68eeefd2b6980e569d198701c952a8bc7b7643809fa9c6216d2285a34d119719

Analysis

max time kernel
145s
max time network
154s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11/03/2023, 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord.Bot.Client.Setup.3.1.0.exe
Size

92.5MB
MD5

d81f9496d4d6913bc112c12ef30d303a
SHA1

7483e1df9944ee74fc53fe24950fee70f3761dcf
SHA256

68eeefd2b6980e569d198701c952a8bc7b7643809fa9c6216d2285a34d119719
SHA512

521561f4d220d0eac47b2038ceb3d06b6a902b5942f9758fb85dde35f004556391593e0de0d6fb8b51fc6cb7283924a2c1c3adb6e4a1b7d37b7d2ffc9c02a5fd
SSDEEP

1572864:9QjBsKN5d/NKnd7PdYo98s4IF4BCe2pg2zOD6DE8rMyY4xMjBsKN5d/NKDPqsHu9:9QjBZT1NKnd7PdYo9taBwy6D9MR/jBZL

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	Discord Bot Client.exe

Executes dropped EXE 5 IoCs

pid	Process
820	Discord Bot Client.exe
1724	Discord Bot Client.exe
1552	Discord Bot Client.exe
1044	Discord Bot Client.exe
904	Discord Bot Client.exe

Loads dropped DLL 27 IoCs

pid	Process
1732	Discord.Bot.Client.Setup.3.1.0.exe
1732	Discord.Bot.Client.Setup.3.1.0.exe
1732	Discord.Bot.Client.Setup.3.1.0.exe
1732	Discord.Bot.Client.Setup.3.1.0.exe
1732	Discord.Bot.Client.Setup.3.1.0.exe
1732	Discord.Bot.Client.Setup.3.1.0.exe
1732	Discord.Bot.Client.Setup.3.1.0.exe
1732	Discord.Bot.Client.Setup.3.1.0.exe
1732	Discord.Bot.Client.Setup.3.1.0.exe
1732	Discord.Bot.Client.Setup.3.1.0.exe
1732	Discord.Bot.Client.Setup.3.1.0.exe
1292	Process not Found
1292	Process not Found
1292	Process not Found
1292	Process not Found
820	Discord Bot Client.exe
1724	Discord Bot Client.exe
1724	Discord Bot Client.exe
1724	Discord Bot Client.exe
1724	Discord Bot Client.exe
1552	Discord Bot Client.exe
1292	Process not Found
1044	Discord Bot Client.exe
904	Discord Bot Client.exe
904	Discord Bot Client.exe
904	Discord Bot Client.exe
904	Discord Bot Client.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Discord Bot Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Discord Bot Client.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Discord Bot Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Discord Bot Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Discord Bot Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Discord Bot Client.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1732	Discord.Bot.Client.Setup.3.1.0.exe
1732	Discord.Bot.Client.Setup.3.1.0.exe
1732	Discord.Bot.Client.Setup.3.1.0.exe
1044	Discord Bot Client.exe
1552	Discord Bot Client.exe
820	Discord Bot Client.exe
820	Discord Bot Client.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1732	Discord.Bot.Client.Setup.3.1.0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1724	820	Discord Bot Client.exe	30
PID 820 wrote to memory of 1552	820	Discord Bot Client.exe	31
PID 820 wrote to memory of 1552	820	Discord Bot Client.exe	31
PID 820 wrote to memory of 1552	820	Discord Bot Client.exe	31
PID 820 wrote to memory of 1044	820	Discord Bot Client.exe	32
PID 820 wrote to memory of 1044	820	Discord Bot Client.exe	32
PID 820 wrote to memory of 1044	820	Discord Bot Client.exe	32
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33
PID 820 wrote to memory of 904	820	Discord Bot Client.exe	33

C:\Users\Admin\AppData\Local\Temp\Discord.Bot.Client.Setup.3.1.0.exe
"C:\Users\Admin\AppData\Local\Temp\Discord.Bot.Client.Setup.3.1.0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1732

C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe
"C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:820
- C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe
  "C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe" --type=gpu-process --field-trial-handle=1004,3693565099407678013,13151589680377938349,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1036 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1724
- C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe
  "C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe" --type=utility --field-trial-handle=1004,3693565099407678013,13151589680377938349,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1676 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:1552
- C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe
  "C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe" --type=renderer --field-trial-handle=1004,3693565099407678013,13151589680377938349,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\discord-bot-client\resources\app.asar" --no-sandbox --no-zygote --context-isolation --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1044
- C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe
  "C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe" --type=gpu-process --field-trial-handle=1004,3693565099407678013,13151589680377938349,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1036 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:904

