.exe
Token: SeDebugPrivilege	3744	firefox.exe
Token: SeDebugPrivilege	3744	firefox.exe
Token: SeShutdownPrivilege	6256	Discord.exe
Token: SeCreatePagefilePrivilege	6256	Discord.exe
Token: SeShutdownPrivilege	6256	Discord.exe
Token: SeCreatePagefilePrivilege	6256	Discord.exe
Token: SeShutdownPrivilege	6256	Discord.exe
Token: SeCreatePagefilePrivilege	6256	Discord.exe
Token: SeShutdownPrivilege	6256	Discord.exe
Token: SeCreatePagefilePrivilege	6256	Discord.exe
Token: SeShutdownPrivilege	6256	Discord.exe
Token: SeCreatePagefilePrivilege	6256	Discord.exe
Token: SeShutdownPrivilege	6256	Discord.exe
Token: SeCreatePagefilePrivilege	6256	Discord.exe
Token: SeShutdownPrivilege	6256	Discord.exe
Token: SeCreatePagefilePrivilege	6256	Discord.exe
Token: SeShutdownPrivilege	6256	Discord.exe
Token: SeCreatePagefilePrivilege	6256	Discord.exe
Token: SeShutdownPrivilege	6256	Discord.exe
Token: SeCreatePagefilePrivilege	6256	Discord.exe
Token: SeShutdownPrivilege	6256	Discord.exe
Token: SeCreatePagefilePrivilege	6256	Discord.exe
Token: SeShutdownPrivilege	6256	Discord.exe
Token: SeCreatePagefilePrivilege	6256	Discord.exe
Token: SeShutdownPrivilege	6256	Discord.exe
Token: SeCreatePagefilePrivilege	6256	Discord.exe
Token: SeShutdownPrivilege	6256	Discord.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exetaskmgr.exeUpdate.exetaskmgr.exe

pid	process
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
6788	Update.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exetaskmgr.exetaskmgr.exe

pid	process
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
7036	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe
3256	taskmgr.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

firefox.exeBetterDiscord.exe

pid	process
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
3744	firefox.exe
7988	BetterDiscord.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

rundll32.exefirefox.exefirefox.exe

description	pid	process	target process
PID 3596 wrote to memory of 4592	3596	rundll32.exe	rundll32.exe
PID 3596 wrote to memory of 4592	3596	rundll32.exe	rundll32.exe
PID 3596 wrote to memory of 4592	3596	rundll32.exe	rundll32.exe
PID 3804 wrote to memory of 3744	3804	firefox.exe	firefox.exe
PID 3804 wrote to memory of 3744	3804	firefox.exe	firefox.exe
PID 3804 wrote to memory of 3744	3804	firefox.exe	firefox.exe
PID 3804 wrote to memory of 3744	3804	firefox.exe	firefox.exe
PID 3804 wrote to memory of 3744	3804	firefox.exe	firefox.exe
PID 3804 wrote to memory of 3744	3804	firefox.exe	firefox.exe
PID 3804 wrote to memory of 3744	3804	firefox.exe	firefox.exe
PID 3804 wrote to memory of 3744	3804	firefox.exe	firefox.exe
PID 3804 wrote to memory of 3744	3804	firefox.exe	firefox.exe
PID 3804 wrote to memory of 3744	3804	firefox.exe	firefox.exe
PID 3804 wrote to memory of 3744	3804	firefox.exe	firefox.exe
PID 3744 wrote to memory of 4864	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 4864	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe
PID 3744 wrote to memory of 3280	3744	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BgImage.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3596

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BgImage.dll,#1
2⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4192 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:2864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3744

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.0.220778132\1515451284" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bc5aa5a-f981-4e5b-a3ef-b3a6a2f7df37} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 1964 287d9adb758 gpu
3⤵
PID:4864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.1.251512009\1579564019" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e603bcc0-bd39-4da6-93f8-e725adc01650} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 2364 287c5d72558 socket
3⤵
PID:3280

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.2.552296903\1513771651" -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2988 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d2772a2-5b7b-4baf-aee0-0b92065981f3} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 3112 287d9a5bf58 tab
3⤵
PID:5284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.3.287223034\1732236726" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e5be991-c5d6-4762-ae8a-fc23e1cdb3fd} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 3652 287c5d62e58 tab
3⤵
PID:5392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.4.1752210084\1709111869" -childID 3 -isForBrowser -prefsHandle 4596 -prefMapHandle 4572 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d6ddd20-552b-4957-b6ed-18825374e8eb} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 4616 287df669c58 tab
3⤵
PID:5800

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.5.502456516\54931769" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 5024 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77f77dc9-675d-4608-bd40-9cf43ec95563} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 5036 287dd95fc58 tab
3⤵
PID:5244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.6.408429025\1565411253" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1d487c9-82e1-4b0a-a26f-f7f76bb45f88} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 5296 287ddea7858 tab
3⤵
PID:5360

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.7.589550257\685366214" -childID 6 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba38d882-7a9d-429a-b7f9-e1f15a3dc17d} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 5420 287dfa80b58 tab
3⤵
PID:5368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.8.1842990299\1332659314" -childID 7 -isForBrowser -prefsHandle 5896 -prefMapHandle 5844 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25f8f1fc-8084-4ee6-9c21-44ca1483f1d6} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 5820 287dcbc6658 tab
3⤵
PID:3992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.9.849105156\2057538137" -childID 8 -isForBrowser -prefsHandle 5248 -prefMapHandle 5252 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1f639e1-88fd-4f4e-bfeb-40a25b766649} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 5240 287db219c58 tab
3⤵
PID:4520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.10.1233640516\1708645531" -childID 9 -isForBrowser -prefsHandle 2740 -prefMapHandle 5240 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a42a85ab-ccbe-45f0-b9a1-36b55e6240f1} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 6044 287db221f58 tab
3⤵
PID:5380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.11.1533413917\1561514590" -childID 10 -isForBrowser -prefsHandle 5368 -prefMapHandle 6196 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {effc6951-ffbf-43e3-9632-df4c02c4e3c8} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 2752 287e1fa6558 tab
3⤵
PID:5592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.12.626342663\335926659" -parentBuildID 20221007134813 -prefsHandle 6724 -prefMapHandle 6728 -prefsLen 26725 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94f20049-4986-4845-bbc8-9e69f8ce75dd} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 6776 287e218ee58 rdd
3⤵
PID:1272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.13.2099048124\243791060" -childID 11 -isForBrowser -prefsHandle 7064 -prefMapHandle 6900 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a2316c0-5b11-454b-bbd8-a12a9a4a5d33} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 6896 287e1f8ba58 tab
3⤵
PID:6056

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.14.2127257720\1826067031" -childID 12 -isForBrowser -prefsHandle 7292 -prefMapHandle 7304 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f7f8be4-72d6-4d9a-8827-50efe4047759} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 7320 287e3242a58 tab
3⤵
PID:5584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.15.1277956081\466572278" -childID 13 -isForBrowser -prefsHandle 11052 -prefMapHandle 11056 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d777cd7-5be1-43db-84b1-5daffc017a8a} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 11040 287e14c7858 tab
3⤵
PID:6072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.16.98694899\871079626" -childID 14 -isForBrowser -prefsHandle 10744 -prefMapHandle 10804 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3c2cec7-4869-416f-9636-3aaa7fd89d15} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 6392 287ddab3d58 tab
3⤵
PID:6784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.17.763793309\1651983425" -childID 15 -isForBrowser -prefsHandle 10804 -prefMapHandle 10768 -prefsLen 26774 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1ec64b3-bc90-471f-a798-82aafa01c3d6} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 10564 287e1f6fd58 tab
3⤵
PID:6888

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.18.750015390\526611961" -childID 16 -isForBrowser -prefsHandle 3436 -prefMapHandle 11376 -prefsLen 26830 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1509df4b-96a3-4452-a6b3-145d116f29d4} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 10420 287dfa7e758 tab
3⤵
PID:6180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.19.1602504925\902159245" -childID 17 -isForBrowser -prefsHandle 10340 -prefMapHandle 6408 -prefsLen 26830 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7119c878-38c1-42de-b383-1a6b2e6e119b} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 3516 287e1d99358 tab
3⤵
PID:6236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.20.1342034025\643900213" -childID 18 -isForBrowser -prefsHandle 10352 -prefMapHandle 10348 -prefsLen 26830 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df60b500-1c50-41f0-9233-f26706a448ae} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 10268 287e1f6fa58 tab
3⤵
PID:6244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.21.703750551\1508128913" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10004 -prefMapHandle 4204 -prefsLen 26830 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {981f1df0-9e1c-492a-8dd7-329b8a9807c5} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 10012 287c7c8ac58 utility
3⤵
PID:6572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.22.1367351346\973933277" -childID 19 -isForBrowser -prefsHandle 9740 -prefMapHandle 9744 -prefsLen 26830 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7224d9ed-6823-47a8-b782-1c8d078dcd11} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 10004 287df96d558 tab
3⤵
PID:6908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.23.587360151\786819105" -childID 20 -isForBrowser -prefsHandle 1744 -prefMapHandle 1740 -prefsLen 26830 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20da4119-d5ba-416e-8191-30198d2a47d6} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 6096 287dc2f0e58 tab
3⤵
PID:2440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.24.1545391935\1858885322" -childID 21 -isForBrowser -prefsHandle 9436 -prefMapHandle 9452 -prefsLen 26830 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd69b704-e77f-40bd-ae68-d616bcbc566b} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 9520 287c7c88858 tab
3⤵
PID:3616

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.25.1288646814\364119082" -childID 22 -isForBrowser -prefsHandle 9884 -prefMapHandle 10036 -prefsLen 26948 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3e22a05-e470-4907-a739-90154018e2ce} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 10364 287c7b7ba58 tab
3⤵
PID:7712

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.26.136241048\2101895365" -childID 23 -isForBrowser -prefsHandle 9132 -prefMapHandle 9128 -prefsLen 26948 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6756651c-64c0-490f-ba7c-39d156fe2da6} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 5284 287dc2ef958 tab
3⤵
PID:7752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.27.1359038320\601838783" -childID 24 -isForBrowser -prefsHandle 9432 -prefMapHandle 10880 -prefsLen 27530 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f8d9546-f051-4f41-817f-ded6d17b131f} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 8916 287c7b7de58 tab
3⤵
PID:772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.28.87020825\669459131" -childID 25 -isForBrowser -prefsHandle 10304 -prefMapHandle 10300 -prefsLen 27530 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a092342-7f06-4a6d-ae67-9517701865e5} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 10880 287dffb2c58 tab
3⤵
PID:4236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.29.779581203\700743122" -childID 26 -isForBrowser -prefsHandle 9516 -prefMapHandle 5344 -prefsLen 27539 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {feb1ca90-6805-44b9-88c3-742f92d5545f} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 1368 287db220158 tab
3⤵
PID:6796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.30.764595652\820103131" -childID 27 -isForBrowser -prefsHandle 9140 -prefMapHandle 4192 -prefsLen 27539 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06d6c8c7-b598-4832-888e-d8a15a89437f} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 9040 287df668758 tab
3⤵
PID:4976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.31.52805447\1210847205" -childID 28 -isForBrowser -prefsHandle 4876 -prefMapHandle 10544 -prefsLen 27539 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd692d5e-8357-45a8-a41a-a168e9e09e68} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 1740 287dcbc4b58 tab
3⤵
PID:7904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.32.1341621271\1748166849" -childID 29 -isForBrowser -prefsHandle 10416 -prefMapHandle 9208 -prefsLen 27548 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75542586-434b-4a9e-91d7-120af9937e70} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 6412 287db220758 tab
3⤵
PID:5200

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.33.1534077750\954113842" -childID 30 -isForBrowser -prefsHandle 11332 -prefMapHandle 9604 -prefsLen 27548 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {555aa598-f6f7-41ce-b3eb-3191d76135ca} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 8884 287e0453a58 tab
3⤵
PID:6092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.34.1779088213\1940753517" -childID 31 -isForBrowser -prefsHandle 4280 -prefMapHandle 9452 -prefsLen 27548 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d4e83f5-7516-4aa4-8baa-5c6e70536fe2} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 9064 287c7c8a958 tab
3⤵
PID:7432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.35.1393440715\933786883" -childID 32 -isForBrowser -prefsHandle 9272 -prefMapHandle 5284 -prefsLen 27557 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d3ede01-834a-4364-b1a8-82294beb51da} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 9048 287dc2ae258 tab
3⤵
PID:6540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.36.618787349\959250502" -childID 33 -isForBrowser -prefsHandle 9324 -prefMapHandle 4760 -prefsLen 27557 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fdaf0d4-d862-4831-b427-66e6e6d3a12d} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 11136 287df66a858 tab
3⤵
PID:8168

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.37.1823561072\240318465" -childID 34 -isForBrowser -prefsHandle 10620 -prefMapHandle 4580 -prefsLen 27557 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfee3deb-e45f-4585-87cf-ed514c5711c9} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 10820 287dcbc7258 tab
3⤵
PID:7520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.38.448320890\237678882" -childID 35 -isForBrowser -prefsHandle 3648 -prefMapHandle 6688 -prefsLen 27615 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a630fcf-a61b-4c2b-9a73-2bff6cc48611} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 5380 287e15ab758 tab
3⤵
PID:7224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.39.1018130492\439205854" -childID 36 -isForBrowser -prefsHandle 9384 -prefMapHandle 10028 -prefsLen 27615 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9005ea8d-9eff-40a6-9610-0327d3029bff} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 8952 287df947458 tab
3⤵
PID:8120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3744.40.1447967676\1036472188" -childID 37 -isForBrowser -prefsHandle 9864 -prefMapHandle 9148 -prefsLen 27615 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c49f9a0-1f0d-43a4-bc6d-b5958fd78167} 3744 "\\.\pipe\gecko-crash-server-pipe.3744" 10364 287e5931258 tab
3⤵
PID:5136

