hxxp://discord[.]com

Analysis

max time kernel
672s
max time network
673s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
24-05-2024 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Executes dropped EXE 19 IoCs

Processes:

DiscordSetup.exeUpdate.exeDiscord.exeDiscord.exeUpdate.exeDiscord.exeDiscord.exeUpdate.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exechilledwindows.exechilledwindows.exechilledwindows.exe

pid	process
1636	DiscordSetup.exe
4264	Update.exe
1588	Discord.exe
4780	Discord.exe
4040	Update.exe
1028	Discord.exe
3960	Discord.exe
1820	Update.exe
2956	Discord.exe
2748	Discord.exe
5324	Discord.exe
5344	Discord.exe
5336	Discord.exe
5524	Discord.exe
5800	Discord.exe
5684	Discord.exe
6832	chilledwindows.exe
6772	chilledwindows.exe
4112	chilledwindows.exe

Loads dropped DLL 23 IoCs

Processes:

Discord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exe

pid	process
1588	Discord.exe
4780	Discord.exe
3960	Discord.exe
1028	Discord.exe
1028	Discord.exe
1028	Discord.exe
1028	Discord.exe
1028	Discord.exe
2956	Discord.exe
2748	Discord.exe
2956	Discord.exe
5324	Discord.exe
5336	Discord.exe
5324	Discord.exe
5324	Discord.exe
5324	Discord.exe
5344	Discord.exe
5324	Discord.exe
5344	Discord.exe
5524	Discord.exe
5344	Discord.exe
5800	Discord.exe
5684	Discord.exe

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

chilledwindows.exechilledwindows.exechilledwindows.exe

description	ioc	process
File opened (read-only)	\??\A:	chilledwindows.exe
File opened (read-only)	\??\L:	chilledwindows.exe
File opened (read-only)	\??\J:	chilledwindows.exe
File opened (read-only)	\??\A:	chilledwindows.exe
File opened (read-only)	\??\N:	chilledwindows.exe
File opened (read-only)	\??\R:	chilledwindows.exe
File opened (read-only)	\??\X:	chilledwindows.exe
File opened (read-only)	\??\B:	chilledwindows.exe
File opened (read-only)	\??\L:	chilledwindows.exe
File opened (read-only)	\??\J:	chilledwindows.exe
File opened (read-only)	\??\K:	chilledwindows.exe
File opened (read-only)	\??\T:	chilledwindows.exe
File opened (read-only)	\??\X:	chilledwindows.exe
File opened (read-only)	\??\J:	chilledwindows.exe
File opened (read-only)	\??\Z:	chilledwindows.exe
File opened (read-only)	\??\O:	chilledwindows.exe
File opened (read-only)	\??\T:	chilledwindows.exe
File opened (read-only)	\??\H:	chilledwindows.exe
File opened (read-only)	\??\L:	chilledwindows.exe
File opened (read-only)	\??\Q:	chilledwindows.exe
File opened (read-only)	\??\T:	chilledwindows.exe
File opened (read-only)	\??\M:	chilledwindows.exe
File opened (read-only)	\??\O:	chilledwindows.exe
File opened (read-only)	\??\R:	chilledwindows.exe
File opened (read-only)	\??\R:	chilledwindows.exe
File opened (read-only)	\??\W:	chilledwindows.exe
File opened (read-only)	\??\P:	chilledwindows.exe
File opened (read-only)	\??\G:	chilledwindows.exe
File opened (read-only)	\??\K:	chilledwindows.exe
File opened (read-only)	\??\Y:	chilledwindows.exe
File opened (read-only)	\??\H:	chilledwindows.exe
File opened (read-only)	\??\I:	chilledwindows.exe
File opened (read-only)	\??\S:	chilledwindows.exe
File opened (read-only)	\??\Z:	chilledwindows.exe
File opened (read-only)	\??\B:	chilledwindows.exe
File opened (read-only)	\??\K:	chilledwindows.exe
File opened (read-only)	\??\S:	chilledwindows.exe
File opened (read-only)	\??\I:	chilledwindows.exe
File opened (read-only)	\??\G:	chilledwindows.exe
File opened (read-only)	\??\M:	chilledwindows.exe
File opened (read-only)	\??\U:	chilledwindows.exe
File opened (read-only)	\??\Q:	chilledwindows.exe
File opened (read-only)	\??\A:	chilledwindows.exe
File opened (read-only)	\??\S:	chilledwindows.exe
File opened (read-only)	\??\P:	chilledwindows.exe
File opened (read-only)	\??\P:	chilledwindows.exe
File opened (read-only)	\??\Y:	chilledwindows.exe
File opened (read-only)	\??\Z:	chilledwindows.exe
File opened (read-only)	\??\E:	chilledwindows.exe
File opened (read-only)	\??\Y:	chilledwindows.exe
File opened (read-only)	\??\I:	chilledwindows.exe
File opened (read-only)	\??\M:	chilledwindows.exe
File opened (read-only)	\??\V:	chilledwindows.exe
File opened (read-only)	\??\W:	chilledwindows.exe
File opened (read-only)	\??\N:	chilledwindows.exe
File opened (read-only)	\??\V:	chilledwindows.exe
File opened (read-only)	\??\H:	chilledwindows.exe
File opened (read-only)	\??\O:	chilledwindows.exe
File opened (read-only)	\??\E:	chilledwindows.exe
File opened (read-only)	\??\N:	chilledwindows.exe
File opened (read-only)	\??\U:	chilledwindows.exe
File opened (read-only)	\??\V:	chilledwindows.exe
File opened (read-only)	\??\G:	chilledwindows.exe
File opened (read-only)	\??\E:	chilledwindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

2 discord.com
4 discord.com
5 discord.com

flow	ioc
2	discord.com
4	discord.com
5	discord.com

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 18 IoCs

Processes:

UserOOBEBroker.exechrome.exeDiscord.exe

description	ioc	process
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_2956_71483151\oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_356824127\_platform_specific\win_x64\widevinecdm.dll.sig	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_443814050\Google.Widevine.CDM.dll	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_443814050\manifest.fingerprint	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_356824127\_platform_specific\win_x64\widevinecdm.dll	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_356824127\manifest.json	Discord.exe
File opened for modification	C:\Windows\SystemTemp	Discord.exe
File created	C:\Windows\SystemTemp\chrome_url_fetcher_2956_2000170379\neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_443814050\manifest.json	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_356824127\manifest.fingerprint	Discord.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_443814050\_metadata\verified_contents.json	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_356824127\LICENSE	Discord.exe
File created	C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_356824127\_metadata\verified_contents.json	Discord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Discord.exeDiscord.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610412131979957"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

Processes:

chrome.exereg.exechilledwindows.exereg.exereg.exereg.exereg.exechilledwindows.exereg.exereg.exereg.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord\shell\open	reg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{AD693045-959B-48A2-9AFA-5460B17B6FF5}	chilledwindows.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord\shell	reg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\Registry\User\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\NotificationData	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9147\\Discord.exe\" --url -- \"%1\""	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord	reg.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{46CCCD00-5F7F-467B-A628-17F6D3F8DA45}	chilledwindows.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80d43aad2469a5304598e1ab02f9417aa80000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord\shell\open\command	reg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Pictures"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord\URL Protocol	reg.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Pictures"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9147\\Discord.exe\",-1"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe

Modifies registry key 1 TTPs 9 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exe

pid process

2800 reg.exe
4356 reg.exe
6024 reg.exe
6068 reg.exe
6136 reg.exe
4472 reg.exe
2600 reg.exe
4240 reg.exe
5404 reg.exe

pid	process
2800	reg.exe
4356	reg.exe
6024	reg.exe
6068	reg.exe
6136	reg.exe
4472	reg.exe
2600	reg.exe
4240	reg.exe
5404	reg.exe