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edea735eb58ede96d00b23ccb724e26f

SHA1
563480b6a1e95e508c64b34db2dac64766fb56c6

SHA256
9b225635126fe20e2e25d5557bb1fa9f21503f780ddf7c83ba3ca4a753d40ea3

SHA512
5d829d1973af4a64e0fa6930c1dd8906919a244212f2a2e060b49832873a36714733c9d968d41e7d275733206c7f612e666fbc7b7f95770ed9c80a1981ca9bb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34929d78e31c0cdecdc2409274771e51

SHA1
56988cb5460e15f36267012d11d92e87433ffe40

SHA256
1d449197cb4d1f1ce6fc3d633cf719d06f0bda98f86544bc5583cabe0cc5e9c3

SHA512
7f68069cd277a714523831f287445228bf6131e231e45032f3b7174ee35cc7a223c2b752567d127cc7c4eb307fbe86af822c8e70bb27bd085284fc7d418a6c74

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\D3DCompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\chrome_100_percent.pak

Filesize
175KB

MD5
7c4728b2d58afdd97c4549c96b9561cc

SHA1
1e0d251eedd67e7021fc764b9188184617465c54

SHA256
419cfcc6dc5f38b2e0c970ebd4fad1ef55054579d5c0db2521d7ae494996aac3

SHA512
82d0931e4d1cf38f88050980f518cdacdc981c382771b1732bfbe69f601074a0e7378e27a7470c7dea4e287cb1617a5c038052908ed85134abcd5b6591b4e7df

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\chrome_200_percent.pak

Filesize
312KB

MD5
6af049ad6fd11ee90ad9db31c4e02082

SHA1
5d2f9a59a74dc584b5dd78aeb6de583e969e3eb7

SHA256
edecf8e1ac353bfdae534e42507e5a59973cb4cab76fbb1ff1a470363e725bc4

SHA512
c7fa6e1a57861e62b9b4d615a988c98d13cde8abc23eaed7c36c2ecb86409da4b65b1f579ca2f307e90eb4d08d14b07f7f41ccb8d8c165d6de67c09c16009715

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\ffmpeg.dll

Filesize
2.6MB

MD5
2a446587405297638961971e31a5c9a7

SHA1
01f322b9753ac1e45b3b96ea848e6080e6657291

SHA256
98adb4e59043d1e7eae99e5535042380be0f6f7eaaf00e41abed8563975834f8

SHA512
ae0c0eac34ab6aa383fbfddbfa4acfc89e783410f77b48836b98df5e04fcc1cad4a6c8b965c420db5c85f9098b8645c03ae17eb63a91b8f304ae958803c625b8

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\icudtl.dat

Filesize
10.0MB

MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\libegl.dll

Filesize
371KB

MD5
20af285de696b1bfc0593be4c3461b1f

SHA1
78e00a44236c50dbd158a0970c3caabd4cae1fa0

SHA256
8d20d1ff33cdd11227b1ef01efd8207b4d315171be1dc7647c9fe2b777be9e1d

SHA512
5865b433b0073eb6139c689b3153ddd692eb5a23204d99f19ed92cc1d1fea7e24cdea636ef388271cbc0b8b9ac81614bc5cf1d0c2173975684f345cbac152a4f

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\libglesv2.dll

Filesize
7.5MB

MD5
b51426325e06145dbdc2337039c2a140

SHA1
e16aefd9c2d6af72e63246472a6b1507c0e41b8f

SHA256
9e2140b4e219b64e4cdab3645d5d51306d070ba60c47c88303cd76b990042274

SHA512
2991a374fc7a9ed243a25e1e5a97e729d456042bd24ae2522b6ef366eb3bdd44171beb8c3e3d8238cd531ed9a50558735c63094c3cdb4394ac407d03006a4d99

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\locales\en-US.pak

Filesize
79KB

MD5
98c8cfc3cb98ab34e06d4323b8bcb043

SHA1
2c0bda072161530b710fa0a1dfc3c23926184afe

SHA256
35adc5aeeebfe440e295b88d2a4089360ada33c353843b1f5438f4118501878b

SHA512
25edeca13b4a29f63bdc4f135eda1b1b8c72f3a58315f57895950bdc15f56b2af1aca42affe397716f5965437ece836f683265a33ec919b8b26056634612ed3c