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6736

C:\Users\Admin\Downloads\DiscordSetup.exe
"C:\Users\Admin\Downloads\DiscordSetup.exe"
1⤵
- Executes dropped EXE
PID:3400

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:6788

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --squirrel-install 1.0.9034
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6188

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9034 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.26 --initial-client-data=0x55c,0x560,0x568,0x54c,0x56c,0x8975d78,0x8975d88,0x8975d94
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2368

C:\Users\Admin\AppData\Local\Discord\Update.exe
C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
4⤵
- Executes dropped EXE
PID:7200

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 --field-trial-handle=2056,i,7393478156151387727,10368898204077016994,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7360

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2092 --field-trial-handle=2056,i,7393478156151387727,10368898204077016994,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7460

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
4⤵
- Adds Run key to start application
- Modifies registry key
PID:7888

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
4⤵
- Modifies registry class
- Modifies registry key
PID:7972

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
4⤵
- Modifies registry class
- Modifies registry key
PID:8032

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe\",-1" /f
4⤵
- Modifies registry class
- Modifies registry key
PID:8076

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe\" --url -- \"%1\"" /f
4⤵
- Modifies registry class
- Modifies registry key
PID:8128

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:7036

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3256

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:6660

C:\Windows\system32\net.exe
net user Admin *
2⤵
PID:5980

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user Admin *
3⤵
PID:7284

C:\Windows\system32\net.exe
net user parasha /add
2⤵
PID:6348

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user parasha /add
3⤵
PID:1552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4936 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:6408

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:6384

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
PID:6256

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9034 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.26 --initial-client-data=0x53c,0x540,0x544,0x530,0x548,0x8975d78,0x8975d88,0x8975d94
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:8112

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1912,i,1243198838011884268,3727664610708364037,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4600

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=disclip --bypasscsp-schemes --cors-schemes --fetch-schemes=disclip --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2032 --field-trial-handle=1912,i,1243198838011884268,3727664610708364037,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7324

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
3⤵
- Modifies registry class
- Modifies registry key
PID:1092

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=disclip --bypasscsp-schemes --cors-schemes --fetch-schemes=disclip --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2872 --field-trial-handle=1912,i,1243198838011884268,3727664610708364037,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:6804

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
3⤵
- Modifies registry class
- Modifies registry key
PID:4744

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe\",-1" /f
3⤵
- Modifies registry class
- Modifies registry key
PID:7236

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe\" --url -- \"%1\"" /f
3⤵
- Modifies registry class
- Modifies registry key
PID:3172

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:7612

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9034 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.26 --initial-client-data=0x55c,0x560,0x564,0x554,0x568,0x8975d78,0x8975d88,0x8975d94
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7164

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1992,i,1470671077430580741,8690366822757939030,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4956

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=disclip --bypasscsp-schemes --cors-schemes --fetch-schemes=disclip --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2056 --field-trial-handle=1992,i,1470671077430580741,8690366822757939030,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5100

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=disclip --bypasscsp-schemes --cors-schemes --fetch-schemes=disclip --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2516 --field-trial-handle=1992,i,1470671077430580741,8690366822757939030,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:656

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:6404

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:492

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9034 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.26 --initial-client-data=0x520,0x524,0x528,0x514,0x52c,0x8975d78,0x8975d88,0x8975d94
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6764

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1936,i,17251625437337144583,4102014657291191828,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4964

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=disclip --bypasscsp-schemes --cors-schemes --fetch-schemes=disclip --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2004 --field-trial-handle=1936,i,17251625437337144583,4102014657291191828,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4956

C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=disclip --bypasscsp-schemes --cors-schemes --fetch-schemes=disclip --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2564 --field-trial-handle=1936,i,17251625437337144583,4102014657291191828,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3608

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe"
1⤵
- Executes dropped EXE
PID:772

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe"
1⤵
- Executes dropped EXE
PID:1928

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe"
1⤵
- Executes dropped EXE
PID:5792

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe"
1⤵
- Executes dropped EXE
PID:1212

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe"
1⤵
- Executes dropped EXE
PID:6536

C:\Users\Admin\Downloads\DiscordSetup.exe
"C:\Users\Admin\Downloads\DiscordSetup.exe"
1⤵
- Executes dropped EXE
PID:2868

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
2⤵
- Executes dropped EXE
PID:6576

C:\Users\Admin\Desktop\BetterDiscord-Windows.exe
"C:\Users\Admin\Desktop\BetterDiscord-Windows.exe"
1⤵
- Loads dropped DLL
PID:3952

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7988

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1688,17876068690343499707,10076050620892847821,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1692 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6480

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1688,17876068690343499707,10076050620892847821,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:8036

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=renderer --field-trial-handle=1688,17876068690343499707,10076050620892847821,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2392 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:7404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7592

C:\Users\Admin\Desktop\BetterDiscord-Windows.exe
"C:\Users\Admin\Desktop\BetterDiscord-Windows.exe"
1⤵
- Loads dropped DLL
PID:4604

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:7828

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1664,3130812062234563543,14249442955789433515,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1656 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:788

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1664,3130812062234563543,14249442955789433515,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6660

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=renderer --field-trial-handle=1664,3130812062234563543,14249442955789433515,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1004

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1664,3130812062234563543,14249442955789433515,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2308 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Discord\Update.exe

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\D3DCompiler_47.dll

Filesize
896KB

MD5
56463456006fbbb7c586805fb66bea6b

SHA1
ee0b9b422d2c280e5977ed4574bd3c8a36e72621

SHA256
090e4c1be10b750d952b8fa80a7fc65f4ecef30e8d9a6209d5d34c06f58e0148

SHA512
5a71a28090ae33326cf4ae9d9f19f7ca0c7ae9dcfa03b30e74076ccbab5c36bbc430b74f2b7238f50aa75e540210fba59cefa3ef6657d87d4a2d928a08e0032e

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe

Filesize
2.1MB

MD5
3b1abfe6811cb7c6f3766481c0cadc25

SHA1
6a594f59dd9cff5aa52a8e7ab04203725b2f7020

SHA256
df87e61d5f03135a4581d65f972dd549e01283f82580411003c600b5f06323ef

SHA512
b0e41b0382c021263bf9bdca1c4345880a05b33d21dbffe1e64e29c5d527309d64a65fe20235d6d914f449cf7d41d5d7d6384b76384bb283cff98a9dab5ecfa2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe

Filesize
854KB

MD5
ac0569871bd2246c968be7d91fd8c0c8

SHA1
72ce9858eb97d182c48e97326dcd3e79b7131f73

SHA256
7c962fb44af55eed21c6f48d40f34c066f79e2e8049d282ce35f70a9afe3bb00

SHA512
06fec196d4fa66bc5ef654bc1b8038ab0858d2c786cbbef7d421bb375d1005f9e41b4377fb0b6220592389ffbb68a30790ce36e493e608d733749ee513a435d9

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe

Filesize
832KB

MD5
e1d32493a1b698f07f19f1fac217a256

SHA1
5c1c32413cf5075a292353c16c8249da61d72624

SHA256
00d24eb9df3def67cd09068e49fe5c4cf6d5a7c30b70085f1c639c2275126022

SHA512
c226adbff268dcdeae9a3ff8d48aa2e4e7cf6d94c4220b443a8b0823f171c2bfb0030100f6524183f65bf5cf0ab3305dc5e6baf481481ddfc3ff1d966fb4e278

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe

Filesize
384KB

MD5
3c3e6cb929b86dd3dcb642b9386bdaaf

SHA1
25865856e890a9c5ff83398407b5b8616c812b6d

SHA256
28664d11b9f34f1c86b0d095447aaf6cb4d77932308fb8666eaf577d4fea4887

SHA512
85c378a7638bbc50c9b7c8c2ec59f30f615c1c35c4848dfe9947ee293cf796babadc1093463f4f81e945fa7a95fcb9fc37aaedffc03bc7adf80b43dbb07924dd

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe

Filesize
896KB

MD5
803407d944c2efef9e49e729c928ca29

SHA1
57743a563e1752852f0ff345dddd08f1de75df94

SHA256
57ec38ba419c307af60de5e948d79f1987a295543a2a948e5d3027b0b422c554

SHA512
d128a53af44a94449128f36607ff953a2606d2f4099ad5ff0c909a6c7cf5780d9a1fce7798339b54c60b3a7a8b7007b0cf071cda329f484348f840e211c68a52

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\Discord.exe

Filesize
128KB

MD5
73f2bb6356f0459b3bcccdd1b62bdc28

SHA1
5e6db186c2de5b97c9864086fd59dff9040630db

SHA256
d4190e2253ed6824f97c7316d4cda97d60761ab26a8496ec384b0507697cfaa4

SHA512
d5cae56256b67bd53c5ec7568513932489bffad6061572875a27d974a4ab667318cc5e5a0a0b2d15f220d3ca9cf64eae31ab7cdf9dc67174024a70730e0f1312

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\app.ico

Filesize
42KB

MD5
f954296c5239a3f5317825e8058b8dee

SHA1
7337bc7d0ab2863bbc9dc42c1c23864586eac29f

SHA256
eb6e7089316f93ba875ecee8eaa0f3093ffe5290e61e0ad88b5d2df6215ea76a

SHA512
90fbb99ce356ff3916c9b28ce6137c92e1648eb6aebd3243186005685db89535b64b2cba9afa6707d7cda125bcab81fe7e4376ac8be262d127415dbee44ebc2b

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\d3dcompiler_47.dll

Filesize
256KB

MD5
9ad41bdff3ded525111f28b61263c306

SHA1
2f9687f360d95f31bea2149bdd8865516cd5606a

SHA256
74ece3b4c2fd08a180727f7930f01e812a98816b0d4190d7dc3b53ea27fd700f

SHA512
bc77517cf53319284ef35d86fd5970c888beed32af41f303e2f6a83c31430bd27d137dfa47d731fbe376bf9cb03bccdb8c1e8aaeda7dd5f5fd8552de7e95028d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\ffmpeg.dll

Filesize
768KB

MD5
300162202960f3cf415668bd6f4bc2e4

SHA1
9d34fbc8339a08f9e9782afcd59498c35292749a

SHA256
e505ac4a05b79128ea623f7c519cd82f017b3e0be9966e620a1888689b3effa2

SHA512
3f319aee5193c6a031efe74a49b1f0475e795ee86534a765cb88ae8e6efd38b02329ef88084f4429f258a65a32fcb8d1febf184e555d201836a5719687d37e41

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\ffmpeg.dll

Filesize
256KB

MD5
be93320333035645de1103388d08f5fa

SHA1
78154672f6eebbe1d35ff857a8acae90d9e2c441

SHA256
5c37b54e4302de0fe6bf2d90aa3711121d9165c271510e9653fb2a7c5d7ecf0a

SHA512
2d3903cfd0b5ca10e5dc7672652631efea015308ac92ae673a7bd6fdac7e06dd45963513040bdbbdfda57d0f9431e2b766cd315eff51482d3ae70da239a225f8

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\ffmpeg.dll

Filesize
128KB

MD5
2a8ef969a87213ec78fcb56f04cc3798

SHA1
3d76ff0e8a7691f9a0c39fd03198df710f861c9d

SHA256
707fe54b1f205a9e7b987e69a21bdbafd72cc6c9432c5ad6f677da7ff0f15823

SHA512
e8dccdf1faf98de1fb74fadcde32d9ca30b2f8a30a58b8916af6b2fe38e39766ead3f237af5309b685b9cdc295ebe7d8dea660ff6c566ab6c94842e36827d77e

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\icudtl.dat

Filesize
384KB

MD5
9076bc60b657abc34f6fea3d0e1426bc

SHA1
5578bc902beeabc2282185d1c6b90fd71cb283b2

SHA256
cecf9abc59c62c032940ecc92dfd1182f5c1c067413c20d1cf1df7167fe6ecec

SHA512
bb10bbeeecc9230a61f3401b22e062ff7e1d41518aefe6b7b886c08e4d7172e7f4f2a2534edfe61dbddda078adc61bbb92a2bfc46a03908c6578efc55ac9d373

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\libEGL.dll

Filesize
256KB

MD5
90e2bb9490e0fe9c20bacda2283e3006

SHA1
0cddbeb276f5b7bb56d1f31819c9cc9ea5e77763

SHA256
d0f4f2fbed9b8d13032d1941f163d54072e31e843a66e0a2617724089b651371

SHA512
fff3c2d5be005ad1794c908163577444b731be0e48c6c6729c5b0df31784951bf0d4539ccf32f3efc6aad4f10d0f75052ed42281dcfc8437f2171b9354110658

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\libGLESv2.dll

Filesize
256KB

MD5
4ec8cc7c2a587104436fd2bea84c9724

SHA1
9d18dc339118e122dc2ffd0ddb26a7dc1e7f4d01

SHA256
89c9f64a8cec0963cfdb24bb89309854d05ddf70f3294e5f30f9a35d0926df1b

SHA512
525843808d3ab981087d2bb0a2be464736964a5bcd343703f31b26f307a0f59fcf72a41ac6fccb1708ceb984bfa2b4b2158854b8723ad39a38558d1d7b5c3310

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\resources.pak

Filesize
768KB

MD5
8826fc2399b340add23222dc49bcfbb9

SHA1
450ac6aedad17160070cfd2b1079a259e7a4f965

SHA256
ecb8f7ccda7b8224037426985621ba91e9cf3e5dcacd363cba7c80e85bc55892

SHA512
a562450b9cd4dbc02418c6968a36aad59e4687c9a71ec40e1d564220875da387b8fe4a11d924193b246304eb17daae8b60fbe8a24e987ea441a1a4baba81878c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\resources\app.asar

