249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Analysis

max time kernel
61s
max time network
153s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BetterDiscord-Windows.exe
Size

75.1MB
MD5

43327119366e52928b9aed0c1e734389
SHA1

3777d8387fba8528b6e433a8e763df5dcd542a48
SHA256

249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697
SHA512

bda75994e6dcf5bc9e5b45d025894d62d0138a9d39c47255cd3b6b6e32f60de973da54bf85de57e8f0ca8a253bf414697c4b06e887d45dded90485ce6832e7f4
SSDEEP

1572864:DMKQ/QO4cQ0dPUnqZUPsziv5IANK+4ZYPDHdH/I1z/dHazC:DzXr50lUnqEneWlWYj21zaC

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BetterDiscord.exeBetterDiscord.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe

Executes dropped EXE 5 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid process

2400 BetterDiscord.exe
2844 BetterDiscord.exe
2596 BetterDiscord.exe
548 BetterDiscord.exe
1632 BetterDiscord.exe

pid	process
2400	BetterDiscord.exe
2844	BetterDiscord.exe
2596	BetterDiscord.exe
548	BetterDiscord.exe
1632	BetterDiscord.exe

Loads dropped DLL 19 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid	process
2880	BetterDiscord-Windows.exe
2880	BetterDiscord-Windows.exe
2880	BetterDiscord-Windows.exe
2880	BetterDiscord-Windows.exe
2400	BetterDiscord.exe
2400	BetterDiscord.exe
2844	BetterDiscord.exe
2400	BetterDiscord.exe
2596	BetterDiscord.exe
2400	BetterDiscord.exe
548	BetterDiscord.exe
2844	BetterDiscord.exe
2844	BetterDiscord.exe
2844	BetterDiscord.exe
2400	BetterDiscord.exe
1632	BetterDiscord.exe
1632	BetterDiscord.exe
1632	BetterDiscord.exe
1632	BetterDiscord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exechrome.exe

pid process

2596 BetterDiscord.exe
548 BetterDiscord.exe
1484 chrome.exe
1484 chrome.exe

pid	process
2596	BetterDiscord.exe
548	BetterDiscord.exe
1484	chrome.exe
1484	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe
Token: SeShutdownPrivilege	1484	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exe

description	pid	process	target process
PID 2880 wrote to memory of 2400	2880	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2880 wrote to memory of 2400	2880	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2880 wrote to memory of 2400	2880	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2880 wrote to memory of 2400	2880	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2844	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2596	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2596	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2596	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 2596	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 548	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 548	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 548	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 548	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 1632	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 1632	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 1632	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 1632	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 1632	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 1632	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 1632	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 1632	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 1632	2400	BetterDiscord.exe	BetterDiscord.exe
PID 2400 wrote to memory of 1632	2400	BetterDiscord.exe	BetterDiscord.exe

C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2880

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2400

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=960,4888757750941404637,11127742876006675659,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1064 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2844

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=960,4888757750941404637,11127742876006675659,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1324 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2596

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=renderer --field-trial-handle=960,4888757750941404637,11127742876006675659,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1516 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:548

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=960,4888757750941404637,11127742876006675659,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1064 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7049758,0x7fef7049768,0x7fef7049778
2⤵
PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:2
2⤵
PID:1340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:8
2⤵
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:8
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:1
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2344 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:1
2⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1412 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:2
2⤵
PID:2252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1360 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:1
2⤵
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:8
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3736 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:1
2⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:8
2⤵
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1584 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:1
2⤵
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1156 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:8
2⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3288 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:1
2⤵
PID:108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1156 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:1
2⤵
PID:2600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2676 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:8
2⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3888 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:1
2⤵
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4004 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:1
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:8
2⤵
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4320 --field-trial-handle=1256,i,16501496054291950880,1890505786194426863,131072 /prefetch:1
2⤵
PID:2192

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2456

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x188
1⤵
PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa100682e466ab447c4c748141f449e2