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\resources.pak

Filesize
4.6MB

MD5
d9022282a7fbf3aa354559ab6a9c7926

SHA1
ff1f2b77d80848bc1a51e48c21a033eb57d8776c

SHA256
ddc85d749b19cbabae11a0b8f7114daf75900179a2147280dd0f9f8faee7d65c

SHA512
6b9ab157cf8e10d8a79ea2ad4e247210fe2a7fd75dab086eb55951d4e028af3060e1f42175be936c6b093abc2c3071c0fd1c45afee3c567a79e1b722fe5f5d97

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\resources\app.asar

Filesize
211KB

MD5
036507748c199b333f7e384cbe1624c5

SHA1
265e4a1f21b795f2daaac7396e99160ccee71186

SHA256
2dcfc2def35de0023d2d7e4403a27d139752f91ed5038554d9a745d231aa0195

SHA512
30685e9113caaeb33a3043d3c8be1fbf4af0c4c2caaacc5e7a8d1db1c28ff55c1c10b9078026d9ee930c473a0d5bc0ea41f7d4eeb547399aa799d82bbcf3db6b

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\swiftshader\libegl.dll

Filesize
391KB

MD5
663a38aa43c2e13044e2ed27b8e8adc8

SHA1
02239febfb419904af737a0bfb64ede8b5578b32

SHA256
78b4e800e3ee548069316412a6a0137e8103e6e25b86de2acda9d4e39e2db40b

SHA512
012843d57aae9502ad58ef244f5ea91ace41829ffeec96373d348af8130e1fa01d3e80fd133f1841d99c84a77de47f8220851184aa53a77e9b17b9a34a227cbf

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\swiftshader\libglesv2.dll

Filesize
3.6MB

MD5
a46541cf6eb3118c318226ba1bef7a98

SHA1
1e91a60cd994a6440bde2f48a007033856c0aef5

SHA256
3e484255a4ea2c8fbce03f650001a99d2a63cc78284c6b1733982ec43036e26a

SHA512
aea0f39edc5741e8fd9edf53939902cf48c9f31023df2962cb021b77ed41923c4c4a8200928ed18d94682a567c9d0625d9108ce9555fa3097bace946a8dbbe78

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\v8_context_snapshot.bin

Filesize
166KB

MD5
d9b62a61b9242c2d29da71d58421f08c

SHA1
62eb4411599dba13fe617a860096fe21a8141d0f

SHA256
9010758e1b4453957e561dfe6dd1c891400d7a0fb78097e8e67d9a8076644588

SHA512
1d0bd25bd3c5cb55e80592bc2a15ec94c31263fc518533c8f8d6434e9896f11aabeda2a8fa08601829fcb395ea5c69629ce2ded43d1f8106d982e1d21946832a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA2D7.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDAFE.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1824.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1824.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1824.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1824.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1824.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd1824.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Discord Bot Client\Network Persistent State

Filesize
334B

MD5
749cbd1afa835647b233be45dde5bfb3

SHA1
fc892fc8f70dcdb08a9fb0a544e991663d721719

SHA256
1e558fd915c50fbe9f8bac384ce72d2155912855a1d87dcff00f22c7a964c59b

SHA512
243580442586e7b4f49f4d7b3e95cae27e57752d405dd18f0c76df54283407b23f30884f4fd545d537fca8227bff1e1af43cc809d199cc7ee2fb12fb031ad4d7

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\d3dcompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\d3dcompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\ffmpeg.dll

Filesize
2.6MB

MD5
2a446587405297638961971e31a5c9a7

SHA1
01f322b9753ac1e45b3b96ea848e6080e6657291

SHA256
98adb4e59043d1e7eae99e5535042380be0f6f7eaaf00e41abed8563975834f8

SHA512
ae0c0eac34ab6aa383fbfddbfa4acfc89e783410f77b48836b98df5e04fcc1cad4a6c8b965c420db5c85f9098b8645c03ae17eb63a91b8f304ae958803c625b8

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\ffmpeg.dll

Filesize
2.6MB

MD5
2a446587405297638961971e31a5c9a7

SHA1
01f322b9753ac1e45b3b96ea848e6080e6657291

SHA256
98adb4e59043d1e7eae99e5535042380be0f6f7eaaf00e41abed8563975834f8

SHA512
ae0c0eac34ab6aa383fbfddbfa4acfc89e783410f77b48836b98df5e04fcc1cad4a6c8b965c420db5c85f9098b8645c03ae17eb63a91b8f304ae958803c625b8