Filesize
183KB

MD5
38faaf2a862ab1660485cce131f6c3f8

SHA1
71ff315125a4d5427e952edac00cedef5f0bcb79

SHA256
c5491b80825111c464884f7e34727aa4fddb84ebd297dffa885fdd8e58e19f50

SHA512
eb1d08d8ec3255432a5fcb54a34ee9a22c8f8b2707b8b92e9a9339bb3a4f657697e5968170e4889411801af052d357d0ff169ac77f2542645de50f203308a4f4

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\resources\build_info.json

Filesize
83B

MD5
bda0e192ecd5b268af1dbbf93c13a154

SHA1
d6b7b2d7027065ece9ad48c9d3719b0114fa4745

SHA256
317380e636c13649b2a612755b465680670f8b72afd54a31f02165247b2dba3b

SHA512
3afee33b1503a2306d47b65b6d8f130cc14b7ec93129dda54696f42b20ecef57b68685ce4d2ced5928ad84b08a149d1c7ade0a7e55b538ab1efa218c62c3851e

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\v8_context_snapshot.bin

Filesize
384KB

MD5
58484dbc172322be866b7111a0561ef7

SHA1
24a3b61f40bdb7ee6c82a00634aa6bee2a382085

SHA256
df71d75997b99f195d40ed36069f50db869c6fab751370cc0007a2d415dd7b56

SHA512
683d4ff602c4e3c97895f970d25260410d5a6a725ab0a09a1fd3b99fc35816a90402c5c31617b13d2e25a993b924056311acbebd778942197be3ed104d692c9b

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9034\vk_swiftshader.dll

Filesize
256KB

MD5
2e0d2a69f700c230786dc8ccfc00abbb

SHA1
55073d05aae91a80386ab412eaf825315f707848

SHA256
df3305131d5fc086093a3cabdc6a6adcac2730d3a7fbda91618cd0c140ef4e36

SHA512
79c951594dc97389f86d33aba35e90366d68923f5ef49b0219e78199e22d036d29db0252cd73bd84687277d2588fe1120406d7b6b80220e9366a2bbb12052286

Download Submit
C:\Users\Admin\AppData\Local\Discord\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\packages\Discord-1.0.9034-full.nupkg

Filesize
256KB

MD5
5bdaa7841cf042b3aedc2004a47c7c8b

SHA1
951db733361a408411c45eab3ea0058b09e05034

SHA256
50e7b16934f608621b072832f9884545ff28e5df87c4c389f08553b0dc09623a

SHA512
b93984d5f654460085fc206ca22f0920682d2654f97dfaf8098db7f978c21f62223fc0d070979536a81e4eb5423af76368fdc2f61538575ebddf4f25a0ec1380

Download Submit
C:\Users\Admin\AppData\Local\Discord\update.exe

Filesize
228KB

MD5
821f8a9484dff2ad81a9258141b00051

SHA1
3228368ecbce86becdf1d426b7e50abcb3d1aae7

SHA256
c0afb83186f108959c375e54f40f659df70aae2fdda1a89918ffbeeb976cdd7f

SHA512
ddda187c267def5f3f0026d71dd3b6de2e1e5d17f24237a2401ead5e8adb2ff055f152dca5c217c9d9e97cb5f81474e603ded15a73b96b4d5376ac9cd1737a00

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\10707

Filesize
15KB

MD5
a11c0fd021291e946e0ac0172068d80b

SHA1
6da2d3afa23a49289772b12a2f348b49e178b781

SHA256
97b9e0521c5b9f98ee42eb3a93ab513527762d9c39780515a3f55c9680e42d54

SHA512
6cd6a0b158c319b00b920dc291f651f1061780649fba84e249940be89a5203c34fd0e40480a8acd2f1ae78e92b34b8ebcd8d18e8e68980023cdb99618595f0b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\1243

Filesize
25KB

MD5
845769f11cb267b5daff0b812b6b47bb

SHA1
b924a8b743bc92e71bd7fe6ce53c2e48ffab04d6

SHA256
e6a1c2023d4b6883b1107e6a2033feb39022fd8a235b58bf8a3ec40e57930400

SHA512
3fa9c8e04db22d3dd4e4aeff17b8061d356d72d12d0b5e4a3d8cb28a2a1ca00406c049b4dc292a21bf8312991cd4157f5340e433f2f8179591ff013db90d8999

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\14843

Filesize
15KB

MD5
4d0648977b9eca7413ab9dae5bdd83f9

SHA1
ba40296e4779a73d98b58493b2c67f4cd03438b4

SHA256
8cdc30e361a6058ddae84c9c136dfe7f840361c68a0573144de8a4b0e7a92095

SHA512
396607024907e3ed7e9a1518d05391c159acca7b071c1366dd23cf71c21cfb540f58211d0cdbdef8fd18b3891ed409e9d0f21a01b9f66579668ac0d0e5606328

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\15028

Filesize
17KB

MD5
c48a8870c0cab78a0c02fa16a9e12ff1

SHA1
a60ade584fc6f5ecd440f62c81e7ed178529aae5

SHA256
68e92fb381f9c770acb47421f85ae07200a4d1dac84b0416c3b454313363475a

SHA512
1300cd1f56e0f09388651327ee0ef3b0bf21dbad2d6521a156ae056b2165027d38bb219831d9165e6e6eaca56c73df99017d19414011143f330a2d7df52fff6c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\17668

Filesize
15KB

MD5
96a94e90b8036909f18e0631178b1bef

SHA1
2a44a06bb928f558bdfaa84b5c39192a6a5d7d02

SHA256
1854a5845b7d568cd6105215dc173a9a877b1f1956b67622085df55a42b40a00

SHA512
259073cc93373b12b27d5863ed045edd73e4686a0244e3c7280aeb107da5c1c1b4a18de00ad02511b08f9c046a6a576e616f70142ed0544f553b7eda6d0c5c42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\20926

Filesize
48KB

MD5
aabc4344ca3741db50a3c221adc257d4

SHA1
a5263599d78b70c7c922017db53b8519ba2a1e87

SHA256
1489edb29465765776570c2489e60ec31842457eeb3aa2a886c0ee29aea56f1d

SHA512
67a895d746397fc6f2ca869f36f06012e36beb6e916512be12dd7a30e76f3c213e683335db008feb0939e4fa9e5cfa2f477cbe6794770bf0a605f0c75ab53771

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\21316

Filesize
9KB

MD5
44a8d8333820adb0176a32abc9db707f

SHA1
179abb254dbc3b9adf7fc21ce8a7f1b059646165

SHA256
fbad61fd83e01d8d258f7eddc9258777b54ef39965f5ec6b63887cfbc5971e89

SHA512
fa415ae69d4c48fa12dc8b0ebe3f67a865d6d4402269287f486de652268a070df2ef78f605ac7e6b9ae2a91df612e1602d5b5b930cd8ddc2b54e0cafaf2832eb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\22320

Filesize
9KB

MD5
46ec48e76420beac215f2deb1f14e23e

SHA1
c91b5232da368e7c46c20bfd5c23771b7b01f109

SHA256
3b50190856c903a179e3118bc5e579ac6047525cdc31bc45b4b319f7631ba202

SHA512
6cbce8dfab6069041dcfcac5c1e53b24b59d655e1cb51506168e37aeab884816985a02c8f0f7751bb0dc48e01cc39739879a43db66a865e45b7ae9f272967c7f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\24079

Filesize
792KB

MD5
297912349b8166af12eca397b957bd09

SHA1
e7754b0467536c6773caab5138d034c06da33a30

SHA256
3ca668a6f00fdcb2e9a0bd8dd6f8035696f8bfd168932f80288639c73fa36b4e

SHA512
4677397019583e47c91761399c1346a345a7472ac5f50613e5cac036f63dacd9381cf45f9810df1a1c107fee882d8279ac87d6d5742eca90e422eacbbd365319

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\24163

Filesize
8KB

MD5
48b93b6759481b521642a5dfd52209c8

SHA1
f2da726e631872f3e8b4458881e8ad5a889db758

SHA256
70f77ae6c5d627b622b718dc77e4773a4ce5bad63231fd5c37e04af92bf81d42

SHA512
b91d1a8dc01efdf1393ea0a69574720046db4da304ebaf56f2c97b4d656bdf037d3573c03f2a1361ed0a5abb723b27b9f02ee04c525ba4fb3590da92186c8087

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\24188

Filesize
31KB

MD5
ac1a789ddda4e4c51936dd2fb1854b40

SHA1
faf5d640fb4d986ad5760c88a7bb5d4f52f2af4b

SHA256
76d513782873315564f41549304e742b40856a1f38d5ea0d260f1533436d1e63

SHA512
205b4c5405f5553f9e8d2a2abfd9b64b53341cf004a8789a5784886841748ba066e083e4016f45dc3486221d42e25d49fbc4fee10de4055dbf8c1ca860c43118

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\25695

Filesize
110KB

MD5
b2ef6f13ca63345fba97367ae5b1e31a

SHA1
addd101ce94f0a1f3dfe67c10d89965a1f3ed845

SHA256
8d8043fd366e9310675923a2e44391583bc823c4085ab09d8b6ac30232d5afdd

SHA512
a352b22d810888afca17a5a308d7ccfaf2cf71d438d9cd422b59810e12b22d23646364b10035f7fc07cba18eb51c06e06a5cbeb30d21597d32131c865455016c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\26656

Filesize
15KB

MD5
85de1bfb62da7563178ec2af17a811da

SHA1
648ae4c297f3e6967c40e5a55d1138eb02300b20

SHA256
1c39986a87ed4b9339d7add081f9e2207d6d9ea992429254ce9423d1b6e6e5a5

SHA512
cc1d283b1388325ebc3424a2d9749095135faecbdb8cdca99a7c1dedffcc3037b48d0846c48e354590ebd1910560ef433e12424f1413486b067e1cb9a0cb1690

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\2927

Filesize
8KB

MD5
146cc50d9ca8583836fc7b833fdc7c77

SHA1
c68f20bd094973ad791e5ff397b18de0fb53f221

SHA256
2b82d1ae6b61abf7e8999972dc66db498e55cb52677f3927f259ca4f7e79fd5d

SHA512
225cf262f9d4250caacb1d3e6534b6a95f4efd0df6549939bf9ea5bbdf86a27353b217fb8d10aba2a8c73f807778fd8bdb172bbe05389da7ce8869262020bea5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\30337

Filesize
9KB

MD5
0961ae8a7eea95beefd4a5678ea485d1

SHA1
78df1e6edc8bbf06284e0a99269fb507ed4775f6

SHA256
2c3d704f1bd2b8b5de0ef3f342a36285ca718b8f611b21628456c6d86d2efd14

SHA512
460f7c1a28eab09cf29fe4e2f0ef2488309086205c86946a56932d51adf1d6232ba86e3c2cfe898478c7581a6cf4c291088acfa48293a4f921bf7bcc98436856

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\30457

Filesize
15KB

MD5
1ddf2efbf3b43bfcc453012dd5c1ea45

SHA1
a0a56ec7f7d8b33c89e948e53befdba4404c6ea0

SHA256
f72eff4724c0b74d4e936a538458cbfa94c83323b6b47aefb067723bc913b38e

SHA512
6a03ed390830911d19c729942c5ec2ac0b3e9ae9bf947aaa1aed63636cde4bd051e8fe9c4d91568a2c02f9b917157c7451a62b66e3aec9ecb085e5f8860e6386

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\31084

Filesize
15KB

MD5
78bd7dba573d835e6c5e96bdea0e1093

SHA1
3d35836d00de49c2312d5f7511986b2f9402f05a

SHA256
c89e08eb320450df10debbb8599565ef605a3a1584e59985fdc9b1ef94748a0d

SHA512
b5cf9dc86895d0455a748eaa36c89966a20347b936a1e974e6824df6b80b51360cce721275b4d7cb0b83310b10dc48b9616bb8e34847d1493d1258d74357fb70

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\4949

Filesize
15KB

MD5
d1950efbbaa41ff410dac6669c1d1dc9

SHA1
c220bfce621c5d30bf21d6d5e2f967cbaf2d0cd1

SHA256
d048c3dfaa1bbb1b05499edc0ba7348daea169a0de4b134b4d86ab025b1b3bec

SHA512
109c34fddd2c76a2cd9d3148e18ef67bb18702e51088d9ad523f32b1743d90bea551f01a976044ac0c744fc00d3faee2bc176d269796a6f49f3a531615a84585

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\8384

Filesize
82KB

MD5
f1a5c5d21dbbbffc75de3cf28d3c3c74

SHA1
ab55a8ce33c836eebbd70b306d93647c41b1a4cc

SHA256
9d8149fd490d767fbf34a2ad4fa95e5b5ed09c2dda6c0f84f92595fd8e8249b6

SHA512
13db53e1413141e55689ddb997ce5d671ee187049fb29b998e2bef8bd6d0d0cdd4389e98a28e66153a16e353827152d50c335129ccdc733889c7c07b841bcace

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\8482

Filesize
10KB

MD5
6d4f4af1ad90e134ef7014ca756e7eb7

SHA1
fc03075cbf384b00b4e780bd125261956756405b

SHA256
35296d46b773e2c713fd721bbcd7d27de2ef70bc97040d5614798654a5b87e96

SHA512
8d86378c74d826a830b55f76edd5864c7cd0037313f8955ac825f0194664452cc23e64b0d5256e894d96ab2e04d76b4cc32f0a3c848ea1bdbc27b24eddd1f296