SHA1
384e4a606ea3f758d7546b9254e48b9c2de93dde

SHA256
85e832377c140d460a3d539148f9867144b3133184a2cbd0778b1a53688b2b0a

SHA512
848e8ae36ff68804b24db54bc203634d4cb0d1206e44ffc3c90288ed6d56d579c955bc4d7743572d583a8750ba635bf0034bb3e4522830fb73a6e56abe648fd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
777f9d2d8a2f163a1feed62f13e3e003

SHA1
701da2b732e1eccd46f5caa4da50e358ae46bb1d

SHA256
4674283dc572c0251dee8aa91409792cd232398a887c77c661d2cd0708e4b466

SHA512
a7fe9bf6e22933ac929d55c02b4c3d96705dd53f23e2b070f89d0003799ab82da7c0b043afa06cd099fa0533b38008de9aec2d2806a81933782729966dfb607a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
70KB

MD5
a600ed6ab9c2620f6faaa0d05eb209ee

SHA1
562b33ac395657fce65b589b781100959aa58b57

SHA256
6efaa10f50bfc0864aa2abe977d2012d3097442f7e5fd8c8052839f70e54683f

SHA512
0c363c5c16561a5af4fa48a14bb6911866c7beea448cd0a9b661c1127028f64d285306f5bde953dd28c51bc388170e1611a981948d36fa7d25017e1499da88ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
331KB

MD5
0bc31f947e6da5dc3fcdefb72201a8ed

SHA1
ed31ab2a59649624da08e93ba826b17e65b04d4b

SHA256
e4bcd946ff4c972ee21bd1906d19789cedcd23e768e04e3ca7364406f5dd73dd

SHA512
dc5ff0cd5334cdee558a53753aa13da5cb9f01bc811663982b4300f0639ea9124af35e0549bdcd06c8e91cdb99cc04f375175b4a462fc0b103905ac6eace9731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
106KB

MD5
a4982b79f43ab5fd0a798a872cdd8c15

SHA1
50efe93d5f8b8ce21f7cd966c20e91b5734bf67a

SHA256
da06fc7a57406d8a582dabd450154e905cfaea79cbe3b5504364b9bdfffaf3ec

SHA512
9dc72f004c1f2b243d6010f0b7d13faff584561436f2f0b01ace7405740ed3b27ecfce19452e90a1a5e206795fbd84226331a4517248e1b4d8c2487a96f9dfda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
1024KB

MD5
19f44796e221e310c3e494ba7ab921e0

SHA1
b25c51ecb209386f93c916a12dc1f797b1c5bce7

SHA256
af5a27296af8777bb13da48453cafe3cd3f988efa5ad5d1634eeca5b85875fe3

SHA512
8ab214bc6e64c4ce1ad9c8b41f5c94dc80e3a358cef2bdf495062ada2bf0294890aeee10aaba88ccefd2f1b0bdd1600854001c9af0cf4df28fa9062eb404fb62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c032b6be2c8e292fd28460c4fdaaea58

SHA1
81e5bc40f29cd371b7d4e918a47e841d57cfca5b

SHA256
2cea8d35585088f156d769b25b573e5be98b2b7662501de72ec5f10cc44fa695

SHA512
bf5bdf15434d250be115745d86b890e5ff4df983fbe8215dc76bca49f7b8a7931791b76d91cd24017aaeff9e2ef3f17097742c7123720ccec0e274576c2a60ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_tubesafari.com_0.indexeddb.leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
7306dc852998fea0311900c3504f6f03

SHA1
fda658171467d2fc55afdeb3d345968312f1a7fc

SHA256
18683fc26b1702cc91c98bda8e6f2bc65ece7684196656d41a64381db14435ea

SHA512
094ed56fc69efd15e35ab1389f88c74c21a098d0795772c179e3fcce48a9bffd012d55b037ef928e8596cad2e582cb603ab021cff963860efb02ad3d6899c848

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
1036eb19ba12c2457d31b15a4b1144f9

SHA1
f7ea521bc124f3e6ce916de0b21e39b7f59870df

SHA256
e57b6e92baf7e62196f85ee6624104a7f0d04d9a7c7a8312fb9c3eb33145e8cd

SHA512
5115dc0367d33a587e08847965f9270999e283d1ffe9a383c02d177d0c0bf0e6f92cf0b76a34939e183ffb6f03d8d48ff1e4741be57b309e64fc2a271b42b2ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
4334a45dc1fa3f60e11ceae8c80a691f

SHA1
f040df0d75c165accb7f4582a78ed4a55817d43f

SHA256
6c231736c6a8c61ad845f1d2bb1b3c734474f33ef9eac7df728c538ab5fb2d79

SHA512
60e7f23b58e25e57c3e156963bd771c578d2cc6d47b74f29f548a134675e629cbc4d9b1c9610abdfa2c2b69917d60c205df072aee249e413083f8d7aa3f7ac87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
df3c7ea80f5cd68a94eeca4af076b5e6

SHA1
79c8258f240367a8f92755d7095087a640dd63da

SHA256
02c481c30dc3b9d4900ac74fae91e94c869a7de28339a00378284e731ef9a32b

SHA512
8f589691adee45d679a2872dac60fd40eb010a05803bf901dd02a3702deec33216a314d9227ebc4f1301d17510e230bb369b629866951329329a2e1606bd1f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
d5a9f8ec2edb6c8724e7b61d31e70ae6

SHA1
84381457ec84a96d88eb55d97618d4230b532cdb

SHA256
ec558d964d0237a1daeec60d2bdf468f8e4b494f14f8c1ec3b8c29a1ee23831c

SHA512
dbbed3bd47247ee7e282db440a7ee809ec1385372b09a92d29c00f609e87d9d389e73ada24d589bb4822c8cb66fbed10bf31aae8fbd1a34dda5123b459082c7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
2f4769a6a85565f2d944c5c5951b5f75

SHA1
074bebc2d5d1ef053c8ec899b176c2f52194fecd

SHA256
cd4d695edd0e7ab85909c565a32db481661baffa85d14e7cc6feac358f2c36d1

SHA512
88c44951355c8ebd7024d06dd7e095a72154606c2a4dcc5980a3eb0aeaf4d2dab347ecabb358dcc8cdeedcca340f75084747b45aa50020338f03eaa2690e0408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5efa4a3094071d9c8ccf2fcab11a47f5

SHA1
578e0b8f968ac4c328b5d269e7b976dd63e7df2c

SHA256
802438936994c39c0e10ffde1b55fa8db106c49e197aead4327473636fc3c773

SHA512
bd0a7c5954e286f660f9b9cf746cf09087acabfdf9d1e17232d3528c055570351c3f70783b0d193598a006681b8956662f01dd8122db92ab9b2284a9bbdc1092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4220ff6448f0db226e72a56d6eea6e09

SHA1
b800ecb41f6a8ac01fa60c789ca861703e7488f3

SHA256
9a68c4d0d7590088f2abaea99345ba0093892130b1ebfc88b74d926939c1f533

SHA512
ad3bc974813b5d49b04ee28ac7ba50c7f952cea81051d0a099677d8342ac0f8dac964e204863f4d6e962073f673cab17c8a1ec8bade9f220d5b6b0aa751a4c9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7a697960e5f373069aa436b70a333418

SHA1
62d0e45ea9cb249e75b294a4b993de8c1be95909

SHA256
510801e309f343340fa017d9847d86b044987790e3389e95cb156a92b6aef1f4

SHA512
7807658812e9089723ab68df097cc0c8dfcd3b2322735995172dd9a2c3f0c427f6a2e3b348adb0caa12fdc6598356ab56cd556fbcc0ec68312b7bf9a007788e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
84958759ecfc7285a8c999d3c7a4b198

SHA1
46245d06c793f40f5e5108276017d678527a790f

SHA256
56bce8540ba1cdb9ed89362435aaec012610c6ae1059b05182efd4c5e672f3d3

SHA512
f1fe10a47541dacb24af6ed646cf5a0bbc3214bbe6de7173d120ea7df7c16d89a5ee40cfc6ed7f5b8d7efaf1d6d10030c290bad17356d15504d5b5da4328dc7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8eed608e184171cd0a46a97e23f3e3e2

