249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Analysis

max time kernel
101s
max time network
142s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27-08-2024 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BetterDiscord-Windows.exe
Size

75.1MB
MD5

43327119366e52928b9aed0c1e734389
SHA1

3777d8387fba8528b6e433a8e763df5dcd542a48
SHA256

249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697
SHA512

bda75994e6dcf5bc9e5b45d025894d62d0138a9d39c47255cd3b6b6e32f60de973da54bf85de57e8f0ca8a253bf414697c4b06e887d45dded90485ce6832e7f4
SSDEEP

1572864:DMKQ/QO4cQ0dPUnqZUPsziv5IANK+4ZYPDHdH/I1z/dHazC:DzXr50lUnqEneWlWYj21zaC

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Executes dropped EXE 4 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid process

3860 BetterDiscord.exe
2840 BetterDiscord.exe
5016 BetterDiscord.exe
2520 BetterDiscord.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

pid	process
3860	BetterDiscord.exe
2840	BetterDiscord.exe
5016	BetterDiscord.exe
2520	BetterDiscord.exe

Loads dropped DLL 10 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid	process
1128	BetterDiscord-Windows.exe
1128	BetterDiscord-Windows.exe
1128	BetterDiscord-Windows.exe
3860	BetterDiscord.exe
2840	BetterDiscord.exe
5016	BetterDiscord.exe
2520	BetterDiscord.exe
2840	BetterDiscord.exe
2840	BetterDiscord.exe
2840	BetterDiscord.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

BetterDiscord-Windows.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterDiscord-Windows.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterDiscord.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterDiscord.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterDiscord.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterDiscord.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133691938554121189"	chrome.exe

Modifies registry class 2 IoCs

Processes:

MiniSearchHost.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

BetterDiscord.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	BetterDiscord.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	BetterDiscord.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exechrome.exe

pid process

5016 BetterDiscord.exe
5016 BetterDiscord.exe
2520 BetterDiscord.exe
2520 BetterDiscord.exe
2488 chrome.exe
2488 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2488 chrome.exe
2488 chrome.exe
2488 chrome.exe
2488 chrome.exe

pid	process
5016	BetterDiscord.exe
5016	BetterDiscord.exe
2520	BetterDiscord.exe
2520	BetterDiscord.exe
2488	chrome.exe
2488	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

Processes:

chrome.exefirefox.exe

pid	process
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe
1632	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

MiniSearchHost.exefirefox.exe

pid process

2796 MiniSearchHost.exe
1632 firefox.exe

pid	process
2796	MiniSearchHost.exe
1632	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exechrome.exe

description	pid	process	target process
PID 1128 wrote to memory of 3860	1128	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 1128 wrote to memory of 3860	1128	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 1128 wrote to memory of 3860	1128	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2840	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 5016	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 5016	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 5016	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2520	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2520	3860	BetterDiscord.exe	BetterDiscord.exe
PID 3860 wrote to memory of 2520	3860	BetterDiscord.exe	BetterDiscord.exe
PID 2488 wrote to memory of 1348	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 1348	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 2916	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 2916	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 2916	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 2916	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 2916	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 2916	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 2916	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 2916	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 2916	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 2916	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 2916	2488	chrome.exe	chrome.exe
PID 2488 wrote to memory of 2916	2488	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1128

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:3860

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1552,4487186350036893280,12897121564639177441,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1556 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2840

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,4487186350036893280,12897121564639177441,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5016

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=renderer --field-trial-handle=1552,4487186350036893280,12897121564639177441,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1512

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffedf05cc40,0x7ffedf05cc4c,0x7ffedf05cc58
2⤵
PID:1348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,9005802018099330966,2022208322766025759,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1952 /prefetch:2
2⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1852,i,9005802018099330966,2022208322766025759,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1992 /prefetch:3
2⤵
PID:1468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,9005802018099330966,2022208322766025759,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2232 /prefetch:8
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,9005802018099330966,2022208322766025759,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
2⤵
PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,9005802018099330966,2022208322766025759,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:3104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,9005802018099330966,2022208322766025759,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3696 /prefetch:1
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,9005802018099330966,2022208322766025759,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4644 /prefetch:8
2⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4600,i,9005802018099330966,2022208322766025759,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4596 /prefetch:8
2⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4984,i,9005802018099330966,2022208322766025759,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4388 /prefetch:1
2⤵
PID:3448

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3752

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1260

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb108059-4ce1-4ca7-ab52-2e0742e88f4f} 1632 "\\.\pipe\gecko-crash-server-pipe.1632" gpu
3⤵
PID:3452