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\924

Filesize
15KB

MD5
8aaf247233a44045f711d3bde7b4ec99

SHA1
afddc3039fd5ba1ce9164dde811364c13e6968ae

SHA256
1ea7437fd6cbc3ae994836080194f886ecf1060e23ba7c2b42e4f7e246c92947

SHA512
bf5e7724e99a347bebb4b7f80103fe78403b5ecf9e0ce922183af86c088f070d85cc4d5e4e1a0b148b62af0986ee1259b212b93e10aedf0bfd42253c076a8eea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\05499EA79AB2AB3C25DBE2BE6B8B3839DEF293F4

Filesize
31KB

MD5
9ccea5a2f53d8e13dedcf2f6ea1f8de1

SHA1
ab43763da323919b631ba36b2263307b172afeaa

SHA256
6d711af4a0484f49fe5f1fcef6633ac8d48225d689e1bbf82afdf35feaa65531

SHA512
e9ad35c8f345b7991cab4a74de0aba7745b4ebadbb885a11d29d32f1e1cf2c0d4ce1ff8ece34f65ee7a60cd31a241182573a3a2313eef53cac4455a58588eac8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\13D48512B5BDDCC315F6B9B5A31C7FCADAC855A3

Filesize
165KB

MD5
0c6a3e6bde90810805e2b038490ac1c4

SHA1
a13038a17542d080222928b60173c108a0ff0c07

SHA256
6b18d5b9f74fe1b84387f07768f22194220af8583b412bebef921cb8d5474a2b

SHA512
a621bf50aea78a5dc75ab4aec1fc74cbd8357386c536f7fb19b2e29bf4bc1fcec9ef52339350d72a95f7e37ce97bf1f643b3e89034451510b65e220d924acd64

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\33710AEF942E48999756AE428A39AC1A90AFABF9

Filesize
32KB

MD5
94db46a5d445f5a3833350b78136171b

SHA1
2fb2fdb97f618ac1f5012bcb4473bdf9eb1d353c

SHA256
4595d214bb442f2b69e09fceee68f134f0852517045083554cf0c2347ba78faf

SHA512
7962ab4755723369138c2bea41809b45bba33383902ee3df04c390057fdb064cfae1c706942968dbb4611aa23b6a24613458528fda647d6a6afa2d8328ed97b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\37791B1E4CE367BFF28EECB12868676DE1BDEACD

Filesize
149KB

MD5
8a053a2882e80d523f40c680c39ebb82

SHA1
f2d9508af846227a9b4aa6ab0c2adcc641edac84

SHA256
fc935fbabeeb54acf532f272654ec2c5e64d6bd21019ecaeeda2886edc35a8f9

SHA512
ef2eb621f3de2c25cc005f77870267ffe12bd66eef7dda11f7849d1ebc39ba35ad3489050cb11381676aaccd74a2cf253216324f4c7299d353ee994302f80e2a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\3EE6A3054D9C767C954B4489A1B17AC99696BC61

Filesize
21KB

MD5
7131c1ddc73095758decb547b0cc9d31

SHA1
00386640d6e24974a4d0fd2fa0acb6733b54ac78

SHA256
ceacbc7126632e6be61031645d094b25bc3965256faf07d3193e94466487943c

SHA512
7d872a7ea9c08b4c02211a4de18ab7ee72743df0fe2324190ee1debc8887ebccfd4772d2ac1869f362f27f5e3afc3c1e399fe064dcbd5e1249425b1e3e16ce0d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\4385CA86FFC2722EE73324D9DBBD3337A56EE7B3

Filesize
15KB

MD5
f93e57e1b2fdb430d9c72e69917f7a2a

SHA1
33d31b242d7be2fb3f968fc4cdf96abbf9215bd2

SHA256
7f40246cc3ad3fbcbd6f55593f0e20baada7f34038e8ee6c1713aacef9c4fb77

SHA512
a28a15e70ca50e0ff578b8fed7a7cf0f5bac3c12c778fe8a396b242dcecbf5ed445e84424e88f8a54d54f4d247f2d2e13176db90a98fad87f89f50d35228c2f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\44F24BE0D7C55EF1A7282799FA98CFECF6683E3F

Filesize
251KB

MD5
70d90977ebf8dd3f3e2969cdf8518066

SHA1
6771f5f1cdeeb907053e7c2fe22d92e3dcce40a5

SHA256
752eee3628412e6a2af139c0bf9c697d0a9440ad5d5114c860009eae0ee917ac

SHA512
d7947ad21d8973be8176761f22dd79ca011fec0edd53e6fb0b7a4b2b6683ee8b3c39335fb5632473803ee2b6d06dbda6d8bc199d70c68b46d1cc01f928a9e084

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\45514F58EE166DE19E4DE720A21DDF1DA12F6C6C

Filesize
203KB

MD5
e022851c5087c40b9df524249f4dedd0

SHA1
5062bc152fff468bd4d1e300c1a3961c7a7d44c0

SHA256
666bc894ff2e96170927b5c9ee2a1960022979008931fa804418af3f02297d10

SHA512
cea410bcb39b06d3785737d8705dc2901d91393b0f05f9531627bdece8c576d05516b72e9f207aee18083ea4cc59721cd9889ca5538d355d1b1f3a090f9a328b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\4E0C28FF25B34AA6D81276C14EFAA147A7403E02

Filesize
57KB

MD5
63df981803dcf7a09b6518152769f02e

SHA1
552e158ad033b3bd3e958030548e13facafac597

SHA256
de7611504b9bb9645a47a1f6aaeeaf355ebe46469d407a42165439761b9c9c0e

SHA512
e5f2430effabe304969ed614fc6ca4a21b8350010cc6e2ad7e632296a1d74c163bcfd73f198a297f25596c3070d6b8240b0794e316dd5ab780437130faf5409d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\4ED3C8DB0AE95FD1EFB3B9D5F983ADD35A2444CB

Filesize
117KB

MD5
f9fd1c6fbe822cd5f4b37c2c64e1939d

SHA1
d5dfd2810d54f343aa575f5efee76eee2488bc35

SHA256
42b2e3bbd9f8b1fdd0792e779bd519359cf5e57b1c5e9253ee79fbbd571693c8

SHA512
d1d31209b6bb1dfce7d8482724a15a4828d2517ba1731f5b3de7686da2563646bedfb66054001ba60cabee7b7b74514b92b247d8ed4bcdca5987a4afba5788e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\6A0E6FED3171E98F41968C0265987D737E5B019E

Filesize
14KB

MD5
631657114d4280a3d7f68a0bad613d63

SHA1
83bdf57629742603a5c6ea9bf3240ea36f1d832a

SHA256
7e8ad3ee7703ce73d3802fbab21615c2802178d3606257571a73fe4de257ccf6

SHA512
21c63b0df4df525ee87c48520e42cec21b3396a8ea134e33b653e667fce16c8b0eac9ea62cc916ac6c3f8f6f526fd4ec9276526d30177387904199b639aa979a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\6B768717A02D2983238AA6D91B24AF96E2A783EF

Filesize
111KB

MD5
ded6d74432be74be5d69422ba2f70405

SHA1
fa5cba7be0f1bd0402f8064908070c38eb5871c8

SHA256
e12b66186e3a144d0b66b09adba05bead782d277f38bf68c458b4ca0b9ef3506

SHA512
babc7ee7ec349a65ea8698611ab6fc51d4961c32b735aadd03ef86d798a6972c9136f5b2c9d3720f8286d7eae8c3536c118b2db54348c7865316751009223ab7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\7400E6202FAA3275993E457A5DCACB5E92F62740

Filesize
357KB

MD5
2b536d3f9f4de5b5cbbb946b582c3f6f

SHA1
fefc6be629449952f106d1085341a5ba8f409f4f

SHA256
a645d6276b64c7af2f24a269b8b8901ce63597a73f8bb83050512e64663c4a6d

SHA512
793f0840e48de1e73c55fecc5b445e4c5d5dc87ce0ee1feef548dc32901f315427b5351399978d5b911eb816554d98d669173f4a415d2d7d1a08153b2658e9fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\8A5B85579B5EED2F3A9BED8404AE64DB535D707B

Filesize
193KB

MD5
2686ef804d7d902728c1e7d4cee12fae

SHA1
6dc23b802fb6eb1b707c052c0fd8215ddbe96150

SHA256
5b05476453d3109965a4ec675cd37551ba263225bc2d707db5f40c4dddeb59a8

SHA512
2dba209e12f00b9c628dae893ea8bfbdb74bdc01ca764e97edb34c90b89cf36dc53f6f0a4c5a4346575ff78d283aa038ac5988f826fb426a9790634600a17ffe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\8BB0EC9DA22CE5BF6A6D393DDA2B6649A77261FB

Filesize
60KB

MD5
a79f28c5b7ecceb717fb0023d7b30406

SHA1
8be897715cdaae96c4f9377e49cb2b2bd3b378dc

SHA256
6e3e3c51373a921feb6622624bff3133c5d7b3ff0563f5336cf89ad1d961ff98

SHA512
4550396324364d8539c61bd3f057a538c6290f12207ad2a24cdeb2005bec9ef82eccc0157ad2576692fe51cf2ef8d9c810e9152c56956f4efde6cf6878499618

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\8D4998AAF2263B2DDE3C4999242D383D3F97A6D5

Filesize
1.0MB

MD5
634e34f70cfe2497501a70885011bb5e

SHA1
78ab47d9a24444708bfb7c334574ef89991f7270

SHA256
1c222f4b5054daced05452cfaefdc9a2142d862a077937a167cc929abeefde5b

SHA512
c64b45ad8f3a7af3032b0b48024aed39c5a5137bad37877a0b0390ce1711abe57382bca76104014a8631d55ad84da5a39397429b37ab5b5a0b38f996666a50c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\9C53821E900F2FEAAFC0F1DD639E11A4FC8E80AC

Filesize
39KB

MD5
ddf66caff3397ff602a66658c300aa24

SHA1
94fb37fa102ef0eef21b9b8e7d37ed7d88e40842

SHA256
c2f3d131564a3f16daa24028995e9a51a3a0656c324c3f65114eeda2e33e72e1

SHA512
a85501ac320bcf018e5cb987dff23401334f68dd8bd0b6b297e4731f2846b669ca9abfecaaf6db159eaf39d5e67afe0bd217a38d0ad8f281852b27ec49e7ae4e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
24KB

MD5
b720ee45317542ef3562e89741a831fe

SHA1
7018407b6a183a990d3a9c58ef9f7d5597d404f4

SHA256
61db4f99145611f7795a3de0f997bdef31415745dce90a3c8b10edcc32416f59

SHA512
7120153013404e1712acff5c970b334abbb54ed49be2d10360188f055bfe9f291c99d07459b96035e04267fb188fbae8453ff943ad7803ee50f8228256e9d126

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

Filesize
24KB

MD5
cf7aeebf0975e878c596cece9cdbee3e

SHA1
d9592618b8645adec24151bd0d65fd2c7697573a

SHA256
513534e8c40d7abc6ee6953ffeaafc931cc448ffc4777820be211ac155a42a9f

SHA512
c7a324dd51aafb0eb147ccae587302e96e993c17483bc4750a22c724d6f87f17a34decaeb69053b6202faa161b18705295f111a0a61820c27bce17731acbf794

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\BE35C9334FE39EC717E8C328726421E3F1F61428

Filesize
70KB

MD5
04475657f071f417576c694f45bd1f05

SHA1
076ce470237a25604fe977ff45add347e8fcda7f

SHA256
81aaf4eb86a591c0ee645916fb29d67c639a809c6f14042892eef9c499e03502

SHA512
6cfc2f30ffa97193c2c47d39b4509dab63ee7fd0919ed6a532777214d7f6e751a4eed5735ea7d4654c8f414f78619e471c14ba5e0e171e5581004920d36e66c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026

Filesize
13KB

MD5
e6fb2d275454a2ea8519fb29d4eb689e

SHA1
036473f18f299883f08cfcffbbbaa8f09b0aa9c3

SHA256
60377b0d57fa9e6181d9e076487c39ce6097c36a965594cc04803aafdc5e9a9a

SHA512
35afdb6a31d70b7d9ef776e40e613dfcfa1f91cfec5ae5fd758ddc27055f623e477d8369cbd2632b7fe95ef13cd349130af4c5a75f85b87837eb36eb4619bc53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\C3701B8A63E5E9F7925E15314CA973FAA2EEEFAC

Filesize
15KB

MD5
516ec4ae189073dc8e4619d90e4f8e49

SHA1
21b65c5363839a77bbc73c604cbf5e63455b4bb9

SHA256
49f77722c89e2dd412fb3749fdcf73e787891dd7d471cc1db6bb65f220e2881a

SHA512
c597fb735fbee3fd55fcc0105f26eb981c68cc24bf79442b7e4638941a9756f3d0afd50a116ab97e2da7535d002283529b51b3d7948cb3b4e61fa2cb5d6b5789

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\C877D66E1FEE4A8F461A686ABF9C6C60C7D3DFA5

Filesize
568KB

MD5
6fd6816409d621745281104edd840d52

SHA1
83b1459a2e9b8d6d38a3b490bb2e94f1c516f1fa

SHA256
7600f7ca6d0f10c90538aa5fa5073ece419cd03030126607bdd77ee9d6bfdd47

SHA512
c65f66d84f6086c15d0c62613f9245469fa6bf27681af3ea557cdde4dbb56cc134a89f6d29818133a710f899b001a3f2b08db0d8fcd91b2e98e581127bdef540

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\CB592AE878CBD877554FE6F3651622038422B388