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\ffmpeg.dll

Filesize
2.6MB

MD5
2a446587405297638961971e31a5c9a7

SHA1
01f322b9753ac1e45b3b96ea848e6080e6657291

SHA256
98adb4e59043d1e7eae99e5535042380be0f6f7eaaf00e41abed8563975834f8

SHA512
ae0c0eac34ab6aa383fbfddbfa4acfc89e783410f77b48836b98df5e04fcc1cad4a6c8b965c420db5c85f9098b8645c03ae17eb63a91b8f304ae958803c625b8

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\ffmpeg.dll

Filesize
2.6MB

MD5
2a446587405297638961971e31a5c9a7

SHA1
01f322b9753ac1e45b3b96ea848e6080e6657291

SHA256
98adb4e59043d1e7eae99e5535042380be0f6f7eaaf00e41abed8563975834f8

SHA512
ae0c0eac34ab6aa383fbfddbfa4acfc89e783410f77b48836b98df5e04fcc1cad4a6c8b965c420db5c85f9098b8645c03ae17eb63a91b8f304ae958803c625b8

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\ffmpeg.dll

Filesize
2.6MB

MD5
2a446587405297638961971e31a5c9a7

SHA1
01f322b9753ac1e45b3b96ea848e6080e6657291

SHA256
98adb4e59043d1e7eae99e5535042380be0f6f7eaaf00e41abed8563975834f8

SHA512
ae0c0eac34ab6aa383fbfddbfa4acfc89e783410f77b48836b98df5e04fcc1cad4a6c8b965c420db5c85f9098b8645c03ae17eb63a91b8f304ae958803c625b8

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\libEGL.dll

Filesize
371KB

MD5
20af285de696b1bfc0593be4c3461b1f

SHA1
78e00a44236c50dbd158a0970c3caabd4cae1fa0

SHA256
8d20d1ff33cdd11227b1ef01efd8207b4d315171be1dc7647c9fe2b777be9e1d

SHA512
5865b433b0073eb6139c689b3153ddd692eb5a23204d99f19ed92cc1d1fea7e24cdea636ef388271cbc0b8b9ac81614bc5cf1d0c2173975684f345cbac152a4f

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\libGLESv2.dll

Filesize
7.5MB

MD5
b51426325e06145dbdc2337039c2a140

SHA1
e16aefd9c2d6af72e63246472a6b1507c0e41b8f

SHA256
9e2140b4e219b64e4cdab3645d5d51306d070ba60c47c88303cd76b990042274

SHA512
2991a374fc7a9ed243a25e1e5a97e729d456042bd24ae2522b6ef366eb3bdd44171beb8c3e3d8238cd531ed9a50558735c63094c3cdb4394ac407d03006a4d99

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\swiftshader\libEGL.dll

Filesize
391KB

MD5
663a38aa43c2e13044e2ed27b8e8adc8

SHA1
02239febfb419904af737a0bfb64ede8b5578b32

SHA256
78b4e800e3ee548069316412a6a0137e8103e6e25b86de2acda9d4e39e2db40b

SHA512
012843d57aae9502ad58ef244f5ea91ace41829ffeec96373d348af8130e1fa01d3e80fd133f1841d99c84a77de47f8220851184aa53a77e9b17b9a34a227cbf

Download Submit
\Users\Admin\AppData\Local\Programs\discord-bot-client\swiftshader\libGLESv2.dll

Filesize
3.6MB

MD5
a46541cf6eb3118c318226ba1bef7a98

SHA1
1e91a60cd994a6440bde2f48a007033856c0aef5

SHA256
3e484255a4ea2c8fbce03f650001a99d2a63cc78284c6b1733982ec43036e26a

SHA512
aea0f39edc5741e8fd9edf53939902cf48c9f31023df2962cb021b77ed41923c4c4a8200928ed18d94682a567c9d0625d9108ce9555fa3097bace946a8dbbe78

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1824.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1824.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1824.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1824.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1824.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1824.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsd1824.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/820-358-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

Filesize
4KB

Download
memory/1724-291-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/1724-324-0x0000000077920000-0x0000000077921000-memory.dmp

Filesize
4KB

Download
memory/1732-259-0x00000000038F0000-0x00000000038F2000-memory.dmp

Filesize
8KB

Download