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2360 -parentBuildID 20240401114208 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79918ff6-183c-4c14-b89a-43d4f9258c2d} 1632 "\\.\pipe\gecko-crash-server-pipe.1632" socket
3⤵
- Checks processor information in registry
PID:2476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3092 -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3044 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {434f8a6c-6664-4042-9f5e-040413d3a56c} 1632 "\\.\pipe\gecko-crash-server-pipe.1632" tab
3⤵
PID:2460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3404 -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 3412 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a77a8800-56e5-4a31-ab00-e28883c21a67} 1632 "\\.\pipe\gecko-crash-server-pipe.1632" tab
3⤵
PID:4436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4580 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4572 -prefMapHandle 4564 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6934ef75-caa6-42a1-8f26-338a477a812e} 1632 "\\.\pipe\gecko-crash-server-pipe.1632" utility
3⤵
- Checks processor information in registry
PID:700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 3 -isForBrowser -prefsHandle 5348 -prefMapHandle 5364 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dc795d4-f844-49ed-9f11-4b5bac6d84de} 1632 "\\.\pipe\gecko-crash-server-pipe.1632" tab
3⤵
PID:3232

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5356 -childID 4 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e9aff4c-70fa-4c87-8986-e6a1cc2b348f} 1632 "\\.\pipe\gecko-crash-server-pipe.1632" tab
3⤵
PID:4536

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 5 -isForBrowser -prefsHandle 5684 -prefMapHandle 5692 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13b6dd03-e42a-49ec-ab4a-0834c95f3aa3} 1632 "\\.\pipe\gecko-crash-server-pipe.1632" tab
3⤵
PID:3092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6140 -childID 6 -isForBrowser -prefsHandle 6132 -prefMapHandle 6128 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6d3f8a0-cbc9-47de-807f-1d52b542cd0c} 1632 "\\.\pipe\gecko-crash-server-pipe.1632" tab
3⤵
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0f76b6523f24b16fb03b327ade46fa20

SHA1
7a4f99d0e34852cbd2844eace1c8ab0d5b935fa1

SHA256
23aeb21519df890aaddcd0833b9baf7b99e98a2d45351a456d9e6e921c0defc7

SHA512
7959a674c6f5be82a3e26220bdaa3b24c127d75b84c377f8769e158fa1ad5722650dc6730c9d4bfd0daa91461b1581a4dd2fe1417876ef8633fe5027f21f58e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
6ab0c80282d65f711454c0e78715ecc2

SHA1
6f3fcf5b5917b5989fd8b2e1af7f81c43e16c949

SHA256
a9b11ede653acfa014a7f60ead8fbf4517a1342cf6a1254fba310389c5d39f1b

SHA512
0bc755684c3b943c4457d7c47c9165224f4adbc291279a1b7e5a63a2e36c7b2914a8d211b448b04c3ec59b837379957f6dc4fa8802187ce77f617785b6ebb26a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9682b6ab6bd68430d7ca1ead48f624c2

SHA1
a42c7a9f3536f31a8b098b00d9d8d841223c7e77

SHA256
8d52c6126dfb705eb6c850a25ad04dcb7bc6be833f249204b00f8c5858fbaeea

SHA512
1e63392260da5b529db629fcf4fcf9d3df4f10394124cae529c852d50c4446383514564b7936250ad64fd4abc2da70553e7cf9950de9e278c32e30efc3e0f290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
fcfe4a05ee4c24ff6200341f8b7c1346

SHA1
6bcb1998e3357f532a606479f70d75066b16c60d

SHA256
c1a2ce6c58c4112e8e3711d053388a50fea4a36e89351627bdb18908f4ab4155

SHA512
cd3b3836472e67b1edf7769925e93a5fc76b9002caeeb58820dd2bcf89befd2dbbfe8452b06e769a3e704a0032bba6bd26cea93b9b5edf71c632c75d61ee9b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2ceccacad5cc2a4d7226cd1e220a558d

SHA1
8ef3575f7aca2bafeb4cd1b32535ec6e7fa58c84

SHA256
132c8a54ec5a6a92678e3f0e30ddd38d7f9a96e0d7c71a9f5610803ab8ca1cb8

SHA512
c40a0140067b86be3cf5c5e0a8d84ee893a8afe21b4bc281e9a04a9e6405f66c39425c392331d0a3fea7b5dd710805b6fd78dd1a07ad2f361021cb0f460da62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5b44b22f1efa0b7d0da7b780d4220b7e