Filesize
142KB

MD5
83664e5554d99986e26410fe68f39765

SHA1
9fc703467241da1a5076a1f6ae8dfc6838da5a58

SHA256
0a273c014ae5aaeba0d7fd4b9e6bdfd7699242e5f3b6445f54f4456205790e41

SHA512
261dc587ead795f7d86300ce43906c5056ae164cd0ed703a56ae303fa6b64004a20461892d296851c2a523465ce48719ed4e784ce5b148ce5f59449833b9385b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\D04CF55E17A7FBE3AE623BD420E0DC7A5DC930F8

Filesize
146KB

MD5
1b664ef6eeada3948b8cf6ce634bc6e9

SHA1
de09a0e35880150810217367929a5b72d153b6cd

SHA256
3c517f03dd7dcc8ac91ceb5251bc96af8b8dda356f2b4ef6e6d2417fbbcf3cd5

SHA512
019f44e7eaf793957f44b5aa4ad18d174e879fc3de28b8f3ceffcde847c1723ba9822fb5302a2d8020c24ce15b5ce4aa08a6ab30f941215627cbdcae11c9bae5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\D37C42AF76C4A2D8940FD17A7D8758235E8A2C9A

Filesize
14KB

MD5
0c1a1aaa405d16b75d6f945e5634d334

SHA1
ec3cb7e35c8853f2d0d50afbf7a4892bd470c85e

SHA256
0f96564ed799617d8d9ad8d07befc5cc19a54b525f5003714d3efb22b94f7e31

SHA512
33c85ef667fa36173b9b6d2257260ea978bd3c537638bf4d55b35db7ebe503266e4e361986d21699ab66667b4e4fd2cf4a01eb1924cf66d32e1c624809daecd0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\D9AFE789F9B277FD06F574390897A26AAB5E4481

Filesize
86KB

MD5
8ab65179188709066e6fd9e65f980b78

SHA1
9fe68f197492993ffcac18c1ca66910ec7971184

SHA256
2887f7bdca073bc2c0f014f88eb5aae6ac6a3457fcaecfbd9aa511e772538923

SHA512
b703d5c161f4d365f382517df10c6166ee46fdd236d9242ceaeb469b8a415768910b9203c77291ec6383f0d6a5299f87c06cd46466a5bc723e33ef1b8a009a54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\F721289E2055C63C6EF1624770279A8D9CA644B8

Filesize
173KB

MD5
73e5009a6f9a68106a7a85fadbfb9cb1

SHA1
5bfc991cdbaec3002d596b1f33fd68f0a7ae7267

SHA256
8b7311bbb226ddd1eee4d86b5d224b7de42c89ac4dfa39b5a5b42bf50c84b9d2

SHA512
7a1b3fd018847464bbd16d3b43de735f47fc1aaf873a836e44b9c3b738e73a6b4b958e121672c6d392c9452159817c113d6756e9e5e27a544675f6d530a2199b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

Filesize
30KB

MD5
4cb63f7e0b63cb808710fd33fdf0bfdb

SHA1
92165e4b6551227e1c1d70ed1d6ca8eadd1d5c24

SHA256
fddd49b29084a12cbc5e8a3f1e5b9ff8ab8f4399e41204e5632e0b0349753da6

SHA512
034302ff4d489fdf64ae97737c3d3ee57eec7559332c92148e37a39b0ec17d0de3d33c59bbcbe2dde71b776d3425ded1ae257032b682b3c79bb85e437475aed2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\jumpListCache\2GMKd_ClTT4ixgWdyKG8Ww==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9034-full.nupkg

Filesize
384KB

MD5
8bd529f599e7dead4e817287481a40c1

SHA1
c6cc486e01970bac3979d23a7b55b447322f76e8

SHA256
a07464314b4f275fe795322c4418f22435dda65636e634eebd964006b2856a49

SHA512
06fda77fc1d581a45102b293b52332a0c022b743717cc75645286e4130dc5ea95e69a2c05680d43d7c303cfe23e238d397c4fa68f42fc36944e33609da808e58

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9034-full.nupkg

Filesize
1.5MB

MD5
ce1a00b47672cd1af359d86281f4eefe

SHA1
c51e20597e42946abaeb7e03a8edac752420c6f3

SHA256
74facb06eaefe1b7b78942c74d8afce69a6cca7f80789e5cb3c828381d46d53b

SHA512
a2097e75192edc247c95f67a6fa0b7afc9d98a079f716b43c6edd30d962a4ab14ff644a99687bf86c22bd423e4790840e837677c25a4bde6fc0a2d4869ca73eb

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
e9918809775d58624595598e49b57dbd

SHA1
d4e170c0fb629d2835e17bfefaefca66628184ca

SHA256
04e4b3bd71dac9838240c0ddcc37c69024d06d9780f6180b9617c6272647ebc1

SHA512
6ab392981d0806d41d1b991ea97be5b4a218997ef3646ee4528969660baa5bc70365d392640c6bcb9492c0fe5456b062e334c42e6884bf6ab37df372f7f79048

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\SquirrelSetup.log

Filesize
4KB

MD5
9c0fcdee60cbbddfe6ba60c30257bbd6

SHA1
2cfec9500fced9861563cfb946a44db744ffbe31

SHA256
45643fcf2d0f263989d5d310b926c09c4517115ce2a4494392a56e803b541e68

SHA512
a9a9a29c7801e798a01abc82e0d25da489d3eca173047e7a8cef4e8cb01ae2cc8732daba6740f6f4fcff53840724f2424e4345d9783004194b9231f0ce8a3a8d

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
320KB

MD5
63bf1d59fc7fea44a590405df76d3f33

SHA1
60ea9dd2365c1946a190d9d5ef79bb2b8ff06512

SHA256
a019dbf1bf7d033b9431e403bc19131757ce22eab2a2b9919e0ecd5f5f6ed130

SHA512
f1ffda4ea7db4d39f69ff89909991df30d89bf3018685d070953d1ae5adb90aafab5686f5a235255f3dd94f40b767e3a0d749356c706cbeebe25cb8c8c6d67b5

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
192KB

MD5
0f870e2e9896eefa26faed20ca3ed530

SHA1
f6da68c14baf65dce92f5f9b6ee45946d76115af

SHA256
25f9d6a7e04462dbe35e45754a3990c91d3470853b5dcb80ab100768edfd9053

SHA512
640ab1c1d1cc9a3703c580e5727c301b0079c8a0c4dc5b5d1582cb4c0ed3fefc932777bd426d6c60afa1d57076f7a5c64a9c22c7e3acd56dfd9d7dde06a90984

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1024KB

MD5
970aec1477033ea76bf2041b230ff74e

SHA1
7a3d8f1d82127bb762c41aac169302a5c6f1b8f7

SHA256
23e322ef5d7c8f6ec6b8f4df4addcc09546f17f9614d9310ad45a6b3606cadd4

SHA512
623ad906d872416e8fc4b383a599327585eab732503a179881d8301ad85fea6ddd980269d6673f9352ad844318b6ba5e9a26102626ea13e282ad8d0f816ce79f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj5044.tmp\splash.bmp

Filesize
564KB

MD5
ab867e66abaad50036f8dca8bcf3b63b

SHA1
ca0bd657610ce7b5b86514adde57e2b0f18a83b8

SHA256
c14a86e456f5b9783ed3e2118c9e97de6306fbd2b40cf9cd0dfb821b945c3569

SHA512
24b122fd7f8a48e03b387308e91ec1ccc6025a44f3e65404a12679ed50ce7633ce9f6c5b86efbc175cbed716478bd015e42711bd0148742f1ddeca5e3dbb1863

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
192KB

MD5
dcb398f1aa5e0f6c710a5ebf413b6a8a

SHA1
5e2a3080bb00f4fc962cd38239282c871195c578

SHA256
39f50d11731b2c3a64a55cc0cb3b7ca0b4cf67f46b99eacc91242a69027c5a8e

SHA512
d3890f41b2d6a6ec2c600493475d4b60006e1ba0fe665b55d5dbc4b5e5ab0e2486e4c4ccfb83b108ef6cf60e4328a31afce26102a8726376d796b35a1f866635

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\Network Persistent State

Filesize
175B

MD5
2b7e4377653e6e07536efe7fc1bd78a7

SHA1
cdd9c03b91e368bc14c4ac0ff7204ee698fa285d

SHA256
bd367325bb3c469e1aa6dcff50b6296b9b8d5bf5bed538f01f36c29b0603511a

SHA512
5dae5ba1af5ae6e52a39092bc5b4ebb454906c919735ab5b7f7a4c84a487e26376f68aee9c86265142e03c0f163cc0623094fa4f2936bff17504c2059ba112dc

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\Network Persistent State~RFe64f732.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
23KB

MD5
ec0ec49ce5d77d467cb09c543b0caea3

SHA1
458f0a1e23bd39f9a0b12dbd8e3aced8d1e591fe

SHA256
27ce211d07ce69222beeed4ab238c4f4e3791116cc64f2324405ae16d7bf87f0

SHA512
e913b7c8e3bcca1eba5dab6625372804550f6b92ecd7a8685961fb5fac4a270676d08d088726c0c05c0c6e8022da8ff0547d1d2ca7d1e4fbbab097554abc7920

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
f7f52e687ee05328add548c373f38fd8

SHA1
11bed17d559301b488f126f68e510bdf307eaea3

SHA256
2d7ec6ab09ee28d1f78983034826d11d405f0f3f5f261be08d1d7490181cd93b

SHA512
945410285ec4cd477327caaf8a47496ee7866065c765ccc55642650679b682fcb08e1bc12d73f96b6c88660262370ec50660381b174f5cd30c7ef8c08f783345

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
23KB

MD5
7e7ae940cc16751f3272695cc949a7c2

SHA1
8ca859d19e2b691f892ae936d036a70513af994d

SHA256
e6af9606c7d192c0c0271b779ce955b7339d7b038ac59dba9a3a7817c862870a

SHA512
d78951d3766618363c800ea9e9dd0cea6c14e2d7fbbd9526fe25b47ff30291b264be6f2edb0f5175e302892f34687777563d21391ac2829c43f87dfe86976567

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
23KB

MD5
60b6496e68a60b75ebef4a58dc20f606

SHA1
c7f0ce9d67f5cb340f16b6ebbc1886603a1a6442

SHA256
d4ad2851050ca1bda5a639bb449ef6b01e12a389b99ab1aaa61808ff5833b383

SHA512
c5337791aa16bd1a4579942e22d0039a0d9dc48b7fdc074b1d39bf4e0419241819be66729eaa230c10b857f3beafac25196fde96e359f688c2d79a3332a0b3da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
25KB

MD5
f6f298d1711597be481084058027dc43

SHA1
60d77880c701345a58545f7f1ae33773a86fff37

SHA256
682cb826de1831a599c51282cec7d3f00c73ee886a25e7c9634fe1323058b19d

SHA512
09f862387e26d82e1a2df127e954d1ca490a2206f8875199113ca15a044b1d4e6ff9bbf2ab450e263352296f284918f139842947985801255cf786488657b3d2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
23KB

MD5
411af3fdea4afeabaa1a80c2c4a2d856

SHA1
ca298429688f8ec2f653d8d2152978a8938ddc26

SHA256
6728168da58d21e69b0f475f30e57aed18c15ba60afcf6047a9fb3ee0b55bbd5

SHA512
e565cd702d0981aa0d9f2674d18bc528e75ea0388b089e765d6447a99c4c14ef1a38070620f5c7f776c0ba11666cae3157dbf17184d02e051add577f4ef8d964

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\AlternateServices.txt

Filesize
9KB

MD5
b09de7baf3a6d9d6879005e83f9a4e55

SHA1
adc38e0ed5412013cb6910730ceaee27bd4a43b5

SHA256
f62c08d9e61767e9819a91ba195a832f774928f3f3594a7639cbbaef8285514c

SHA512
cd745449aaaf2f3985e6d1cc50cd7e906914588787511fc67b28168dd40dfbc98c9664a9abe197116ea5d365b2626c3a943f124a30474067f9f8d819afc505a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\SiteSecurityServiceState.txt

Filesize
708B

MD5
c8a36d6527b26330d8136195743bb283

SHA1
3802a766cf6fdf8cc52c7f77b02de2752e5db45f

SHA256
7b6cbce775a1a859d7adbe4117da136e009084df821f13b299b457a9a44d53a7

SHA512
af3a911f55a197edc6ccf8e8a1b20e20ad2199dc9f7c1d008bd26f277c2107e639a226d2f5e3e2815bc82c57503f47f1efa2eb52067b42ad6283295b768667d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\bookmarkbackups\bookmarks-2024-03-07_11_8isp+gHyP3QyHg7eXV012w==.jsonlz4

Filesize
950B

MD5
4f250385aeaa84a357a344af5ad6354a

SHA1
4f1ca11ca083ed02b315c489223a20017a6ecbc4

SHA256
1496d4f20935c304d2e661264713fb152b1558850d404b59353a09e7f830c264

SHA512
16e9f6c632ecb3f96663d06f567445f294a0195a922e9e2105893550fba609767602cbaa87dd5380c5888274d7988b25e937335f58200e91db9cce6cc375c0e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f3653891c35ab16845483d29ec0b9381

SHA1
33d63b852ead70b612d32644b277c10fbec28c64

SHA256
d5be4aa71d615992f80d1773ee4dac98051a5b984764cd95ffc25c1db9a5a05d

SHA512
7934e64cde6397e53fa2aa1f953eaed2557753f7113d89cf712f3ba3044656e70c4de546f56d35353f2001a700964b3f495316f9a16b9ffe19c6294b7cf12a51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\515df76e-0d08-4694-81c9-1fe0dfb04186