SHA1
2d8caaf98f502ce9d1237f3817c0a9d4f1ad832f

SHA256
36c48d40f00d154e78f1d98c643e9635b601a72327faba099462c5c0fcafb88c

SHA512
5199b203dfab9b431f7958eb748aa046de479d9bca76e9dbd034e5e651d412e12ba6d7c3e5b23ba439dc8a111c231d31d9bc89ba15cc6d659d7eb309c1a83735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c54e543ec7b28dde22434879650e1158

SHA1
5faf2a06cd0a6be68cc2c0fa91144c9819a2cb3a

SHA256
c3045cf7ea28fdf82b8f06126fe52a91a51ae77724e1c3cbbb5e0dcd256d673c

SHA512
e63308a443e1e8f5534f6a9a4760ceb5a4f71b996f7c3211ef5c256692adf5b03a1b074b2fea8527da9bb44e0a73e7c8712c8b61b2c9ff711670a61726af509b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\974b6e34591dc8abafcdfed843ec532f23bb9b15\24a779bc-3b3e-4518-8fc9-865704a92196\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\974b6e34591dc8abafcdfed843ec532f23bb9b15\index.txt

Filesize
179B

MD5
b023d3f444d33c8a414ad62e43f47321

SHA1
a1bf20cf528c9153888675fc6858da531e6f949b

SHA256
2f57d0cecd5166260660cd55fc78d4d24de4dab4f0f19f56fc8481e0be11abf9

SHA512
b17a26955b958a95922ac7ae0e6802a4f4fe509a462cc79be804f31679ca6a32daac202796d69fef9bce434f2e30985ce06bf81e938cba226971400cdf7277e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
308KB

MD5
18e79083494346130ff31b7aeba18e18

SHA1
894d9dc49f0d6952ed2c5833f2e1ad822e0b0d22

SHA256
b5b4d2d15df395e9357dd38a4077e5b17c4a788d5c7d2ade2d56c131d8eb03e1

SHA512
5ceebd10b203ba0d168f951ba09f5e422331d5c31854b74523f1ababab6d0e666f1a12eeefbe0e9878d4d6761288c5db6a7a3d6343042eb0a09b9fbbb9aecd22

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\D3DCompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.5MB

MD5
d2cc6fc3a7b6c5bcca5fae428fe799e0

SHA1
89cba6e9195cf95a7aa993d7aaadb331392b3bda

SHA256
0d4ebdd32f016c6eb203aef4c70ad2f93fa68e5b9e92087a862b21f8133c7319

SHA512
34f7e6c49ff2a230abc7c5aeeebc5ec628f07170c4638b3bfc5897a645fa5f167c54230373a39021548e0aceba50c35ef730e4ecb454bb4d882df2d699c86736

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libegl.dll

Filesize
346KB

MD5
dccd99cb80c5022d4ed21c068d4e4ae5

SHA1
4fcdc6be313d0e3baa5168a7556df992e3364da4

SHA256
2166f8830bfbf3d574d7654bd927fe6e05fb74fb05d8e57af59c93090f6bc2a6

SHA512
02f18a691d85545a0452631b1c1e218aa5853d71937f7ae1d4f3639142399017139c1d9cb81f769754303635ce689605a7fd65765a3d8b4873603ced57925faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libglesv2.dll

Filesize
6.6MB

MD5
d36a30ef5726be3e3b3ed3f886a781a8

SHA1
0a47ed6013866aef030683e0398937013ce7fdf0

SHA256
3672e62c20b1d253ad642e155ae32ba5c1ca1f2cce37565c71a7d8aad21515dd

SHA512
8ac4adc7879cc7b0661809394e118220a350c9b8063aadf44fcecd115411fcc040ea73cb1fb2896931c34ec04b6146e5b5f7cda531249698dceb09aa1f9b4078

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources.pak

Filesize
4.9MB

MD5
91f8a4b158df6967163ccbbe765e095a

SHA1
95db67f0a2352fd898f4a4cfdfc860f6a9c58c87

SHA256
a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182

SHA512
6450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar

Filesize
1.1MB

MD5
f64750a616dcdafc38fa3fdaa966fbc5

SHA1
358b77012f4a1a9c96f6370d4f7b96ab55e302fa

SHA256
eaddb78f5f24d73c75e3f016457e79f0c1685d5add4ec5647efdcb3e5841b7b5

SHA512
46221e0b9c11674847b9de39a23effa339ece2fb15ca6036e1bc4444f0dbe1ad6ded144ed2ae511525034210842614d295f001dab64b360c97fb9e2cf3f9e984

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\images\background.png

Filesize
297B

MD5
32338b60ff8368fd431b32109eae89d2

SHA1
7a3a844f2e6371c8f3a08a142e2e792a6e77105a

SHA256
1d370406c3b0c6bfe109feb76229fd4a0fe1d4171ae2a77655a0fd3264558d2f

SHA512
be71b3dcc24cea203d59e08d8a4082dcf253eb02a971e67034f8cc0930f6af72830b1e35430cc861c08341082156585adcedcbfc788a83ec35fbd78107e20f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\license.txt

Filesize
2KB

MD5
f31549cdc3abfa48981759862a07519e

SHA1
1168fdb04883a65057168eaccb75e153aa3fe438

SHA256
267c8e6f5387fa5d54290044d30a5da427be3597fa7815c32689a533eaee8886

SHA512
f084f518eafc6a58c377c3f80d8a186d9a1d55473afc931bb913adb1fa6fd0bbbc2ba09a30ea39283cd5327079278ae7babea6a74b93a7f2d7cb48bfbba95795

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\v8_context_snapshot.bin

Filesize
161KB

MD5
d88d23551a4d7230f98fe0cbd363695b

SHA1
8e28eb4153e00aa5345bdb539b925a777588a26b

SHA256
72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

SHA512
ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab172B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar20A0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8038.tmp\splash.bmp

Filesize
564KB

MD5
ab867e66abaad50036f8dca8bcf3b63b

SHA1
ca0bd657610ce7b5b86514adde57e2b0f18a83b8

SHA256
c14a86e456f5b9783ed3e2118c9e97de6306fbd2b40cf9cd0dfb821b945c3569

SHA512
24b122fd7f8a48e03b387308e91ec1ccc6025a44f3e65404a12679ed50ce7633ce9f6c5b86efbc175cbed716478bd015e42711bd0148742f1ddeca5e3dbb1863

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\Dictionaries\en-US-9-0.bdic

Filesize
441KB

MD5
a78ad14e77147e7de3647e61964c0335

SHA1
cecc3dd41f4cea0192b24300c71e1911bd4fce45

SHA256
0d6803758ff8f87081fafd62e90f0950dfb2dd7991e9607fe76a8f92d0e893fa

SHA512
dde24d5ad50d68fc91e9e325d31e66ef8f624b6bb3a07d14ffed1104d3ab5f4ef1d7969a5cde0dfbb19cb31c506f7de97af67c2f244f7e7e8e10648ea8321101

Download Submit
\??\pipe\crashpad_1484_LDJVBYAJNJRPHOYZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\swiftshader\libEGL.dll

Filesize
366KB

MD5
c51dc7e0ca92c9a45467a202aeceebf3

SHA1
5f35ec0c4e9b7663d7467a6c5f10062479519758

SHA256
0d4015adb1b1a4996378e06c9341b19d00e3cab8d18c002197ea9311feaf5d11

SHA512
8439f2a36f0a85dbfe12e786672278c6f6250be5029313efa285f851491357e134d6c9e03b339985eb255e80988e82d37540ffaef4f358c4428f6fc6aaec9ab0

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\swiftshader\libGLESv2.dll

Filesize
2.7MB

MD5
5629b1c0102dcc1e4217276efdc60630

SHA1
ffdd7bd4131c53b0ec5725ed8a8529b4be677232

SHA256
dac51738a42514c68ec31c962e608f6ce4a5a4244b787d2ba404a6a6065d8244

SHA512
8606a5e86172ab1f8cd65927b5139658e42ccf3fa870c27c2ce2a36cdfbffd3764f2efe83d4cc76c676c89d9fede70ca643950f370bbbd0b1dc8d2df005c46cd

Download Submit
\Users\Admin\AppData\Local\Temp\nsd8038.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
\Users\Admin\AppData\Local\Temp\nsd8038.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsd8038.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
memory/2844-114-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download