SHA1
d0e3fb4f893b30b6a5e0a5f5bda4fcc4d08aa91e

SHA256
1459b9a35445159a68ed73a6a07fbef350f89b1c9dac6bb8bb8282834a9a90d7

SHA512
14e9b234625ce7f87129e631222916fe5e8533b36cdd5c64509dbc757ff4e7c758c1fc62355672125638e2f93d59704331156057a56a9d9125757c02036b4cb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00ba4fc3ea76a0209b253faacf852824

SHA1
842d7caed7a2bf3f9711d3b2d729f09d1118a414

SHA256
a97d2f7edc3762782957ff76a59915b81f928ddb1540acf9be3125a1c72fb529

SHA512
7987b424359cc51a6747854ac12f52578fe81c532a9c470cb556d65de5978b655d1f0bb879146e19290d44d9af2af1f8d79f12fd7f5064067829370b5e851a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a1d332b6e409d171a6faa75899b997b

SHA1
f2d90b2d53b4a9e3b9709ad971c63cf8c852a07e

SHA256
7ffe2473c40bdd1fb0b495f62921d86e1e731740326fd24bc6f7dd56f92b9eea

SHA512
63243097e514200b235d751c21a5b83e3842f56aafe8f05ba1ec8a5f9fc07329481e13eade4f5b071d8fa1dad01395150f49ea0744e8f28a45a9cff4257ffab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7192310c937744dac374a06902663d7

SHA1
b7aeed8105d7d496979c7857e3ac02c748167332

SHA256
5d82aef91692bbd5c46601bd2281a988a3e36256c28babd8e066e5082a3802c5

SHA512
f4050b35f312be4fdaf267d58d8cad0cabd2d7001b1dfec875540273a938f0343ddfa3c6e95b234bfd202bad388a920f25c0a238e069e21532a8ec7ed1e2429a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e54cf6afe0886310931c4d02d8d9900

SHA1
38280c217d768baaceb10a686ea32df828b835c3

SHA256
0a7358d1dd91c6f81ae4716e3f03898d7b451f5acb5939d0207d32d3afb0d4d2

SHA512
6dd2aa1bab764bd051978c633773f3bdb0e965ae76066898aee5b083fbcbf8e627b7fe2f7790f0f03e1552648b437989cb8764881d81d2d82437655b2ef75eae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ec3bf780d558aad217e521f5c02a0016

SHA1
37ae6a490b09fada21ded3fb5ccd64ede4f807bf

SHA256
57521fcbae1f01ccca8af5b7c1bc1c7ae64c820a5d774128af1a492e4a221ea5

SHA512
55b3e4bdd7c9a0cac5f29cd01f726999193b2a8aa751dc3d6cda74a6415cacc79c7f116afad39af4d8484e962f53b1b5673ddedd1a49792d41c4ab40353cbd47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
efbaff43163806ec46294f37226a6d28

SHA1
d55ef61aa001cfbd71eeadb72a3f7de25bf1ef53

SHA256
c36743f844d5d6f60f7fb2c520ec84a3fd59914aca8c037707c23ee5b593144d

SHA512
a8d23fdd5fb03abcbd5c088a9681f21a6e794a19a187ac02952f3fdda443e62d87b1b1067f388e3e94da9e775ef648f659b824274140dd80e02f44b729af567c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
d851f50ebe9105d0b90dc1595f808c62

SHA1
38b58aee5479af8e04dd8821aeddd2e02c21a187

SHA256
836fd79fa873713d145c42e63bc6ba5bf3746e945afe2a340d937b29c515b53d

SHA512
0e2b6b8ad10b53b5b30925a190bb4a2f7d9c6d6551694277fe95fb7a6aa80260be739d7f584239bf5d615cffa6994f5e8ab7a3678a8c6c92687c1bdd4ce5bc61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\cache2\entries\83E3BDEEE2656890431C3484D2DFAC5D44936E89

Filesize
32KB

MD5
334e7b19f72c8f25babdc5363af58327

SHA1
dd25f905a1a45bb7d6dd6284fabae6df720dbfe5

SHA256
8d6dc237ede0663818e73c56e8da8bdb970136b67fa0716348573fffb6210959

SHA512
8f708ec47aea8c97693ee87a4ab888c8e8f5d4280cc300b1fc31323301f1181fbf103bad7964ed11206fbfca19203c6db914104f5d202544e8cc9d836385b669