Filesize
10KB

MD5
5e80d8ee1790cdd3477f2d19ea73b40b

SHA1
2faeb676a7a6cb33fd8e2c7a7a7ec74f15452e9c

SHA256
8bc13db9f6811bd438785e31d1dd958cd569eb3e77422fdaf9e645708438c93d

SHA512
8e0af05dda438902c9d0c153de073416a7a095567f89ad62eacea58a2c77c3ab8a50daba6c50f6fa183753321ed25b3ff3278485adc8994c22c1b8008cf64098

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\c8ae6e74-7755-4c24-a7df-953494dd42af

Filesize
746B

MD5
3a8a6c946d525af3cca3a0d219035aec

SHA1
5cb3d753b77348ba69b3016a6d80edd78d24314d

SHA256
ee881f72f490855acf9b0b95a81c72e7a757f1cac4bfb206cd8b689f319e7e24

SHA512
929515afc61e64c4910d68640594b6b62c2d2bed47182375900ad317fa19cc0ad944b1e8a26a3d5479e3f0961fcd92769c021025234a24b8511da542fcac4f00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\extensions.json

Filesize
36KB

MD5
6b9fc09a4ec51bd67c43ee1e55c6c004

SHA1
222d592aa915a53a174a6f25c333780878163ecb

SHA256
77b766e049fffd6a8ce1aedf94a9b675910d0d08ed3e52636d977a6ba55f30df

SHA512
7cffbc8862ae8d1852272ccb4f3745a425f266259b96f4ce284d7b368c71121240d34cac2b242e8ce5ba4d7b14f88b8ae02cfb027da312c4113bb964b8b7e619

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
384KB

MD5
1dd833340be9137d7b765e4bb641163e

SHA1
338916baa6cf80013c4b4708170550a53c846e56

SHA256
58ab599e64be01478e22211de2312309b46db5a480719470bd2dbf86494230e7

SHA512
6ca1eea0beacdfeffdb64fcb414f134dd91dcd494ebb110568de2bf8e12446a39401d560d7e030c70abca03fc661d7bf97f838325854883a08cb6d5437e9f01e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
4dbea6fcd62f59881a128868e3a8b635

SHA1
6ae1eb4d923fe3b372a2b9b7b7343dc5908b93c1

SHA256
8c87dcfba9124fc1eefa9b1fde079216985ab19a11a307db117a5e93e6847f95

SHA512
73da46ec4c45e4dab5474cb92c8123c76c7929ad875899ef3529f520a99a3658000eb9b7e437d293b658f679ed38f0dc22bcec701bd25ad25b560caab12862fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
8ff9fa198e87b33809bd91576e18b33a

SHA1
42564cdcbee6f9cfe7b779ee2bf316051da2112b

SHA256
4995bba26d2ea5ad2a31ce2dd4f7377cacbbe57ba30a5ad376cfbad36828f92d

SHA512
ca4f20d771ba2626bed566f8d3a22f2e03cb41ea0f5827fc3527cae60626b170749553912ad5da43bf937cca446359677b19c9959a542749c6ae2325f4f534c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
27d9e6ff122eff4b082c16cdf992db91

SHA1
2004e58899429196177715ae9619b168e06d0c89

SHA256
857a1ffa739be18401bbf569e42b609bfcbc54f96faa5de6ba4fb0c5d7a444d9

SHA512
bfcca5a4198ecb57edbb7e617592d0ef850db6e43641e1a92c3845a5c31afa3fb10ab2cdf573d5ba466a89e75d2fc6696764fa7ba6cf8432bcee044785817f9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
37fad84d3244200a150ff2f03f926634

SHA1
20b63cd1c53199469368c4815e00dbe1aefac459

SHA256
e5d6b99c9622d01d5bedc6fc18e3be5be88fd8d0df2aa1fecbf0810505505940

SHA512
b476e8b383ed090ed929e6af579b3038f4cea89ad3ee30aafb5d2d4cf13ebd461391ba7c4fd2e9dcdac73c8382ea5ed8c54c081c1bd09f0cc61fa8a3dfe11767

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
a7762d04beb8654e50fda732440ac8cd

SHA1
54aed1ab3db037f4cce8f58243146f2977578973

SHA256
b3131d7795b1afee410b0eb8014e3047fefe85b7bd5009b0c79110a34d807759

SHA512
55d92b57acac6e5d95a9d0d62116b69255d072aebd5f1ff8c4873e5e8e7d61178d5580fb2e1afe1e5238b08491e1bd6f592d55ca55c13a12e6d493572974726c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
7KB

MD5
7b4c33f4380d55c7260bc88a3297ac21

SHA1
35cf22a39144f0684d50a2e5f2c07245346a5506

SHA256
539a86035254839b112ddda11a8c73235ba6cb525160be42e91b7cab4600a4d9

SHA512
3ecbafc8d7bf6ed7932deee2ab29815077c6c579197283616f045955d82a33aed67c10ae7f54682feff903f1713412dfafea88eb9930af90e668818d1c3aec47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
7KB

MD5
3d96b37d3cb40350c1f641f360e8171d

SHA1
607dcff8563e85eeab8f5b4bb6f52beb31f0933d

SHA256
e93028235f251095ca9fa6635bda972f6e2a43675e50520a2bb3b57ae01e0bec

SHA512
971535c11f74646bc784372f8726c9ba92212a9bcc7f57c2d68f6861f8fdcfea00fd350452d939fc11e9216275b42280267d7ae42fa16fd01990708e91f0b5a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
9ea67bae7954a4780b3e536597756e93

SHA1
f38d209b39730d388e9bfc6f20f827f2a23e4325

SHA256
e00c7a435aab2ed20fbbe8ad2e17634ee1b02c2392346ae3e726bce02397a6e9

SHA512
09bc47a6232ac89dc2f2e8a64de116a206d06bef0840edec9dbb032fbff008655a76afa9601f641d13f38ec066fd9c5a15aaedbe8ed26887d8c590114d24ae03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
7KB

MD5
7c414e54e4139d83bbf2b1709da6c148

SHA1
e01080f1e0a79587869099ce2f1ff7b9040b7d9d

SHA256
b79cbf5d5adc1b649ea2df8dd2132921a69e5e891dedd091285580f6a8eba46a

SHA512
6427ee87f98376bfc0786aa8a23b776f8441d69563748af31708fae4fa8c0c9d99ad6bd18c7425d0b6712629e5d348cc170c8025c5e67165608cbd1df4e0dd03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
d17c89ded05051f3ac7f096f3812449f

SHA1
6696bf1926b874938992bae2ccdf1a72ab288b88

SHA256
a16abcdebac06bfcb9bc758acdc3188acdd6f0ed3a07e16eb7232c7adcbe95d5

SHA512
f8b5caaec3c86ac43232bb453b16af5b6018abdec4cb49d9ef9fb964c4a79cf824e38dcc0a5782bc967f7fe9a13cb970d7452137df0fc9cf4a7b517ee232c9f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
7KB

MD5
5a456b7cfd7bfda8032ce4bb5087c592

SHA1
9db1a65f6fc6bb59792b36522628d298c83f95d9

SHA256
5509b9d9cb18757c6bb6f0fcb9e52eb2f8945676feec987a012713ce58c95de5

SHA512
f30ed1d4c468c1b1288c549f80e20dc6711696f2288b60a66c4be20c5727a0a1147717b108a15407f1b2abff67eac70ecba01d01b4812bf87764d11b88b9f89c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
7KB

MD5
24e96bf25d7528236f80d70374039274

SHA1
856e3b6e05fdeeb2a6af0d51cc80940fc6d3ead1

SHA256
69762a19e6a0d1e4262b5c9e22874c00a4ce46bf164c3ea70ccd9342300dafb4

SHA512
078925c9968ffb54f40bf5efe068f50b256836e3fe303b63c5fba96c6359d0197027c102bba69275d05eb281558b2c49979082b05c170da367bfd38b9a7dd427

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
8b24ce30123ea2ef4bde5c1bdbb2fc93

SHA1
f0aec57427853f22c32eeb62b31a1814f4acc8ba

SHA256
bda97adccdb7adacc92a88265bba95bf0b439e869dfcc0e12285735df7604583

SHA512
5d5c4f1b33191fd5be5239a92b39b76ba09e42223c4ae4cb71ac6551017c5eada7d0f67146c34d234106c695b978ea17bef7cc8a1831afb46bcf7d6f9b3a1e5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f4a53437afa2ebc401a1e261f1b561dd

SHA1
033fe94593b5d1217e60baef7734dae359c67390

SHA256
4fa980b2f75fc3d0bc309b4d05d56703903f569e17246fc61300f6c0f9827948

SHA512
f3334a152ba72a5b84c00de34b2d006d34575a895f84fae862bbeb85a7beddea4d8c06d3b67eef236b33db8f27e70e59e2a16fc8bfc49c1ea245d3d0d47774aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
f4bee39a41da34c1a1e87108628a86c7

SHA1
71010237d8abca1b5b6dae83061f8889032d169a

SHA256
1c8a809d62d09c0cc0d2675552c188da6f5ecff394c1368b846efb4b6df83323

SHA512
7a1432c4392e29a166de4e45ccfc41c8d3d38812642180e224d1ce863901dd9381950fa1c6d9ad35fecf7942caf98b5b77e445408b0ce0a677a1afda022a3727

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f283cf53dca159e61fa933edb8468826

SHA1
9620dce20cc9f820c2d03e6a96b3475596c77bda

SHA256
251eb7388114ad3573dc42d95976848e642af5d6bf1f70838ce8ee132a4ee0cb

SHA512
5b274043e5bbefb711a01061a5e42333f6081456e3a1176da368f38be0b8a7df0b9eb3152b83a85bf8b213eb4720bdd9bc228bafa88a52ab664d777c2c6fc126

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
0090320ac82910f49b4513b687082877

SHA1
6df8bc376f198b78e6f1b725a0663f4c1ce1d4f5

SHA256
7d2a652b79b1e60c69d198303e23dd61b4923ba3c5911cc5bb28f9c51065ed10

SHA512
90056b6f64b1b73fd19d9b6a8cdeb536c00554bb0088470fe4a516b037c01170f85361b3f4482efa6bc817767f9d8f09abd39b8d95ad841aedcf5224b2cc6859

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
77015e8871470ffed3a7ed8b0772b594

SHA1
df5e229e2e24f56ddcb6128b2c731de7f7c39de0

SHA256
ff2c8e9feb5ab1608a14bc17e0f8dc77689e656a6712d3b9f3b9fbb803f54aa6

SHA512
69423d3c408b0916d60bc9e5cc840edb05df35c77485f2698674374c98051ba13ac6c826494c6d05b5ff97de30ffd0e73abdef1fe8a4a1860c0ab786bec1b5a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
6cf47dcb556ae473c157e058b405f95a

SHA1
81d2f6c54497caa6d767095eb91eedeac6ad321b

SHA256
71ec24f9d89eecba3a68ff95e9ce0b5ff690675de72b4510fda80d4119c3c3b4

SHA512
d4f455ef3c76a42f20be97070637d5b644055bdc4a3fce8591d4efeb5a3edb922bc72d063743937232dd67cb6d6f7171836ced509c1d66a984596cd1b9dab570

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
a0d00d51e70f52d6b75fb6cbd3d0afa7

SHA1
9ff6637d8dd032446900e6d37989109d24c9bb9c

SHA256
b0c3dd670a04998177a7b18ca7e459598485b7c3f764075298e4ceb391940249

SHA512
a0c3e278f2a61dd15c1041116d97fac61eadbc68f0a06553c76c35dabb89f1a0027021b210006d48e5199dd70cf3c3483fe284f7ed6f550cd46e06ecdd089b17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b909161773c5c4d76bf79152380af3df

SHA1
4ae235cce8cb709b51a18349d398fa8c63a2d6ac

SHA256
198838c4c68bab2164aa263b48bf90b6edc4028fc421af4190100557c021ff4f

SHA512
d9d2a1053d930bb9a8d932356604a50874ceda959124c49dd3331b6246fa378f5a39402f06b82d01346cbeaf98e396e4cb1eda096b9e9ac3c9f1f45745f6effa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
ed468a895637f3cf2ce30840c01f50ca

SHA1
ef8d72351daa170bfd1248de851258121fb118cc

SHA256
5af4a08c2e9eebf7794b2b38fd9d4e002e63f6eef599b0c2dbe3525f7b8008b7

SHA512
1e2022ebb31362feab217f45fbe57970049e53525902db7e605f75e6d397bff7d0f0dbd976e3f4d0f37169cb1bb1822d5ab21d91691772324c87f482adabd551

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
df945cbad76d0ed908f047a3a1a60edf

SHA1
6f4b34441f7885099a4ad1d604bed742806f13c8

SHA256
e7473e71670f91e34561a010cbcbdf47da23981b080b0252ea2d03c802115a53

SHA512
00ecf3a508e43136f522e0c1952b6824db4a159862b91b14ec0fe5e194df1fb1cfeceb1b2c3e4af22faab77a31c5f3be778a46f568e8f77374459463b3d92a36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
37bc0cb40fc92f662104d0cf41a1d142

SHA1
c45af91ccfe38604f8d02a098e6e0474764d803d

SHA256
4f53828f48d84a9cfbfc2616ae33b5fda6addd52c23eec52c43072578f744db1

SHA512
91d81d239de2d4739aa0dd3a874ed45d3f2a8d6acb943a2b1e28f947fad91b121a5c62fd95f85be112176226aac86135ef39ff5b1a4294f19ca0a438500860ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
22KB

MD5
114f28f94ca7fe5fa0e1b649e04ee806

SHA1
b4b1238ee522ef8c6ba98a94726f5fedf7c9779d

SHA256
26d3951f09171ef048174bc28edd3567d11cbc38880a35ed5bbae5c0af51a784

SHA512
db2e5924993bc1f19bc4941d30a9f4d60f1e04fc63f5459c34e15984e35f76bffb444b7656c4cde1fccb9d9113eb6c63a859d07e24b5d1bb05a47316e4694131