NTFS ADS 3 IoCs

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\chilledwindows.exe:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Pictures\download.jpg:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

chrome.exeDiscord.exechrome.exeDiscord.exeDiscord.exe

pid	process
3324	chrome.exe
3324	chrome.exe
1588	Discord.exe
1588	Discord.exe
1588	Discord.exe
1588	Discord.exe
1588	Discord.exe
1588	Discord.exe
1588	Discord.exe
1588	Discord.exe
1588	Discord.exe
1588	Discord.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
1788	chrome.exe
2956	Discord.exe
2956	Discord.exe
2956	Discord.exe
2956	Discord.exe
2956	Discord.exe
2956	Discord.exe
2956	Discord.exe
2956	Discord.exe
2956	Discord.exe
2956	Discord.exe
5344	Discord.exe
5344	Discord.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

chrome.exe

pid process

6980 chrome.exe

pid	process
6980	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

Processes:

chrome.exe

pid	process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exeUpdate.exe

pid	process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
4264	Update.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

Processes:

chrome.exe

pid	process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

chrome.exe

pid process

6980 chrome.exe

pid	process
6980	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3324 wrote to memory of 684	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 684	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1724	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 2740	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 2740	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe
PID 3324 wrote to memory of 1772	3324	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://discord.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee747cc40,0x7ffee747cc4c,0x7ffee747cc58
2⤵
PID:684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1884 /prefetch:2
2⤵
PID:1724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1760,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1992 /prefetch:3
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2192 /prefetch:8
2⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3012,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2952 /prefetch:1
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3164 /prefetch:1
2⤵
PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4404,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3528 /prefetch:1
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4348,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4592 /prefetch:8
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5032,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5152 /prefetch:8
2⤵
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5144,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5296 /prefetch:8
2⤵
PID:3744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5148,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
- NTFS ADS
PID:4604

C:\Users\Admin\Downloads\DiscordSetup.exe
"C:\Users\Admin\Downloads\DiscordSetup.exe"
2⤵
- Executes dropped EXE
PID:1636

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
3⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:4264

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --squirrel-install 1.0.9147
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:1588

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9147 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x530,0x534,0x538,0x528,0x53c,0x7ff632273108,0x7ff632273114,0x7ff632273120
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4780

C:\Users\Admin\AppData\Local\Discord\Update.exe
C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
5⤵
- Executes dropped EXE
PID:4040

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1896 --field-trial-handle=1900,i,12343282697869631296,4753286593624888805,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1028

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2176 --field-trial-handle=1900,i,12343282697869631296,4753286593624888805,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3960

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
5⤵
- Adds Run key to start application
- Modifies registry key
PID:4472

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
5⤵
- Modifies registry class
- Modifies registry key
PID:2600

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
5⤵
- Modifies registry class
- Modifies registry key
PID:2800

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe\",-1" /f
5⤵
- Modifies registry class
- Modifies registry key
PID:4356

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe\" --url -- \"%1\"" /f
5⤵
- Modifies registry class
- Modifies registry key
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4640,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5188 /prefetch:1
2⤵
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=6072,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6084 /prefetch:1
2⤵
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6300,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6308 /prefetch:8
2⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3492,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6268 /prefetch:8
2⤵
PID:1576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5024,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5672 /prefetch:1
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5852,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5952 /prefetch:1
2⤵
PID:3340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5904,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1040 /prefetch:1
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6428,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6424 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6468,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5860 /prefetch:1
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5976,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4468 /prefetch:1
2⤵
PID:1868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5696,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6396 /prefetch:1
2⤵
PID:4272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4496,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6564 /prefetch:8
2⤵
PID:1276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4448,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6776 /prefetch:1
2⤵
PID:1028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6912,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6928 /prefetch:1
2⤵
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7088,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=7104 /prefetch:1
2⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7248,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=7232 /prefetch:1
2⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7380,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6940 /prefetch:1
2⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7532,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=7448 /prefetch:1
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7648,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=7668 /prefetch:1
2⤵
PID:4776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7828,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=7852 /prefetch:1
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7824,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=7984 /prefetch:1
2⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7964,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8208 /prefetch:1
2⤵
PID:2364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8232,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8336 /prefetch:1
2⤵
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8568,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8588 /prefetch:1
2⤵
PID:5648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8136,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8156 /prefetch:1
2⤵
PID:5704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8776,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8108 /prefetch:1
2⤵
PID:6040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8756,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8764 /prefetch:8
2⤵
PID:6072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8748,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8816 /prefetch:8
2⤵
PID:6100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3760,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2700 /prefetch:8
2⤵
- NTFS ADS
PID:6728

C:\Users\Admin\Downloads\chilledwindows.exe
"C:\Users\Admin\Downloads\chilledwindows.exe"
2⤵
- Executes dropped EXE
- Enumerates connected drives
PID:6832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=5672,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8572 /prefetch:1
2⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8500,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8508 /prefetch:1
2⤵
PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8744,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8660 /prefetch:1
2⤵
PID:6044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9112,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=9144 /prefetch:8
2⤵
PID:6544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9108,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8896 /prefetch:8
2⤵
PID:6628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8904,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8928 /prefetch:1
2⤵
PID:6064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8692,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=7204 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,3423882694125158749,10715489018932020557,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=8600 /prefetch:8
2⤵
- NTFS ADS
PID:5480

C:\Users\Admin\Downloads\chilledwindows.exe
"C:\Users\Admin\Downloads\chilledwindows.exe"
2⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
PID:6772

C:\Users\Admin\Downloads\chilledwindows.exe
"C:\Users\Admin\Downloads\chilledwindows.exe"
2⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
PID:4112

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2888

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004CC
1⤵
PID:1352

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:1820

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:2956

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9147 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x520,0x524,0x528,0x518,0x52c,0x7ff632273108,0x7ff632273114,0x7ff632273120
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2748

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2128 --field-trial-handle=2136,i,4539335673930872483,13636090717687619172,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5324

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=2168 --field-trial-handle=2136,i,4539335673930872483,13636090717687619172,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5336

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2300 --field-trial-handle=2136,i,4539335673930872483,13636090717687619172,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5344

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
3⤵
- Modifies registry class
- Modifies registry key
PID:5404

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=2136,i,4539335673930872483,13636090717687619172,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5524

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
3⤵
- Modifies registry class
- Modifies registry key
PID:6024

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe\",-1" /f
3⤵
- Modifies registry class
- Modifies registry key
PID:6068

C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe\" --url -- \"%1\"" /f
3⤵
- Modifies registry class
- Modifies registry key
PID:6136

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=3852 --field-trial-handle=2136,i,4539335673930872483,13636090717687619172,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5800

C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=3248 --field-trial-handle=2136,i,4539335673930872483,13636090717687619172,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2184

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:6132

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:2676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:660

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\D3DCompiler_47.dll
Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\app.ico
Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\chrome_100_percent.pak
Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\chrome_200_percent.pak
Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\ffmpeg.dll
Filesize
4.0MB

MD5
34a86c7a13ab91972883df3e3e2eb9ab

SHA1
88cb2d58ebf507dc96f9c72051e90a5aeb6de03b

SHA256
88e4dc54a49083defc4ebbe97520f8fa701aa23eadb49620006367640d2ea24d

SHA512
68ec3062268936a6bd8bdb0e97488a082d10ad9f169c27b5422ac17b2b7e3f28dd44b9e49d8af18f29074f9830213478d95050d910a0c801a12bbe2fcb6c57d2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\icudtl.dat
Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\libEGL.dll
Filesize
487KB

MD5
c502f0b22b24eaab84561aa1c5e4da53

SHA1
29594a4d5de1cc3bb24c9364169ba5e3d3e71bbd

SHA256
45f9e83f6c5a282adff76689b6996dda9883d9d9a85992fc9909f723c470f0ca

SHA512
7a014d6943bc70b1b1852b23144408b7c6fbfef3b1bb104c954e4ee8de1a41db80b207b912ef7fde956e0b170db4075f82925419a48ef48ad35d3397b4092504

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\libglesv2.dll
Filesize
7.5MB

MD5
a18a279444b09e7097d49564d10ccaa2

SHA1
a3e566c85cadba9ae48ff128ddec097a413e6a87

SHA256
bf7d30ed4761b0cd19ec18934447ee254f23413c8d831f6d64521bd087fbbfce

SHA512
6a6c5234b051b5d4b321921430fd77e760d9ea59b3edf260f17edeeb98ba899dfa292dc4e4c9ea7d5e094201157395c8c3abae5b14c6007f891d49d933c7e86a

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\locales\en-US.pak
Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources.pak
Filesize
5.1MB

MD5
e9056386a2b4edac9f0ffa829bc0cfa0

SHA1
f8d4b8289ebb088c9997a1fde1c2f12aedd6c82e

SHA256
546456d9a1328836a99876824f3beb7279f38403cd001515f5d9eb204939e57c

SHA512
c49e832e5c16a1846ea882395e83f9cbe9f4f6b44be9f0c7276d0a4495b88091bd95593c5e167dba853834058d7ca823db60d2fac73434ed952b7064b2daf6da

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources\app.asar
Filesize
6.3MB

MD5
12722f1f6a97cef65dc24bb4c8049e9a

SHA1
20098990d4a272ff87bfba34a6a3fe6195e22fd8

SHA256
21eee017072356ac5430688af44a8499f2230f847c391fa96c5816bf38aed0ab

SHA512
b9209c66e716d30195d9bb423a6e9ac6e7118778aea9ef0da7a269b1762e1b5b1e0e406c0cdc5a50759081e9041acc9210a91dbcd7dfe67c82d973f3cba2edaa

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\resources\build_info.json
Filesize
83B

MD5
29758c7a31b168e9cf70a533e5aa64f0

SHA1
68886573a1586259e409786181412c253ece150d

SHA256
136281506525bfcc8862d2d9ea9597af93281cd4da4b3595083e3c3613eebafc

SHA512
4a8b3b14d0fe9a2cc66470986e8971ae325f3ab06ebbce90ba488015a7e29a7fdb578078e5309eace8077b4221368c549cda3f6e4fcdfcf0962081001c01c6ab

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\v8_context_snapshot.bin
Filesize
627KB

MD5
1e4da0bc6404552f9a80ccde89fdef2b

SHA1
838481b9e4f1d694c948c0082e9697a5ed443ee2

SHA256
2db4a98abe705ef9bc18e69d17f91bc3f4c0f5703f9f57b41acb877100718918

SHA512
054917652829af01977e278cd0201c715b3a1280d7e43035507e4fa61c1c00c4cd7ed521c762aebd2ea2388d33c3d4d4b16cee5072d41e960021b6f38745a417

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9147\vk_swiftshader.dll
Filesize
5.0MB

MD5
418931d6324a4b9aee665db02ffa4608

SHA1
bb9e9b30d3a84bf68a0cc4f56e125b8709ca9d6c

SHA256
282726daea498983b4480a161cbdc885c76fc01fd53ab96c469a39e0e18722e5

SHA512
89cd3c3b7028c65826dd2aee6caa6752483095391861d42de554e31f946b1d49d5c40f3c94f034dcd902d2e2896a56fb563c39548cb7951c271f93387b14328c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
5173bf32ea48e4b6eb8073f107ae5939

SHA1
6313e5b4021cf7f1febeaee1b706d97267df1609

SHA256
d476bcb2fdc3fb2b6c8c675fd32415bf1c17262477d78444f95ccbb6aecb1786

SHA512
5d2154003608d90b73ee03a86da3347ada4801b9031292a14e962707a4e75a9672c28247acc62e67d9da06b17f3bff674a43a66d7e0ac8a4fd0f74fc2eacb975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
Filesize
59KB

MD5
7626aade5004330bfb65f1e1f790df0c

SHA1
97dca3e04f19cfe55b010c13f10a81ffe8b8374b

SHA256
cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e

SHA512
f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
Filesize
69KB

MD5
0ed8278b11742681d994e5f5b44b8d3d

SHA1
28711624d01da8dbd0aa4aad8629d5b0f703441e

SHA256
354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

SHA512
d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000084
Filesize
326KB

MD5
95d63330a8b80f2a3f0eb15624a8e3ca

SHA1
58b7a91f11935dc37a480714f477b5f8b2f8c86a

SHA256
87619ffaa53f40f90fe2acac7832460b8f2159f2c0335f14791a545cc0440d82

SHA512
39379c234ff05755a6ae30790d43b8d1214ebb3f27398137f3574919804512d8d0f4fdec9f1fce532c1ca42aa7ea9baafe7cafd7f83065003cb5cd4ef7842414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000085
Filesize
133KB

MD5
77dc6419c433f6454361f4f65454d58b

SHA1
3ef032b0475a8d5d2ddba8d0768822813d6b0719

SHA256
317a2b52cc09f79e8a91565b2557c78be019d080f8f7aa8b43ae5450497cbd52

SHA512
ae57e360edeed21f0b15c50b213be787caa2d48b05eb99a831ac3a3e58c07803e6f6ec6bbe844f4da86b496b0f10a21935ffb7243f142e3c94ecc789e7ffecac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
395bef4a836b93e7aebed306edc9c753

SHA1
ea463e3554d63863c3ddd2dbe7fc5bc7d8c8fe0b

SHA256
a0a05014eae963e1203b45c6ad1289556b2fb3eb4ed46e2d7971684c5b36e098

SHA512
d382f0ec5118db3b97877b504b61204b9cfd6d8b651d65d68b7feb3ed694250a605912d582bc181f50b90a60e9dff64019a5a0343959c37ab59319cec102745c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
411a06913ec25d8387cb34ff7412ae32

SHA1
b5d3dfe3cec4967e97f6282068b1e5c41907726b

SHA256
e42e09348eaa56b630fd43d4e214ea914694cc60d857ba54b327d23623876ba8

SHA512
dac6e4e0e40561a92c7b4a825efa41cfc5aa4ebe7707fc600305f1df965fe9ce88216cd8b4410b0be62f673cd947c7f51b3e5bb88084763320fc5bf6fbf3f575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
a29fa965b87bd52e0f62dc529f8edd09

SHA1
e863b1afd9411cc103f2304fe8955a86730f7ef6

SHA256
f3222cc32c706be63b690d6dfe39cee9b41322c83ca3ad44c24ecad56aa36263

SHA512
60a2f127bec15a6c67edec724d233abba25cbd2f940b0a0f652e0b391f5e92554d8a66042d00c57381c625cfba94f99d34a7626246ce29b59bcd1345e39fe881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
96bab9fe8e230f2cbbadceabae0176e0

SHA1
cab3ae3e7d8f114945c01dea5906d88f3b754382

SHA256
ae0a02a0d76931778a000a7bca7b377d12a21203aa6ef258c7469b5a32edb181

SHA512
4d9584e452c2c58371cfd12214c676119255a71c1776fad741d2e5535f5b88f7bb811fb6e1e1ce4928a8ea352395d887e1ff0a7303888ca648f3864609f98e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
600B

MD5
b8a08bd3f4d58c8f071da9906688d3f7

SHA1
13d466ff870d3025b1597bcf0bd403791c60c045

SHA256
901d93e2305bc758c13302e6467a9aaf2580213c7af7ca4ec73901eda0551060

SHA512
02ce8385f0b1bc3d88d5ea52a48325939b6efe1b771a8295238de4c71c45b6bd2d3ea96ea236fa431c96be451f586541b1a6e10702bd88174ef30f2899a6b8ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
32KB

MD5
e8b3d7798af6d5d12799fecb6967e335

SHA1
62ec17ea9af7950b64cfaf83dd64fb5a8bc6549b

SHA256
5741bc32019437f0ad857dcf854a71beccfa18d920e5d3a6410dcc22f9b4c46e

SHA512
bf28d0c8e2b7c4e9c818f3633ebc527c50f0dc84e176f2fd19d77bb6faa94397d1f6cb972018aac1e5677c8ec2e4d80620848d5bc5532f8cb1b8b409fbfbbe16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
10KB

MD5
f8545ef2172f4962020f112a495b2104

SHA1
3631ff88779eb00e1418fde3d46a05e2580fd6cb

SHA256
086abce2dfc7ca9983ba74bc9c651c4cb11d44e5c127bb535ec1dee401f96ada

SHA512
312454daae4444c4a40a138eb8baa8515637f24e78ecccd88ab7984fcdcd0fb8dddb2806894947888a330f0d74cffefaa486c8389da5d92d1a24a19ea09d46a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
545ec8e08a666d66a5b87bf5252a093c

SHA1
32ab0c3e9c9f8d9c0ecbe4228c8cb95673971da0

SHA256
fc963a4c0f35aa806a62350289ec421f266fa1a7abeb85e60b689a4093c344b5

SHA512
9ebebd2176f3f97b90d42548e39a9ed34acf408255dca19b9e1fb6ed270dd8332c0b7cf9c6588b18537338ff8cfea37b1d7efded4a4016746a8512ba2b1d427b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4c2378bea51f5f9ce6b539b7871571c9

SHA1
3b5d47b05c522ddf8c17d560f99ef70bb619c866

SHA256
638eac5c52467eda3da71c810b7ef205d72404dd4a367950f71e30f8a67e7411

SHA512
63a56ee280d312eef1bf9621f4d23d9adf2370da8e4f8ef5976f886f4d3a31141a98b6afac34fab477ac97f608cb99e4922b94f131eb37dd366e7a0d926e84e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
da9ef23453bb2c251b51643474b39a19

SHA1
4ee98e3b96f325305eea240ed5700fc8e0a9428b

SHA256
129f27dc65b88b166e31be41a9bc5d2ce97d39a7be4c3c98d14e3585cef790e7

SHA512
83ac89859954bdf146e4808ed78495731a42e7f231f8d3f8cda5bec0339e5864d42ff3b092b889a106b9c10e64f6d3b71f454ba0d2824967d334fdec87b574a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0666ddcfd336ce07ade8d64b3158f22a

SHA1
0b677e93432d9b44d7d4881d6f7941d739aa4b7b

SHA256
2858182e435d6dc7d56fa0d59de1f6c33fb2a56c5c9a9819733c00d90d6ec5af

SHA512
e8ab552b07d0777bbf22c1b78d55067b7262ab2bdc37e556c7cec0b6cbab2746ecefcf2c39dbf7a83355e98f821fb3f2d01e052bbf28788a0d6ca62b14d2953e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
2849b99e0950358d04c22d47fc4efde1

SHA1
cab7d7a5578b0e064fdf5ef4911ede48d6c81385

SHA256
249b21e5812385d76dfa32e7aa5d4948672f79dbc684d782ebbde89aac81e0d5

SHA512
589fa4aa969648e05e2212ee4fadff7658f9d82d6f8fd76204742ea2489ecf188f992aa2e10bfbcd4010292e4e26045ff5ff8d84e50b660174088a317628e36b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c4a77bce3416caa8c8841a33475ac685

SHA1
1919bc4ddd80e6094ed41ea0a626d5c8c8c05529

SHA256
6ece1e942f7f2385b89da038e7dd77c0607a2a09cd7b889ed32019b063d9186c

SHA512
1d6ed9f7f86616236eddaeac8a4de44c423e11048a4f473acfd156ec65d2096e19614be1222d35bf003ac78787e9bd80937b8ba3ab41cf90da2f4f4aa355f542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8a127205af8917118613954b48fa753c

SHA1
ba98ebc4db303a432d9ae9dbdfb67eef51fbd394

SHA256
0c97930196b20e3a37cc078d90c6a609420432d199e062ab1b81c612fe2811f5

SHA512
47086f66a1366bef5408a60bf1e12c1648c90547e475c06f4d11e57e9b8033c6976a4db26c3237e133a92555e6077e0d540ed54f35b14a71d973715e2d8fe461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
692d841cdae12ab8501316078d0acac6

SHA1
0b09e7b81cd00c4e5cc6c5f8c2ec283fe6496e46

SHA256
0f8c96710354927b69a4c8f57ab3d9bbac21304d6da2b9b18fbdef9397e4d0d5

SHA512
ca95a6e64db1e10845d718ad70517c2f933eceec25e37cee9934f64772fd67cfa04e6966a9d471637a6c2fa17072eb4577c7b6292cb496fab589bf31f5b4dccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
623724b5eed9b1254510ac965922bef2

SHA1
ecb38b9e9c19c702e9b21a60aa9736e23c45619f

SHA256
c658e568a9bdbb895b9ed31fc56c72095c010008131ed0be431b2c700acc8b66

SHA512
c0930c4ed47cc3a384d1d9acc0cb99def4023bff63b5aa1564ec23e5a16cfa226b1ce6e2f400ba378556c45577898fc687c71b3c678abbbd9dbd31bd5933efb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
cddaa59cf4ba7de5becaa6fe80f615c0

SHA1
73ce0f32e4a8de88f3ec9f2b087fc0c6c9bd5887

SHA256
ea02374b1d8e81a198b5748fa2983faddba4660161e1b2a6b657658bb506fda4

SHA512
d05dbc0c0753c32d98ced3aac42c388a41cef73d6907c85ef1873e23863220204ab7e85459979238ba0257d27c585c8a825f74c535cfd1dfd8a0b1cee383dedf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e0ec421cc8ac1e990f1d258c9fbe6136

SHA1
a4af0582f743f01431d8f5449201e63d6fcd3c62

SHA256
853dd822b844efe2c846e7ec53c2792fd82462f8081f85798bd9aaf4881e032c

SHA512
fbd20e629877e02c56c8cf881f19d43706102f98717d3c6d402ef4db52aa7fbdd03703a8ae5b5d8fef4c07449fe7017506682fbde3020ae99966f703e6cb7316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
6ccc77c046c2266131d67c64a8193fce

SHA1
fc781087c413fe31b5be13c41f4d490445f2b7a1

SHA256
2aab3de4d92864187aca9c558b8a624fbf4215de837b856e6eeec7f95015e029

SHA512
243e9df6420fbe5337780d9fb4d1cc8eaa166ab5de99e82c0f877ec3aca22076672844f588f37174b4f8d8afe8c0006b3d8362f1f510fc957dd8374252b2c59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
cba796de3bdb32921e85f83bd158ef05

SHA1
f9e46a99b8dda724b2351c1364d5135668b82402

SHA256
e7e8acace65414b1152b1a678d5eeebc2da320473608e1f4651ad608e14fe6b9

SHA512
ed820b478f248e2f65f32a3bc4ad8bd1abb5550302813861798aadd83f816ff47fac1752640fce40271a631493e8ec5035beeedf0aaae73c92745ac56178458e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
453cdbecb129dff8959d8e875b9fd27d

SHA1
15f20f0707decbabeeeed80411f54eb6cb218a6a

SHA256
d94bf79843fa70e96de06c0e43822f3ef5254d5f86a4106dfd4e3aab17183173

SHA512
b65d90c9b019dab29062cbcc49884d2ed60d46589223e2740987f84053ec79be3281916261b507e4ce4212e36f089ba4880dc1de4ae08c901848d506d1043ecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
7a087c9bdafbe9a12b8b2333e4ac67f5

SHA1
e787f0d18f50f6b52fe36e0bb630045742e0f4af

SHA256
88ebdc01823376c945bef84afb7c67b1faa657fa843892f047496f2c4a124708

SHA512
853d00390eeea032b3a5310fa0078c23760f58316d57ae7762da052367cce9725b54b95fb8ee7685e63226e0d493dc07a4002c4b79921cf95e9a50cbbf8686c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
a7a066ff47949dd0bf7adb8ef06fdbae

SHA1
7aaedc0ed191ec5aad1aed00caca3344413f80b1

SHA256
a77f08537e62807c10b7023e327f2ed17d275fbc1ecb5ab761d8025790192ad7

SHA512
dcc5d2883047864cb6070c29d6e491bf1acaae9814ea58b9feb17635fab9fc5e39b6e2f95efb12e182e6885122211da87f978202d416829eb8c298db9e719c06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
8b4a5457669047490cafbd2c00ffb7b9

SHA1
0215dddc8f098260f3b6437815fa587d04b0fd9f

SHA256
a7bf0e2791a1ac398460b2e567356cbc327b8386bde4d4777b4f041a4ac02bfe

SHA512
f1ec186f5b2bbb7d42e321ed15fea1a2b7cb52bab62b753b9a5294c0d3679c7bf02d2ed269e141a7ffb001a63c6fa10260344bce37164e5e1355c8032326d78e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
5352592ec9571963e5e2995f964e1647

SHA1
f096e6e45fd8ace83ae14dc9accd5030420a798e

SHA256
06e453f4d9d632d54317562d31b3e3ba0f20bc9f6090c16911db2ab34fd50ede

SHA512
47d453c79ee0eec22b4d08dbfd6c6d790627964d4b0c74f3b3541ddc4a79d529cf52e44812f3fcf80c08eb400e6e5d058e33dcc79724b8497ecccc82099dd4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
a33149e0fda990e3b38dedb09bf85c4a

SHA1
f9afcda1dcf89f13562be5bc66a7a4f8dc9577b4

SHA256
49908b5fb5c2e1053546265d8b6dded1c94d1b8a0a928ba5db7f20bb7b0985e5

SHA512
78bc6f2f68ce93c2c513b91184ee05227473f6a846259ff190596abf903f820b34b234aa45e26449ec376ed2a98147b2c8b0bb2e81c8801fbdd86d31c76078e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
065fd721db67154dd14aaf9b3c5380fc

SHA1
b8f7c7986d4b4e98b6ab62ec7fd32053b791dfa7

SHA256
059f1240e15d0d4e24ba88ea1aadf949e4a27623cf78f108ab6074dc8f1ab32c

SHA512
a21d499ad031827651623cd1bfe4bd734acb8c0499bd8901063aeab1fcc8da44e03380a7488dba117bfcf0dee8842c50c7ae0148577aa3b2f55d7825b86d2e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
ecc420d4be0cd061f080a6691e097a3f

SHA1
2b4391e341db22ac70170b089ea55094416fbeb8

SHA256
461670ad5426df6c5c8f1cb0beb8cf65320f4b7a2f89aac4fc0bf619d040dc78

SHA512
f18b8b4ae2e2f95b8c3303758221f74755444ba0e118c47f1c41b3297817309ba5961adc0f04975561370ebe15185cf73b44018b9a84ef85ea3bde390931f5fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
30f44b325b49ba73d74b96d22cd1bc3e

SHA1
22e4b76873507163affadae48800790218abfa7c

SHA256
4f333ccf5b9282b2b2a2d3b0280c747bb173a288dfd1fc372ee587a941f4fc88

SHA512
91c3857d8f3482660f875404ac504da5a10066d00e9319e1a029a0ab942db6ce579341120dae88e581b4e682ce9a29cbfa92f183783b5e14df7bbfd5fdce8915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
939cc3d80b2f6352b3ddae9a305c91af

SHA1
35b49c5e3e05d6794893c67b9a7ac8ea56ee6a5e

SHA256
1de93eaa76a1ca25ef6ffea7cd5da0bf382ed688435ce0a31ccad825bb0412b8

SHA512
9490f1157b601732d4e2c2f766e3cba8beba33dbd4f10316b4ba6190e8daddd2dffa01de7b181f502332cb1391643f73cb2cc2c733603ea829187180c1b9d71a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
a774537b71dd162dbb3f234132d56415

SHA1
8d1888563ee3e1d737124a0ccafc2358cb6fe329

SHA256
3cf341ed9009d7aa9188f9d400cf2d7ec5642f23d47bfcf4f3c36ddaa5295862

SHA512
1ec65630dc6ea5ee29f51c93d8386d05a276fe85a22b18c1847702ba3c262e19931fd92c33c997bf471359e9a3d13995fd2f6d69666c4a80e7e9bb311c4c9325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
1319470c68b866c40e8769f6b8cce1f8

SHA1
186d6605bc38f5da3c120866495375e63532d65d

SHA256
31331cf179b58515f4bcc645675fa7abb69ac089a9af5d50abc25a5f175b0cad

SHA512
1f13fbfb86075a99fff94577d54b0711acc473d40808d5b3722831795651d77efa16730203d552ab8fc5824a51717e9a2aa9faf46eac79f00a57f3222c43ed67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
29f515fab361a4b4edc69bc96903fdbb

SHA1
3ca01156b60615bc1eb5321606c84322a27ac79a

SHA256
9d0c470405f8742bab810dd444b48c84d6b5974b6470d597fbb1cbadd3276257

SHA512
05c2316e5775eff2f693f2219500f6be6b30982a3d5d40bc4485a4c588ee0eed4956396c68aa6a2d1969d8a0029fe9d5f40a98bd050192c59c53ff5702fa0770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
c031466b069b0881cae770ba0ae4a08a

SHA1
899de5910f7b83ac672d0bc3fe030e89d4406c06

SHA256
7adaf45d28cd9c51442f1a9963375f8647c7aedef26bf61f81a59b4459f1cdd1

SHA512
b89837387bab710475ce4ee9c163b127259f6ebb70293e15c4ec40754712423c6cebafe53a81ff74297afcd97ade10a0041fa20b0fdb797e4c134e14bb6bc30b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
88bd81d5b128da031906f6183771d271

SHA1
b72e4bb03933d16ea7b0a5ced24167e549be031b

SHA256
5f5fc623cb6c978f4d44c38c540023deb5a3d8b718304e69fd1bb0e039d5bf7e

SHA512
f4d5eb0c2c699626e10a9b0931aea4e020cdc70dc6db0ae176ceb03990b3cd4a628a6a075e84c66db7ccdcb4302f92ac77d22eea5ff42dd407558b787df8fd93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
1ac06c0adfc2bdecb1b7448b788a5c30

SHA1
cd7c3ab04e0a674354d8ca61d9794d44ccd4a00f

SHA256
cfa1c9094a55b41221971aade8d9060b0c814d28728cd0a18597936b4fe73fc4

SHA512
14e4672b98628062c6adfb6daf242cade8cd93f11b1e02ce8d94491983ffdef35722b5e56705ae44bd1e14907fa89f509c4397d8fd679e2fa954c6ffc4f4bb6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
b0c6a2b5f961c9cca32e93a5d56a10f9

SHA1
df25981c7a4e054e42577acdbb3808bbc59174fa

SHA256
cecc9142e1f21bc15557094f6f428486d8292acfd1e2c264cd4e1b91610ffdbd

SHA512
6a35c58b4bb8cf4268e68720948b738aaed3eeb6e600df18ed86a3a37697dc184c815f0b461df5a9af00babddf451eb77dd59a2b51a47febec9c2f7134cb914e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
4ae0782be243821e27ff396480a66ca0

SHA1
e029d6f784c571b66610b1cc5815ea127e42418b

SHA256
480233055d5e15dd863b37f6e1a228fbd90342c380164abd36be26240cf85e6d

SHA512
875a3b280b4b4e826da6b4c9e0b72ebcfb534c5a745b539fad16a4b9c203fc021350b7229c04b75e78977286698f44906044757c4a58b413c6b18393f9d67295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
d7c8d94fb236e2a10595ab46f9082750

SHA1
d3b56fbb191cd2d6719416975646a6c84034b03e

SHA256
6f2f8ea1dfa177b064558c6a6240a9c8501be9e5bcfd4a99b00dea14ee921c64

SHA512
480fe74cc9e0d0b2c6dcd1da2b847354d676cf02d55891d7265569f3df35825fe6ce76f3f91dbea311034ec31b099abd123ac9c9f42afc8e3c76c42a52631b73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
0e0ab7b10191686ea670e591668ad338

SHA1
ce66545e54ff92eaee445dfb28eb75b4a9c450f1

SHA256
c8110e347a2283c39e8f3764f54af4d71a0c2c79db84613ed5ef6b88bdc0c1ad

SHA512
8517f5c23183eb34f71949b2053b013d6c0be2ac1ebc20634fa2d08f95a101456602a528199ce406b03a12fe692470a533fe91f2351ecd2575cab6977e5177c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
2d21e2a550c6287d03e3bdd38b54e0cc

SHA1
b4375b6357da6e2bc9098f25381fc28190fb1109

SHA256
bd5c9ddcbbf2671a1733e7dd559e6218a56813c69a6c29b8b2f27215221c1557

SHA512
b70c64635d0b0b2b9fc79f2bcd52d20867d2c83cdc1b28475e73cc05b568cace2079d83f1acae170b72b003686feb84b79b268722aef649df3b9f90e9561116b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
240d9487487921d6f7d6d5154545b287

SHA1
73274ce3ea0f07ff27028e1e0e342aff546e52a2

SHA256
b67514a7a86d403863bd2a0840950f855b03c7466d18494797a5cb4d010b2f05

SHA512
c0c09ddfcb5ce7d58fb814892c54c3ece76fa65136977a8570dedc2cd926ac79a24544def04afabea5a4ea2e6c1a7ca40e732a2a25920650e16c471069e225df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
2040d913e2c66949293dfbb0065ca335

SHA1
ae4b333243aff1caba1e0fc2d668e313ba9f75e6

SHA256
5bb6132a0cc7d3ece38e7847498a8b5d2065ae19866c5ccdf552ed2cc1d631a3

SHA512
ffe87225062bcdfe006f27f563fb996b7b44994253ce9e90ec22aca4da6bb639188741648a5d87c4a2d1463d35b9e3bb6773ff235593e88ce3f451b46d7566dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
a6ae7b439c6e102281555b1cf0841196

SHA1
0954cad3a8d376f3fb8f2e58b0a931027d712652

SHA256
279070090c484ddf9e90caa7be02cc2a2f0a8a7767abe0e0b2ec688851a59fb4

SHA512
7bc5bf36f8241ba9f4dbda152ce93fc4986751fae23128d22739fd6311d3086d66b1df6d310f6eb9cace42bddf01ae116a10b6d2ee68b57c6727f388d4807407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
7f1b0078f34dce76a5f114b5eb8c0ff2

SHA1
96b2cdcf3294da7f788cdb94edc96984c98b1d9b

SHA256
ad67780cc0f307193916a724e195f61e343b08e2a752cf357cdd03053a8e3a97

SHA512
804178822a0df43c6e62d8611c8a8a071b05e96a98015b08e184aceb8b6035d952b6ab35d6751a2d85753b12ee8fe7503803f6046f237125a8c6d2b494d9c45e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
b059043612b8f45c4829c7f7d16a8b96

SHA1
65ec44b82c9c7422baa30056c5a020b1a238b312

SHA256
2091d40839f1807d76295d3b6960284f92d35eecc11a416f0d8469eacd2055ba

SHA512
5387327f0bcc5119a1724520685dcaf32461bda3db1bac9d5076d089ec7c047660e61157a0bfb192847e912cb6b317bf5ce4465200414495b45e6dd42db31c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
4a4a920d3d3ccd97fb9d23e070c949d8

SHA1
6fd3d6fd8fc59a5f57fd9c56f8fd4d6cec59a317

SHA256
39fce260e978257b18997f2a58e5c6592d4647260d15c32f24fda2275449239c

SHA512
d41ec5e48b54168299f7a3053f5f0710dd131d82d6fea6649ea2b6b4907f71dfc4dd5a992ceb826c4f3c7bb955ad53bab24428d11a86fdb82f002adbb65c2943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
aae001b510af82caf2e407c2e2cb0759

SHA1
febf8ef29a0898c2a8a79413b59cfb019821c94d

SHA256
9ba4611efad9f65cc636cfb8c529579c706bc348f4e3681ccd26fc3d9339258c

SHA512
5c544296e052ace702ebfb5d9ed67da35fbd36ea6eb0981460a5d7f80cd0e5733192b7bac62b0e6c8aef5e87e21637b9b269625c561a24633e6e307c43386167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
46376870264de0618bde9d4b4a67f83d

SHA1
1bbe1e4fb32112be43929c2245269cab5a8df8c2

SHA256
4eb3a378cf77f308c7c446af694e41bcc5083fd9387caefd514565c712f5d8da

SHA512
bbd2a2d06447f2a9b0eee0b9a9d7188ef6f5635e168dc454208a1dd152db85c97832aa1891b5faa5d3df71e69f04383a407302d7118b11dfe27ba569f4535749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
112115bc7256840a8adf953d1afee8a4

SHA1
cda371d63451bf685bbce8ac2d827ec48a748ddf

SHA256
212f961b6b4bbf3735fc6b604860edf7b6ac0b8c64eaa402a734ec305999bf31

SHA512
d6ee5657e7b7ac7474c8c5c280edad25dc584a150179375e61e2cf6e46d8ab50f209358179731d9c46d2425a5e2c74f81ea648eaf957d2107110ebedfe55c72d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
87aaa938877f605f02ce5c5f76da5cc0

SHA1
51b637818f57b04939e7cf5704f77f872c49ccdb

SHA256
8bf3547f7a0698df60bc0c286a4cda39f7b53b1deae4cac34dc5e958c7d26514

SHA512
bb43149d8cbf87f63fa635ec60e29b08b4bb0698949ccc9bbaa3c8c824a594b6811337940f1738259ebc8947cac9541555f24a1f7a2c2aa64a960a11e92ab1ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
95b2bffae2f21a2d7add06a78eaf2faf

SHA1
353441f186578aad3c0961122a23c206b4b0a893

SHA256
abde8e8aba891fab35f98442e0e5183780d6bdedffe9128ce88a887a55c82395

SHA512
aa9f849a5a67f49bc70cc1a7a4e439cd5a53fd4fb5fc5cf2711a9be9ca8230c3fd361263c1b1ba28c5ef55590210a7b7bf0ae041c4227c9c28ed0ccc8bc6f748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
8d27f69c0c64e33bd65bdeb1fc14fcde

SHA1
6945c3c65bcbd191c5b37655bf1dfcf9abb15334

SHA256
85055853af2adfb162ecc2c890267c6b68c080738a097e073d0ef3f22121193a

SHA512
7bbca3d4e71abc3e559b117cc3d76a1089705c9af6d6076a49f0e95cfa62ff7ba77e629479293a9aec45e3f98555696dd7cece883396118e2efe9a7f8f94d42d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
00eae79c8e5ff7a99bed8c7046338641

SHA1
e31c582333b73b775d5fd57d723ba289a14204c0

SHA256
400d9a2a41d2259bbfc8cdf3930cc98247ed5de4c94420f58eaf5a18e1809c6d

SHA512
dac038f733499728afa1e29a5b3acc83f2695463e14093ef2d4b66684a339b55437b8cdde662de99b1b7660c3e3b376eb3df8b44549e3da1e32762a55dc9c2ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
e539f20f5f05964c78138a3bd37cbfe5

SHA1
54f64c51b0091f7660d906a838ca93392b1dc26d

SHA256
37865af0d895497069372f828258cd939fe88de2417075575900655e5adc41b3

SHA512
90c8301e2af4f2fbd23be90d55ac6b464585bc50ddb459cd326bc4d99723863494ef76c2380cff19412998f42a2dd2074e91e38c5d44e19ba7a6d6c5126b6233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
e691c0b01226b1b1903e0107195a280d

SHA1
c3a168f5d538209049e1b5cedd9ace36105c1d59

SHA256
c61d3feed1b4c11fa54444ad28f6cdb9e4e0db2c76d47c417705ad379cc5faa5

SHA512
9302c643fa0bd4a928f679d39b0d5afacdf570bff5d9c664505ac636bc0c3a7e3423ee774bffe756428147b45bd3700f308eb463f833d1ff05016caba56ff2dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
655c8eceb8eec025dd321c2088b83694

SHA1
8f0218a3feeb7340c55e670a5fe9dfa527d03b3d

SHA256
b076e8a5711146526277c1334aa69c3e8f5f56ffe94a1e63d6a4468080b31708

SHA512
a91c52f4d250d7dd724ed6a444f7526d213387e4259d2caa6642f4e52283351c4b23cbee9bf9fa16fedb6ff75d6fb244b4253ae2c4f9b617a5ccf0a64fba9658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
f24a83d0ed9fbe8b88af97ef21e82459

SHA1
e1caef6172dc3c30c25c7e48ac77e24c2d6bdfd4

SHA256
4369020a6767de46a75b77911c2d43baed27471ca87340b56b80c9e5501b527c

SHA512
c32c0886c60d5dc43a41394f3cfa58f3fff25673e51c1450b06eb9f48428425268b168deab8c704925df829852f91de2a9fae008060c6821502858c20f035418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
15949d8a1323051da336649fc60c86b7

SHA1
a18c59a6a2e991de8e650130f163d40e105952b2

SHA256
7ff3e6f893a29023fd8903471c082dcaadc95e369d349a9ac40d835e6ebaa5e0

SHA512
6e32e92452c74b4b425cd28aee3e1f4d2dc48982dfda8c4a25b3767768ea7fd940b067fb2cf425e1da758b8e4f2cf45c01917bf0446507d6c70db320cdf5a9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
05503d728563ea0cec38619d3431b33d

SHA1
ec441645a513c55e60019d9af9e1a5cd2d07ebac

SHA256
7b4e36b69542e546a52063a84e15d2616dcf62855e8dafab783046b7e093230f

SHA512
a7fd726bffd0cee66c54183799238d6b7be44e9b064fe804d0e5de653daa850be03d462e690ff7620cbf5bf45df65df015fa1f29afe442ef206fa0d971d25144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
74e4c2619abc7127d7139097c830c091

SHA1
b6a66d6540347d11645ff678080434db70e1a373

SHA256
5d63a9a22774a9a73fa9dac21c69c1313efeb88f2cf7b5fbf0472818d2086a0c

SHA512
3bd34934a38b10671bed227de01a849f7722506758c6fd66dc51965caa06115a073ae125284733ccd7f971f78336d9c1518f17363a0e1da824a0856351e74b86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
f9bca9cf826d26c42a1c115bf2809259

SHA1
6045fdc286ad6755c805466f204ba4d560f93b65

SHA256
706f2a71839de7766d3a9691d056e5a75f8e165a025789b8825450a5e509a5b5

SHA512
fda873fa77fa7d08e01af484718c4fb9f7fa71b458772c73df124a908cd7f1f2df6d5d7c3a5c20d5958e5e1455328e2a8ec2cffc01bc78f3cb8068f2146a63b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
bb03f3833decd68038f9d798f166504f

SHA1
9f11db5100b3896dda04df57fbf9d568cfaf7ef4

SHA256
a3416ad16b7e606cd4598950b570f5f35dfc3e3adc3a56cbea4d7ca23fcc79cd

SHA512
e472cb39fe2240beee9066265b6b1481c78eabb350849bdeb0dcd486e4af922b9d2687ab8c6ef2a022304507fb15053a611a3a5ba7a3a12e7551a3898e85fc7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
b8fca5ecd3714b64969c9673447d59fc

SHA1
e91d7358460e6e6dea789b9114d00b606365b7fb

SHA256
1097a7042716000448926975f2c1f23f40966fd071ee34b6ec2f057d3f3fe2ea

SHA512
c238e5cc56b7b1436e7caf558a7f32be46854c4915da68f8c15b7751e15762c5064eb6ab19a61454babb2e50c0c38f9dfc1cbcca36fff7ea7589ea558422c771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
2067c340c1b6cd934040d3a57392c8a7

SHA1
98fc56eed7bea50d25af85520cabe2274908e266

SHA256
33c946f8f94e408377678fc4a4b882d27d978502ebd058e4dbbe6385cdd275c8

SHA512
a647d0017aa82c6477ea8e263213522c45a70a8a77ddda247eaf037a7fdaf15071c8c7a09548cc61a2325aa6acede924b9cd962c308fc7e29cdc0233cc7005dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\1e35c7a0-c031-4ce3-b10a-8afe39ed1119\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
Filesize
140B

MD5
e51f1f38531b2f7e1c14dc6030950148

SHA1
4a4bbc4d1e76551d6bbeb285868bce4acc0fba7f

SHA256
5d744095398be3649cf97b22d98d5eabd0d4079b3eb146ea1b7eaed61a28caf1

SHA512
f6f25015f9956378913f410af8627ac880a06fb12d64d2af479b7f09c7adb22fb850c796b91d0baf1bfcc0cebdb2291dfde82db8dfbd9fec90a9b50f8de433cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe595efe.TMP
Filesize
140B

MD5
efc1877cef269611e258971522a91b25

SHA1
cbb14b70598f2837fc1bfe7fadb673873ab7d921

SHA256
f0ceda9e7d22f72fe6bf6b3bc00bf1de211aa0eca20c52d058cf647761408f5a

SHA512
d2dcf13d4d61d36e6663e103585f86c4e2607d859113486b1df1e734bb355c8843d5538982936ad2b1c3403257f72ba4fce3792e36909374dedebfd2a683f127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\IndexedDB\indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b0f691e1-7962-4909-863c-04b32ad653a5.tmp
Filesize
10KB

MD5
f90b6c852c06fbd384f5abdfd59d75b0

SHA1
d712190482d570e76a335c1759707427914fb2d7

SHA256
e7db63e967b63af1ece914eb60cad84f1982caa798a11b4779aca5ac536bb93c

SHA512
cd54200b05f324415cd35723e346f71bb5e2558fbc3d4915c3bbdc48f318358afe3ab130e18f77833452891279f5996c68db33f2b441d12f4b2e63c727ebedb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
6a9db6f43a0fc025c97872516ab0e11a

SHA1
066351a4513b7fdd12c566d29fdf98d51ae61126

SHA256
6bf01cfa2346c4e51ac154445d4a2237eba4f4a635436a8881424576e6c52c41

SHA512
1c62b2a669b7887f6794e03d6fc69227a7563c5abf61ce857ce643120c1e44b5cd3a3dad7e38c04116586b8fffb0183aa36541e2cdcf6a1c9ef658276467674e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
d1eb6663b376fc5f19d1e81a31b296b3

SHA1
f86608cde902770f8e975974de77fdf47681f621

SHA256
cd925a1e43bb615f74698f068e6cbeebdc2a6f223707ab7d60f5c9821713c731

SHA512
dbb64a84b92541cfa3b16cf30f7d8d76a3b7714f996e01d747e25909bb90b7eabd1605ebb6a14d8a77ecaa6c4a24df8f146823ef32aea49c7ab9b0537f3d0af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
2b8288fa25043376411d1a33aa93773f

SHA1
48230d5f7ba291bf9648d4c696438f8c81d089d9

SHA256
d2159b710005cac7aa8b08c8768049fb33bf9d542748afcf3cb960a16a5f2041

SHA512
2ae07f2bd43b4202e809fb8f2c924cd0bfbffa0379d013f0928c8673ad6930a0e2e2cbea6eb92d0b84d4c52c9aaab3a73208ab0dbef5b9dc67584cacad5a8598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
055f1a7f56164e40d6dd562c655b856c

SHA1
4afa863e38ba245d475ccae15f277c7c9bad6eca

SHA256
bb445945617a532ab0b2be33d628e97d7d94291c98c10ce2c1dd4e39e6afd4b6

SHA512
3f4c3074d21237d8c21bd8fc9bb7a323aa83a3055003770f428543eb6a7c5bfa70dc387cba46b04232dae359579f21dc09774cd538058b3e31f488aa665b70c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
d960540b36a9ad16aa9520a2089dce14

SHA1
d7bc720af5baf6547b6d5d68f544524bbfe01969

SHA256
17608d824efa5cc4bc29d6ccdad0a30e347d7b77f9a4507060e1ea955069340f

SHA512
87a612c2bc3cd7dca5443210cbb97322275ef7978d717cdcaeabb0604b96c28bfb07a4060f774145d5e607610a9d4d3bfb50f0588e2017ab6228dbe5d8807997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
640KB

MD5
6e627e05a34cd28ce29519e8f1c9e7ac

SHA1
f45d54b7f7e81ebbd6ded2be000c192afcef92b9

SHA256
3c4d1aff6e0699033c49b21574aa9016cc8cc6219afbe658b7458cc3727fbd0f

SHA512
67f1c5901ec1e2a0cd87cc0d261f3a5877afe551aa7af8b8abfceb819ad5dea4dcb77d52f04e26e6d132592011e8b9d4dd6402876b9d93222727931834e86a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
Filesize
81B

MD5
79d221283c0d1389b849165306d9015e

SHA1
fcaad52b3b0d49e98d71a56aac199ed95c1301f1

SHA256
fd6682599238b669f85bd201e7803c6dd304b6b3a36ca0557b0cc92e21bfa86e

SHA512
d70e9a2d137172b45cf6a912e93a6313728003c303fd4235811fd1ec588c9a4c4f924eb9a2588825883c3a8369e5918aa11f485442ec2eacd28deb7410ff308e

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.5MB

MD5
78b7a9a33ab3c3a17336ad38f5ba9f65

SHA1
0089d32e98292c2cf7d16d98616635eac0d90508

SHA256
65c2cb5539c0957ab57281f4294cc01876285461f47847eb83304732e0cf4b1c

SHA512
53fdef293137c431729181426a47cac1ffc9855c1a7622a7f36dc750a8bafc3607ae81fdb3102f6eb1d4684ef66e2e62116b741243b39a4d8a33d2425f7f122b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\discord\12704d68-59f6-4e4a-af34-93f9286e902b.tmp
Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\discord\DawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\DawnCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\discord\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local State
Filesize
979B

MD5
53ea096080244b554e5fb464ee8c06d3

SHA1
89bb745f3d0ebccfc68d9b2499c37f2391db40ba

SHA256
ca578e5d317e685103444c28061962708d6a8366597dcbed0017ed95fbe2de5a

SHA512
fe99aaffba7b0d7f42b867f0975bb1df18a1f3993c38b123a6df269091621150a77ceb3502e13d274eb70d6386f5cacacf9b9c578b6994807da63b17812bf4a4

Download Submit
C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x64\1.0.2738.0\_metadata\verified_contents.json
Filesize
1KB

MD5
3e839ba4da1ffce29a543c5756a19bdf

SHA1
d8d84ac06c3ba27ccef221c6f188042b741d2b91

SHA256
43daa4139d3ed90f4b4635bd4d32346eb8e8528d0d5332052fcda8f7860db729

SHA512
19b085a9cfec4d6f1b87cc6bbeeb6578f9cba014704d05c9114cfb0a33b2e7729ac67499048cb33823c884517cbbdc24aa0748a9bb65e9c67714e6116365f1ab

Download Submit
C:\Users\Admin\AppData\Roaming\discord\MediaFoundationWidevineCdm\x64\1.0.2738.0\manifest.fingerprint
Filesize
66B

MD5
d30a5bbc00f7334eede0795d147b2e80

SHA1
78f3a6995856854cad0c524884f74e182f9c3c57

SHA256
a08c1bc41de319392676c7389048d8b1c7424c4b74d2f6466bcf5732b8d86642

SHA512
dacf60e959c10a3499d55dc594454858343bf6a309f22d73bdee86b676d8d0ced10e86ac95ecd78e745e8805237121a25830301680bd12bfc7122a82a885ff4b

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State
Filesize
300B

MD5
5c8a8ac58c828e843e448ec15b4e3858

SHA1
63baf7e381a46ea02f30af1e0cf63f0caee498fc

SHA256
feab36ed218abcb8839b9430c5dc3419daf56cbb92b186c27a0c9a1fddd2da9f

SHA512
521e55acacff03332263adf5921e4eb27a013447d135348c707b51d21028fad9ba481002d19545129848f3095abeb5c6a9384174939cc1258478194e02d0dfd3

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\neifaoindggfcjicffkgpmnlppeffabd_1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed
Filesize
1.1MB

MD5
f265d47475ffd3884329d92deefae504

SHA1
98c74386481f171b09cb9490281688392eefbfdd

SHA256
c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

SHA512
4fd27594c459fb1cd94a857be10f7d1d6216dbf202cd43e8a3fa395a268c72fc5f5c456c9cb314f2220d766af741db469c8bb106acbed419149a44a3b87619f1

Download Submit
C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760
Filesize
13.7MB

MD5
17c227679ab0ed29eae2192843b1802f

SHA1
cc78820a5be29fd58da8ef97f756b5331db3c13e

SHA256
d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

SHA512
7e33288afd65948a5752323441c42fcc437d7c12d1eaf7a9b6ae1995784d0771e15637f23cc6bc958e40ea870414543d67a27b4c20331fde93d5b6dc6a59cbaf

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 502343.crdownload
Filesize
4.4MB

MD5
6a4853cd0584dc90067e15afb43c4962

SHA1
ae59bbb123e98dc8379d08887f83d7e52b1b47fc

SHA256
ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

SHA512
feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

Download Submit
C:\Users\Admin\Downloads\chilledwindows.mp4
Filesize
3.6MB

MD5
698ddcaec1edcf1245807627884edf9c

SHA1
c7fcbeaa2aadffaf807c096c51fb14c47003ac20

SHA256
cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

SHA512
a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

Download Submit
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_356824127\manifest.json
Filesize
1001B

MD5
2648d437c53db54b3ebd00e64852687e

SHA1
66cfe157f4c8e17bfda15325abfef40ec6d49608

SHA256
68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806

SHA512
86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

Download Submit
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_443814050\Google.Widevine.CDM.dll
Filesize
2.7MB

MD5
477c17b6448695110b4d227664aa3c48

SHA1
949ff1136e0971a0176f6adea8adcc0dd6030f22

SHA256
cb190e7d1b002a3050705580dd51eba895a19eb09620bdd48d63085d5d88031e

SHA512
1e267b01a78be40e7a02612b331b1d9291da8e4330dea10bf786acbc69f25e0baece45fb3bafe1f4389f420ebaa62373e4f035a45e34eada6f72c7c61d2302ed

Download Submit
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping2956_443814050\manifest.json
Filesize
145B

MD5
bbc03e9c7c5944e62efc9c660b7bd2b6

SHA1
83f161e3f49b64553709994b048d9f597cde3dc6

SHA256
6cce5ad8d496bc5179fa84af8afc568eeba980d8a75058c6380b64fb42298c28

SHA512
fb80f091468a299b5209acc30edaf2001d081c22c3b30aad422cbe6fea7e5fe36a67a8e000d5dd03a30c60c30391c85fa31f3931e804c351ab0a71e9a978cc0f

Download Submit
\??\pipe\crashpad_3324_LKRFNBWAEWNPCIWB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4040-433-0x00000000051A0000-0x00000000051C0000-memory.dmp

Filesize
128KB

Download
memory/4264-167-0x0000000000100000-0x0000000000276000-memory.dmp

Filesize
1.5MB

Download
memory/4264-375-0x0000000005E50000-0x0000000005E58000-memory.dmp

Filesize
32KB

Download
memory/4264-376-0x0000000011DF0000-0x0000000011E28000-memory.dmp

Filesize
224KB

Download
memory/4264-377-0x0000000011DD0000-0x0000000011DDE000-memory.dmp

Filesize
56KB

Download
memory/5324-1294-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1293-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1291-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1290-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1283-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1296-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1295-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1280-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1281-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1282-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1284-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1285-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1286-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1287-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1288-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1289-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5324-1292-0x0000024DE5300000-0x0000024DE5302000-memory.dmp

Filesize
8KB

Download
memory/5344-1268-0x0000022A512A0000-0x0000022A512A1000-memory.dmp

Filesize
4KB

Download
memory/5344-1261-0x0000022A512A0000-0x0000022A512A1000-memory.dmp

Filesize
4KB

Download
memory/5344-1259-0x0000022A512A0000-0x0000022A512A1000-memory.dmp

Filesize
4KB

Download
memory/5344-1271-0x0000022A512A0000-0x0000022A512A1000-memory.dmp

Filesize
4KB

Download
memory/5344-1273-0x0000022A512A0000-0x0000022A512A1000-memory.dmp

Filesize
4KB

Download
memory/5344-1270-0x0000022A512A0000-0x0000022A512A1000-memory.dmp

Filesize
4KB

Download
memory/5344-1269-0x0000022A512A0000-0x0000022A512A1000-memory.dmp

Filesize
4KB

Download
memory/5344-1260-0x0000022A512A0000-0x0000022A512A1000-memory.dmp

Filesize
4KB

Download
memory/5344-1272-0x0000022A512A0000-0x0000022A512A1000-memory.dmp

Filesize
4KB

Download
memory/5344-1267-0x0000022A512A0000-0x0000022A512A1000-memory.dmp

Filesize
4KB

Download
memory/5800-1340-0x00007FFEF5AC0000-0x00007FFEF5AC1000-memory.dmp

Filesize
4KB

Download
memory/5800-1339-0x00007FFEF6820000-0x00007FFEF6821000-memory.dmp

Filesize
4KB

Download
memory/6772-2021-0x0000000021360000-0x0000000021B3A000-memory.dmp

Filesize
7.9MB

Download
memory/6832-1691-0x0000000022650000-0x0000000022E2A000-memory.dmp

Filesize
7.9MB

Download
memory/6832-1672-0x000000001C550000-0x000000001C588000-memory.dmp

Filesize
224KB

Download
memory/6832-1673-0x000000001C520000-0x000000001C52E000-memory.dmp

Filesize
56KB

Download
memory/6832-1662-0x000000001C0A0000-0x000000001C0A8000-memory.dmp

Filesize
32KB

Download
memory/6832-1650-0x0000000000650000-0x0000000000AB4000-memory.dmp

Filesize
4.4MB

Download
memory/6832-1726-0x0000000022650000-0x0000000022E2A000-memory.dmp

Filesize
7.9MB

Download