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
a73ea6e1db27acedbe4055c448f82ef7

SHA1
01769a266d26c4b4b374099606e86b8874ddd55f

SHA256
c3059c62596021e555ec7901361fcde75078ad931bcac6027539930bef8b77d9

SHA512
f9cfe99077e40ac3ff11ab39020d6e159ec06cf50f9b1d156858198d48851d29de8882a18609a17dd30ddea421c6c415683b8d7b14fa30a51ddd1cd76032deb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\d3dcompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.5MB

MD5
d2cc6fc3a7b6c5bcca5fae428fe799e0

SHA1
89cba6e9195cf95a7aa993d7aaadb331392b3bda

SHA256
0d4ebdd32f016c6eb203aef4c70ad2f93fa68e5b9e92087a862b21f8133c7319

SHA512
34f7e6c49ff2a230abc7c5aeeebc5ec628f07170c4638b3bfc5897a645fa5f167c54230373a39021548e0aceba50c35ef730e4ecb454bb4d882df2d699c86736

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libEGL.dll

Filesize
346KB

MD5
dccd99cb80c5022d4ed21c068d4e4ae5

SHA1
4fcdc6be313d0e3baa5168a7556df992e3364da4

SHA256
2166f8830bfbf3d574d7654bd927fe6e05fb74fb05d8e57af59c93090f6bc2a6

SHA512
02f18a691d85545a0452631b1c1e218aa5853d71937f7ae1d4f3639142399017139c1d9cb81f769754303635ce689605a7fd65765a3d8b4873603ced57925faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libGLESv2.dll

Filesize
6.6MB

MD5
d36a30ef5726be3e3b3ed3f886a781a8

SHA1
0a47ed6013866aef030683e0398937013ce7fdf0

SHA256
3672e62c20b1d253ad642e155ae32ba5c1ca1f2cce37565c71a7d8aad21515dd

SHA512
8ac4adc7879cc7b0661809394e118220a350c9b8063aadf44fcecd115411fcc040ea73cb1fb2896931c34ec04b6146e5b5f7cda531249698dceb09aa1f9b4078

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources.pak

Filesize
4.9MB

MD5
91f8a4b158df6967163ccbbe765e095a

SHA1
95db67f0a2352fd898f4a4cfdfc860f6a9c58c87

SHA256
a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182

SHA512
6450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar

Filesize
1.1MB

MD5
f64750a616dcdafc38fa3fdaa966fbc5

SHA1
358b77012f4a1a9c96f6370d4f7b96ab55e302fa

SHA256
eaddb78f5f24d73c75e3f016457e79f0c1685d5add4ec5647efdcb3e5841b7b5

SHA512
46221e0b9c11674847b9de39a23effa339ece2fb15ca6036e1bc4444f0dbe1ad6ded144ed2ae511525034210842614d295f001dab64b360c97fb9e2cf3f9e984

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\images\background.png

Filesize
297B

MD5
32338b60ff8368fd431b32109eae89d2

SHA1
7a3a844f2e6371c8f3a08a142e2e792a6e77105a

SHA256
1d370406c3b0c6bfe109feb76229fd4a0fe1d4171ae2a77655a0fd3264558d2f

SHA512
be71b3dcc24cea203d59e08d8a4082dcf253eb02a971e67034f8cc0930f6af72830b1e35430cc861c08341082156585adcedcbfc788a83ec35fbd78107e20f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\license.txt

Filesize
2KB

MD5
f31549cdc3abfa48981759862a07519e

SHA1
1168fdb04883a65057168eaccb75e153aa3fe438

SHA256
267c8e6f5387fa5d54290044d30a5da427be3597fa7815c32689a533eaee8886

SHA512
f084f518eafc6a58c377c3f80d8a186d9a1d55473afc931bb913adb1fa6fd0bbbc2ba09a30ea39283cd5327079278ae7babea6a74b93a7f2d7cb48bfbba95795

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\v8_context_snapshot.bin

Filesize
161KB

MD5
d88d23551a4d7230f98fe0cbd363695b

SHA1
8e28eb4153e00aa5345bdb539b925a777588a26b

SHA256
72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

SHA512
ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8CA1.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8CA1.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8CA1.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss8CA1.tmp\splash.bmp