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
888fee4874bb52ab3f62759a7a186e76

SHA1
37799dda10dd1d98f2445e9026854caa783afaea

SHA256
cba98d79f49de2a6c5df8d4d1bb4de034d9e46683cfe5456326566e96c21d828

SHA512
05922e7d6b980c5198e9ba78c4709dc52990cddf8d54484a31481f584711e1b5fdaa0022acd64f4e426ef2994c06128e040db9fd0a0349317c733d0c60b86ffa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
29KB

MD5
d2a46266583adc9ddfb862917cdf7c82

SHA1
2af5814183f63792b9ccf1c77c2e2a5fb5d21ee3

SHA256
5b2b251e790c4da18c37ae16a98b46197d31455f3d26f5d091b5a9312825ace0

SHA512
89d3327cc3b2c98bc5212744ed25a1952b4f815abf29b5040513d22b16610c99229b63c813a6c1fe773262e70507b366a806aee8872bc8032a40a4ff448833b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
20KB

MD5
df7463c80ae4252fdb5e4588e709119d

SHA1
d37c1b1cb12dcb500c4527bc2733fdefe61c625d

SHA256
064d71d0651f15071886b40c6e1b7b3d16caa84d18061675a746ab42ee356876

SHA512
934b148e3f8b15109d97f655100e1138b5f0c56dc0128446f901df93ee93dd14cc9cebe47bfb7d89480c9b6383cb93bdac6acb90cc708648f0bfd95485675219

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
774b2dd2ee73df20ccb6bfc31fa7285b

SHA1
74fd46ac0d1d14c2e031035850dbaeebca8e0cbb

SHA256
6febb8710cc4994c47bc542dba3eae518fd603c1b2e9b9b11bb48eae2b1437a4

SHA512
58e40cddb65f27d736a87e49d969c6cad59f8202c7af7b943db44df177cfde9d8e4ed5de935201e2a3f951689518e5f3232b974e1048524e249945d265ce7f0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
21f2cc789a694f650192d9d75ef8232a

SHA1
2b7805e7ff9b0bd66876559d099d7d54537fd560

SHA256
2c7d30be8637309ab5c87d5210339b309f052a33962d81b46d9b09d04322b9de

SHA512
57be85ddd924a81f0dd969b2844390b817055eaad22939ce8b2fe319bd9a51301264f80f865887cb8f6c5efa2f5ed8d1ac91e810091b890bde8e21b21cfeede7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
fbdc7c8f7a59ac710780a8f7ee513f31

SHA1
6965217a157ec3c49f7052c5ee35a25aa0ded8a6

SHA256
f136e4f6c89d0dd81b6ec9f47af2e9b80710479ca797de531c6b904d2855c764

SHA512
ea8e21dad244a5c61a58b23dd63171ba20a58ad25ddeae19f0f225f08f2be9a41c661a244fa5c8c91c1b7ce60399b3c461a0762d23cf7670193bc28896fd576b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++betterdiscord.app\ls\usage

Filesize
12B

MD5
11292e4b88440ecdf986c09c7e658830

SHA1
ab007f8df29b189a4eacc2f1580a300d526777bf

SHA256
b585cd2d21503a0da5c2bbdf5b99722486d610a0d163bb5d0ac4618d0db58825

SHA512
73d40fb188e27192603372393a6dd04a5ab38b7ba2820d61541d6299559720c61a315e4ff66648e34f4e7748bd289200c109c889d2940865da8edc9fe021611a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++betterdiscord.app\ls\usage

Filesize
12B

MD5
d4f217a4935103d1322cde56ade2f286

SHA1
12651ad9c2af21a68cce0c34598ef25c5b4517ab

SHA256
1c15df15ea4a78184a5bfae07ce648d9a97fb71ba2ca0be0bc14e13e97d26aed

SHA512
25fba79c02bd038961426b151e57c7f59bac5cefd3c5ed01ec77d760ef38b8cf31c7144c4588760a623aab2f80c9b18e07ebf6bb64a6765c10a8e4e6594f1113

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite

Filesize
48KB

MD5
5cde096269da3240bbd196749b31f382

SHA1
553c266463a1e95e8c040dca5643b43b08e3e6a2

SHA256
b1ad113aa16ac50150b0fd914eb9fef45db665751959b28d14774216117f1054

SHA512
822c112c892426cb379f8ce7beceb30d95e6f94d1fccd5d63796f60ae0b6e2f1df6c21f418b009206eca99a98c5287a457e65c3440d4538dd2e658d5cce498b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json

Filesize
3KB

MD5
0dede47c0d13e16fd0a3f98f41bd7f5f

SHA1
771047a9c23e19c0f72ebe4d2824ccbfb5385605

SHA256
dc64d3c57438812067922e95ccbeb113524c7555c48ff72e880f56b9c8305b80

SHA512
4c899c59fdd2da24f031d08f7871705d543b8acdb2ceb8efdef78582ebd7004f78dfb0314c40220ce4586100f45a1a2f8e58d626e99faeb9f5b89cb28c3c2fac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\xulstore.json

Filesize
141B

MD5
1995825c748914809df775643764920f

SHA1
55c55d77bb712d2d831996344f0a1b3e0b7ff98a

SHA256
87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

SHA512
c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

Download Submit
C:\Users\Admin\AppData\Roaming\discord\7f4fd72f-d3ff-45fa-9d66-2dd2a2cb75a3.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.dat

Filesize
40B

MD5
7e5455ce128960b7f9c25af73819f29f

SHA1
f29e4a7ed49ee58af9f29c7da4058cda51c30068

SHA256
0aedc428e00094ff50d754d51549b3c5531eb6ec496e1a91bb19ea376a622ef2

SHA512
c5048b40ec28d76ffc18f37134622c45d185b8ad388b1cea82a7675b84f787995150ffa54d4c247df48a91698e6c10766325d4c126ba587b62cd8e5e02be0dd1

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
624B

MD5
b0c47638e481b7d9009e2b67535ecf58

SHA1
0f74591caedb35232614a92e0479d10263e1c44b

SHA256
09ff2022db0b8486cf6d9d45b28ae99550d2f12c8138a3919bab315af16c1b26

SHA512
7c41925c4be8d40f1ccbe49e6d31f7bddc535a52c34095527ef9964b6ea52b0d618a522a375c4ec66c000b6c9cba10c825af9b3ec15e36aa8c1001c71d58cf11

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
593B

MD5
ccea7c3915e9bbe5ae48c02535bbb6b5

SHA1
c2087be810cf73ea78808abe2b4c6b55272155dd

SHA256
39caece8b941f2eef8f5b332b114a0eb2c9e5a522b887abf3a44880547527c7f

SHA512
82c1f9f78db3bfcc32e32922002431d4d86f545d39a69309f4b504b519f2f3a22eea053d46406cf8d856d0a17778adc5f88d4b79fc67dbcb4cd0e3eacd0373a1

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
593B

MD5
4490f49d149409aedb36ae1c86880f25

SHA1
9525e38d150dc2c1f96f386d7190aa21e0b242b0

SHA256
4f211fd58038ec34a21ac14182b6660b667a71f33e81c1a672df80e45e2fc3b2

SHA512
e007f8ac1ad7dd731ebc998192f056c59adc5376848c8999a69c4b14f67f86fe4881df1523aa33eb8ef2f2ce4d58caa9c60580fff920f5df574eef1e4ce1faa3

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
370B

MD5
378b72e2c3e56c76bcce1b28f4bbefb0

SHA1
a927a29c1988053a37ae1ba0a274d34ae6ef129b

SHA256
f02c45a84adff134b35816afdf2a730a0561b649f309f51c37baae30452276ea

SHA512
7644a310931467b49e1386b32521c1d464e7d3cf55be75bbba6a6addfb29fc13be243c46ea2523794009cde22abb8e10108c88e1e9199f70ed19331c76a3406d

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
370B

MD5
80aa3627b2fe915ff4e535160bf8b134

SHA1
4014b41515d7ea843f5ca2c984764ce99cbd4276

SHA256
af3c1ad1ffa896c218f40c763a8f975b37bd760b5a6d5d58d428f0eca8469017

SHA512
b9c8eaa83155e21f7c6e76d9944d8a7f87f817c355bf559759ff946b7c1f0a4916c2739b7744282f8aa754945d8a3cdbea878e5dd4c0898b62e3bbd2e33bcbaa

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Preferences

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\discord\sentry\queue\7a83abd1caa3444db1484559112b1751

Filesize
7KB

MD5
28f5053df735b1c490d560229b6914b9

SHA1
096a922bbd46d678a843ecff4e04be34e65f4eb4

SHA256
cfc62e7d077b6209bec7c002f1ba8ca4fa5a106604c61b9debee32ee03ee73fe

SHA512
77f07e19b6be94c1cf6a09b6b9ed55dd56219c6b8e6918d06f3e97b29c7ad4163d2aa7b182e163699df233e8e4d2ddf18ccb317848d13e113c7407fc5e7ce8a3

Download Submit
C:\Users\Admin\Desktop\AssertGrant.dwfx

Filesize
416KB

MD5
72e80bb3b59c85dc0169c2dfc21a34d9

SHA1
a1046e55a083073e4e7941f31be0aaf2b56ea062

SHA256
3c21ac3397bc06efa1a044749a5e26396efd8d9e1e58311e9ad7230a6ddb01e0

SHA512
bbdc520c664075775ce163564d6090026255b905ddf5335a3de773df3ea744b38f41405d53c259644505f1847c1223a63407af7fd8aba61107c345da1428a83f

Download Submit
C:\Users\Admin\Desktop\BlockUnprotect.wmf

Filesize
310KB

MD5
87d58c3a3637c18f4887ac52f9564890

SHA1
bd3dc9eb22a48e9b300a6542b0d95998baa9e38b

SHA256
8e6ca14db1326947344096e4b537f222605b3511a96044a6d9f58c99f6383cce

SHA512
eb060bc27f1f1562704b20f74614c8e915e2e5279923fb0fa8b0a9e0d869d259b944be25adb43b11518be67b6f080f9f33950c5bdc637d18dfbcb1a56651dc7d

Download Submit
C:\Users\Admin\Desktop\CloseInvoke.M2V

Filesize
508KB

MD5
9f24e42c1134c32ef6703facc4589529

SHA1
f4a0ee8253d271cbd767d4363d7b1f128c5dce85

SHA256
6556ef97d1e2763270e53cd47cac813f4e036f2aa8d8404c9e09d8eb4621bb28

SHA512
107b93cf1b7d842595f451acc2d2b3eef1882d79a26b969597f4fe466a80d6d7d079a8f0b012aaec2f42ba3201e217377026d98f8845d0640e8445cf8bc4a2a1

Download Submit
C:\Users\Admin\Desktop\ConvertFromGrant.m4v

Filesize
1.1MB

MD5
45cbb6b820e110b34a02cd6ee4b8b73a

SHA1
80c3a292b9d4074baed40bfaf9dadb68eed720e6

SHA256
cff9a24e0e849c3b513c8f9166cad8c7a0ac2cec86efe16a38a634b5aefdfc53

SHA512
722827d01e57d0629e141cb39a73aaf27709428d0ff11bdaaafa64ed882dc8a55d191c0cd6acd53efb091f1096511d2ac3fb8466798719e223a08f805a7de782

Download Submit
C:\Users\Admin\Desktop\CopyRegister.vbe

Filesize
267KB

MD5
1c5e14eebe97b4dabf9f471e64918849

SHA1
39403a92e3ba93f3ca4447c4ee850586b5e6f62b

SHA256
a98c2574ca9840aac5338344ef2eb92386d3a8b76176457575210d0d01f4df1a

SHA512
8c797538519ca4bb0fa4d610d5d50cad9686ee533131236f7a962dd4acc9f856768dfd74e30bd6175df0387cf60f60cd7bcf09d645b79451d0af20a3ef084759

Download Submit
C:\Users\Admin\Desktop\EnableStep.rle

Filesize
531KB

MD5
1a4e8f9cac50c4c3b549e42fd3dcac39

SHA1
6d9a03668cf266ed0f555be756230c24e42b1009

SHA256
a861f5e7c8920b87c7617d8ebff18e07543da742336048f3e83ee341cfd7f747

SHA512
cacb85ea122d89b17883b7d6e84b2a0a4bc28d6cfac3e16333e5cd5f02226bbf1418390cd5b22a66f21445e29bcd5b2a30ad9bcfab43302e609483600493149a

Download Submit
C:\Users\Admin\Desktop\EnterRead.wm

Filesize
485KB

MD5
c5f9f122fce796995b9bc5f5f56f4edb

SHA1
425273962b4beca2f5bcd94bb28ac450f60115c8

SHA256
5c67287c12e980bd796da93355030cb1be73ea359532de137c78be44cd067b26

SHA512
700267cf961244a29d750760abfed33e9da208a62f3d6aa1501a763483dd4bc8242d1f202e1710ce6fa54a399ffa5ffecc5cc4b564f8f54fe8db4c4593342ad2

Download Submit
C:\Users\Admin\Desktop\ExpandResize.ps1xml

Filesize
129KB

MD5
2b24ca07bb32fa33939370b7222aa186

SHA1
3249482edc5859054216489a205825ed51aacc0b

SHA256
1664cedde5d7def1118a61706a195edb0c5b644f3de8cde1ea3ab323cbf3425f

SHA512
2565fb3206e526a557306a8dafc22cd86487f113ba92e5b835c7ea3d34ae48acabbf62fa6e44300e66663705f3dc698135502aafa0d4477abc38e6193f5aab5c

Download Submit
C:\Users\Admin\Desktop\InitializeRestore.xls

Filesize
159KB

MD5
900e536ecaad4dc476d9cff7c82838b2

SHA1
c02ecc6bed59eafc5dedbf205eb45cec9e749967

SHA256
332120909c1429154fbf6d31b7ec509fafe37e7dc0ca82426e34c0aa056aed16

SHA512
7cb2ae0489aa36f83c613da6464ab0f7712e550911fba1fa7195503ab324e3a0ec5108128d37c0aba631291fcd21fc7024c38dc31377308ad6ebcbf12ba00537

Download Submit
C:\Users\Admin\Desktop\LimitNew.easmx

Filesize
300KB

MD5
1bf38b2dc8d5975d416152ab5cd5b76b

SHA1
a80f376b82b0f79db5d3a2b36ea0aacb65825db7

SHA256
3646fc6407cc2e297065570f4883e02a8bec5bc7fc48dfdd71bdc6544b5f8329

SHA512
7445a66612d701784e887f7bb86e1c8fefb3d58f896b09f47cff9025a7c0777a8ad5d957a75f3756ab0cf329d4f78211941ccdd5c205d2f8cd915fbde5c8f167

Download Submit
C:\Users\Admin\Desktop\NewEnter.wax

Filesize
439KB

MD5
85b84e80c090b872b65d909859e29109

SHA1
71597d18806710c42558651a68f2e9e83e436a5e

SHA256
41137cf79a98fb7256646cdd4fd5d0b70be2f4ae62eca7829525f38f8bee1457

SHA512
534989a75d299033ed6e45807c606ce355fe55dfd1fe0db9811d361e6cd5ed0ecbcb784af9c8ce43822a299fc4024526afc4cc60d5fb16fa9a6822120794968e

Download Submit
C:\Users\Admin\Desktop\OpenDisable.cmd

Filesize
369KB

MD5
cab6b751f2feeed279b7c12cb24c31a2

SHA1
7d8248e8205a9a7278fc91c9802de24e9f230e7a

SHA256
93aad4f1aa1285657e547e61556cb55c982c692dbedae6f61dfa0349fe6e8c89

SHA512
9b9896fa3459e914d122dbab561ca5a420297d9bf4bd57f900db9c0983c8679ad7e829c1f271fce7f529c83c63267ca8f9a80711d8d44a4a3fa0c1135956c12d

Download Submit
C:\Users\Admin\Desktop\OptimizeUninstall.rm

Filesize
146KB

MD5
4a0aa1e4c468f68d94a4e38de05a867d

SHA1
f183e002f556accbf8928999c0fabe23d9f96855

SHA256
8b9b95a42b823e3b708d391deb08132021aad9c848983f79be63763394091536

SHA512
5ff72a72b1bc4933dcc33f80ee230a1324ae989cef753aec23e7fdc64ac012b6bb12b21221a2784e9e2476a0d4e7f80f083cd1bc31933f426379a4129f9d9654

Download Submit
C:\Users\Admin\Desktop\OutInitialize.dwg

Filesize
124KB

MD5
72931997f5f4794a048a6c80c907edeb

SHA1
85cfd349028d5908ae7c8e2a582c477c6843073a

SHA256
d681d134320ef46755c5995ade5494dfdeb26f89b65672b8cdf586454725fe5f

SHA512
94696bb453b0ea939827646d765129ffb03667ed667e52fa85af20ff30d74daf3f1d302ceb3da0b6bc4b110976481df0a0b370e221e6d55d62e432cc195a269f

Download Submit
C:\Users\Admin\Desktop\PushFormat.cr2

Filesize
363KB

MD5
b06c777ed4be2f5545307a46e58bb1af

SHA1
fe9ea459d85e35384c3672ea4193f3ba627a2afe

SHA256
2e62aa956e203b1b7e04b4905badf01c0d76e2fb3a0c7b2ac4dd15c67b62b959

SHA512
2f5658f75dacea16c870de42643c48dacbd4d961729c37303ec7fb5f0f99f267d8a53af7a46736fd708acc13385ca3b7dbd795875feea98bd2dfeb0bd7a01401

Download Submit
C:\Users\Admin\Desktop\RemoveWatch.tif

Filesize
156KB

MD5
4f192b480689003bf801170855b50417

SHA1
da0c52cffdf35a32f0f94089bb1f6ce8dd1bc231

SHA256
2fc89ae3ed59ba3fcd9377763b0a1324eec405ce06ed789314205d8076c03dc7

SHA512
79dde29f2c0c661ea3f89f676d14228fbfd2523d9be8e9295aeb3c84c1c565c299022af59732bad586fc6830eaa1e65b34109de52fe174a6fd444eb8dd2aa427

Download Submit
C:\Users\Admin\Desktop\ResizeInstall.jpg

Filesize
277KB

MD5
c2b8e8a7e3d9094930d015efa9c30f27

SHA1
020bcf02edc76f79c12a9d6819ef507c95dfec15

SHA256
9a0ca26e55e90ca73993c60eeb4c59655f4116ec52b2595021aabce6d410ea77

SHA512
d19bf274713403dcb57a743176c21fab76144456a9e8cf8daf7326ca81febdee51a83fb80c1d9fe24a8bd28fdd983c523c4525baca193e15b57ae92f732ee656

Download Submit
C:\Users\Admin\Desktop\ResolveWait.mp2

Filesize
323KB

MD5
64a372cc5f64cce19239ed57447c832b

SHA1
e6975c2cad0c906a4b747edd5117a78a066b69c4

SHA256
2021716f1bd03fccb0b218e4941d2a4d867d52be392095ee403dad225d8070fb

SHA512
0f4e9e95d37b4d1e661778c497c463b26d22895b74a7815de1d8e4849c636ae3ec453348d1c2b1d73170875e620df1ef8c17dca2278a694f71a2f85171282e7b

Download Submit
C:\Users\Admin\Desktop\ResumeMount.xml

Filesize
201KB

MD5
caba34d8d14a332a0d06692288d07617

SHA1
06fa07db835153abbcc5356debbac319e6b50fdb

SHA256
df335d23d17df1177828afa7e5668a2e75519257dcdfee8759a8bde8578a89ba

SHA512
a047fc71f23bc02a2a16df25f7467a3d618a672879702d1adb07ae438491dcc4e5cf5c7ab31eacfc28384f892aac6078f6b1869ab13d701f3e7d722d624b552e

Download Submit
C:\Users\Admin\Desktop\SaveAdd.vb

Filesize
109KB

MD5
e09a65b28a20d3b50cf0426a75b9e23e

SHA1
82c0660ebfde432754ab7b1454b2bc7e7a846c29

SHA256
9db7d6cc7b228a656633027018e98ee55d116dc4b21d180e2146e2e5a64d0582

SHA512
2785597bd4540235724545b74f7bb89a9b5cb6272cfdd2af0e6b0fa3f492704846153c50b281c8b1ffc9771adb15a2b85e8745dd611ac3d7950bbad669d150bb

Download Submit
C:\Users\Admin\Desktop\UnregisterSwitch.TTS

Filesize
346KB

MD5
12b8b7793ef98f729a00dd531e2a9864

SHA1
654ef6c768c1278cddee16550317d58d2cb08e5c

SHA256
645c442e7ee65b111c5e8e6f94fca471ab071385af603c2197caca43c6e21c15

SHA512
6c463adcda976f276bfebc0dec1acf8f73442e0658e524c2defb767002aaeb0bf3b9863b980a8fdd233fdc35b9ad168a541d4558bc0a4fec857ae8f19e32c65f

Download Submit
C:\Users\Admin\Downloads\BetterDiscord-Windows.2DZm6IBL.exe.part

Filesize
128KB

MD5
936d118bf004ca6ba2905f9da3875f52

SHA1
55e9218470fdc1125898ca0f932e5d787f3ef52c

SHA256
ba5dca04f4fbefa42ad5d6638856c9b1d8a9f40e10a3f8a63c2ab4ddfc3ee9a7

SHA512
5262e8460ee20777d2c13dbdca4aad050026e1cef536361adb4ecaea7078f2c8b0a62f1d109dd0cf9ce56a81bc2cd080357f236e95175c51729853e6afeb4f89

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.IvzhBFH9.exe.part

Filesize
44KB

MD5
c1015e6f381a496d852936d9333e4902

SHA1
b63e9aa6956c69fb9db0af786d2a458b24debf4d

SHA256
f731d23b38742ad89c15620f0280cd81333d50502cd791583e271138ee53d2b8

SHA512
ae63d4168391a41600b4fc35ae734471034631c6dfe936d0fb681a6b0b696f79944d5f638d30c55a6330f21efcde94fb97aebb0ae605596ebdf754f82a9b2ffc

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.exe

Filesize
1.6MB

MD5
8d5fb5feea49ef0ccf5f436130bd3fca

SHA1
b6a174f9fdd2f8606fa42f36724b0d8c8a7b4d43

SHA256
977cc3ce6ef7222e877a669473d78893c0aff0c6bb6c0488f0c33b8966017142

SHA512
1c30595f9752c0683469ec1f9ef8918c96ad6d535f751082bd6067e0799eb417bbe33da10e7c2631812fd46963197c7abbb5416f83acf40cc24f6cf38666f361

Download Submit
memory/772-2588-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/772-2585-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/772-2586-0x0000000004D90000-0x0000000004DA0000-memory.dmp

Filesize
64KB

Download
memory/1212-2601-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/1212-2605-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/1928-2597-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/1928-2591-0x0000000005620000-0x0000000005630000-memory.dmp

Filesize
64KB

Download
memory/1928-2590-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/3256-1674-0x00000279DCA50000-0x00000279DCA51000-memory.dmp

Filesize
4KB

Download
memory/3256-1688-0x00000279DCA50000-0x00000279DCA51000-memory.dmp

Filesize
4KB

Download
memory/3256-1680-0x00000279DCA50000-0x00000279DCA51000-memory.dmp

Filesize
4KB

Download
memory/3256-1672-0x00000279DCA50000-0x00000279DCA51000-memory.dmp

Filesize
4KB

Download
memory/3256-1673-0x00000279DCA50000-0x00000279DCA51000-memory.dmp

Filesize
4KB

Download
memory/3256-1687-0x00000279DCA50000-0x00000279DCA51000-memory.dmp

Filesize
4KB

Download
memory/3256-1679-0x00000279DCA50000-0x00000279DCA51000-memory.dmp

Filesize
4KB

Download
memory/3256-1686-0x00000279DCA50000-0x00000279DCA51000-memory.dmp

Filesize
4KB

Download
memory/3256-1689-0x00000279DCA50000-0x00000279DCA51000-memory.dmp

Filesize
4KB

Download
memory/5792-2600-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/5792-2596-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/5792-2598-0x0000000005760000-0x0000000005770000-memory.dmp

Filesize
64KB

Download
memory/6384-2185-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/6384-2175-0x0000000004CC0000-0x0000000004CD0000-memory.dmp

Filesize
64KB

Download
memory/6384-2174-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/6404-2500-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/6404-2501-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/6404-2503-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/6536-2607-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/6536-2604-0x0000000004BF0000-0x0000000004C00000-memory.dmp

Filesize
64KB

Download
memory/6536-2603-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/6576-2622-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/6576-2623-0x0000000004F90000-0x0000000004FA0000-memory.dmp

Filesize
64KB

Download
memory/6576-2637-0x0000000004F90000-0x0000000004FA0000-memory.dmp

Filesize
64KB

Download
memory/6576-2638-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/6788-1029-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/6788-1087-0x00000000073A0000-0x00000000073AE000-memory.dmp

Filesize
56KB

Download
memory/6788-1032-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/6788-1474-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/6788-1458-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/6788-1432-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/6788-1028-0x00000000001E0000-0x0000000000356000-memory.dmp

Filesize
1.5MB

Download
memory/6788-1086-0x00000000073D0000-0x0000000007408000-memory.dmp

Filesize
224KB

Download
memory/6788-1084-0x0000000007350000-0x0000000007358000-memory.dmp

Filesize
32KB

Download
memory/6788-1083-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/7036-1046-0x000001F45F020000-0x000001F45F021000-memory.dmp

Filesize
4KB

Download
memory/7036-1065-0x000001F45F020000-0x000001F45F021000-memory.dmp

Filesize
4KB

Download
memory/7036-1058-0x000001F45F020000-0x000001F45F021000-memory.dmp

Filesize
4KB

Download
memory/7036-1062-0x000001F45F020000-0x000001F45F021000-memory.dmp

Filesize
4KB

Download
memory/7036-1056-0x000001F45F020000-0x000001F45F021000-memory.dmp

Filesize
4KB

Download
memory/7036-1055-0x000001F45F020000-0x000001F45F021000-memory.dmp

Filesize
4KB

Download
memory/7036-1066-0x000001F45F020000-0x000001F45F021000-memory.dmp

Filesize
4KB

Download
memory/7036-1047-0x000001F45F020000-0x000001F45F021000-memory.dmp

Filesize
4KB

Download
memory/7036-1048-0x000001F45F020000-0x000001F45F021000-memory.dmp

Filesize
4KB

Download
memory/7036-1053-0x000001F45F020000-0x000001F45F021000-memory.dmp

Filesize
4KB

Download
memory/7200-1325-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/7200-1347-0x0000000002E10000-0x0000000002E30000-memory.dmp

Filesize
128KB

Download
memory/7200-1408-0x0000000074500000-0x0000000074CB0000-memory.dmp

Filesize
7.7MB

Download
memory/7200-1326-0x0000000005510000-0x0000000005520000-memory.dmp

Filesize
64KB

Download