Filesize
564KB

MD5
ab867e66abaad50036f8dca8bcf3b63b

SHA1
ca0bd657610ce7b5b86514adde57e2b0f18a83b8

SHA256
c14a86e456f5b9783ed3e2118c9e97de6306fbd2b40cf9cd0dfb821b945c3569

SHA512
24b122fd7f8a48e03b387308e91ec1ccc6025a44f3e65404a12679ed50ce7633ce9f6c5b86efbc175cbed716478bd015e42711bd0148742f1ddeca5e3dbb1863

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin

Filesize
8KB

MD5
07fb9ac672f1634c48974a3029ae3076

SHA1
54bf601555f37e623a04286cfaf2286d318eacc0

SHA256
f4a742c0ac4f9898e2ac4f16f4c7ed01e5db16320b5a5c9fd1c8ca19ed6138dc

SHA512
b69a9d44bdd89528ab7d97f439496cb4a1d00a7f839d1d213e1e0cbca01c7be649d69f1390028c718c5a21cbdc8b625bbd23938251fb40d8e0c3db869ec1496d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
f732854f003dd8c5e6580f15d5d7bc0e

SHA1
4f1795ab90710ce2df8445606da9180efde35b9c

SHA256
a2b9f92c08847dc621f9c95b66b0a67d885a3b209e1d293de8415fdf01b6af10

SHA512
5d4a32d0024a304c72ae38ecea61a99077956e433f91240dd9703ded2f83daec2b0799c2d3d20ef62c589767175f2ab3ce68400f74feaf98518938439e866c6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
e1d430a6017cecf974c7ac27d6803a8a

SHA1
0c0250769b0a326fc8af749e5a0aac904a35c62b

SHA256
23599999d8e28a57fbeee21320f6bb9dd3204a834c2110593379922a43230a73

SHA512
ca13c63c0d7cca10f24c35be129a2a6236ed3e4b8931975d30026d722d73600c111b1676f4bd848a489b6f2a0e888fbcd2ee3f2e305df8f8b1edb520b9ac646e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
b6c88e61605ee582786ed365997d168e

SHA1
8b8e5586507008754a12c1aee4cec26d404099da

SHA256
febb8961e41a330e4cc0061cd6f0cd50e56698adb170040288a8631363f73764

SHA512
943b185b1e1ddadea31a887a058129ac2441462386837ef20e23db10e275a2b413d0aae0e66fd2ec79162bd5d48230b3c163b6f404613277beb2dab89a4e1325

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
59e252395f0b6708035d9521124f93b7

SHA1
d059be251c5c1aab5fb72e87ae152362876c70f1

SHA256
78ea44e595e8f3026202149581fa92f8bd4f70141bfa2cc7b666970a45aa1358

SHA512
8d12c4fe78b355cc8d126539941516f889a794f040f06a54a9e62a7ef1b96d67c499a2d889a4c4118e101e057afe1fbff9be0a6ded8fcb828928d13041b791f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\1534d4e2-8cf1-45a5-a9dd-d3344e76f52f

Filesize
982B

MD5
c28bcc2c2472bf548d24406d81eace2e

SHA1
42083db43fb491eedc0c3880dfa9476a339a21ca

SHA256
dfd354a98dc0b8aebcc8b768db4927300fdef655d85b8d0c132cec35f9328853

SHA512
c11933e127967ff5c3b605b76c83ae0658b9b939f4b32f37531396eb78607c118739de02496cdeb77c1bbafb4c57fcf7eff60e8d8ac4572acd4db89c066b74e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\4e049e81-74b3-42e6-acac-60bd6c2fa8dc

Filesize
659B

MD5
ebd7436ab8e5fe37b074b73886fb9081

SHA1
224536c2c36674e3d19e8067bcd51c852d12c4eb

SHA256
a4d884730c9a57f9147237b90cb56f4b498373f52689d15e40b14f7b93663c08

SHA512
fdbe066abdcb2d22fbf0a13cc3212e341bb059db2760a63ebbd08ca4f9c97ded860e0216123c565cd3e92485cd1b18d42daa42175ab0f97747312f39cc0eea31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js

Filesize
11KB

MD5
2a430b27d43fce66d9a27feb57307208

SHA1
5aa1bc85f7c0e45d8b46b52e3b13551c104c1cba

SHA256
44c4b11bcf6e9e01480298bb966d9f8fabad23a4809ed4cc306ca5ee27d5c8ea

SHA512
e3589a4b8572dac3b26bad9d43b55bda50444329a16698e7d68c0a7f11e37d96f522b7db4e44b402db4145b948cd2f57bf7c20dea534ac3586207012ea287b21

Download Submit
\??\pipe\crashpad_2488_UVJDQQNPCDLUGJSU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit