68eeefd2b6980e569d198701c952a8bc7b7643809fa9c6216d2285a34d119719

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2023, 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord.Bot.Client.Setup.3.1.0.exe
Size

92.5MB
MD5

d81f9496d4d6913bc112c12ef30d303a
SHA1

7483e1df9944ee74fc53fe24950fee70f3761dcf
SHA256

68eeefd2b6980e569d198701c952a8bc7b7643809fa9c6216d2285a34d119719
SHA512

521561f4d220d0eac47b2038ceb3d06b6a902b5942f9758fb85dde35f004556391593e0de0d6fb8b51fc6cb7283924a2c1c3adb6e4a1b7d37b7d2ffc9c02a5fd
SSDEEP

1572864:9QjBsKN5d/NKnd7PdYo98s4IF4BCe2pg2zOD6DE8rMyY4xMjBsKN5d/NKDPqsHu9:9QjBZT1NKnd7PdYo9taBwy6D9MR/jBZL

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Discord Bot Client.exe

Executes dropped EXE 5 IoCs

pid	Process
2036	Discord Bot Client.exe
1672	Discord Bot Client.exe
2880	Discord Bot Client.exe
4160	Discord Bot Client.exe
944	Discord Bot Client.exe

Loads dropped DLL 18 IoCs

pid	Process
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
2036	Discord Bot Client.exe
1672	Discord Bot Client.exe
2880	Discord Bot Client.exe
1672	Discord Bot Client.exe
1672	Discord Bot Client.exe
1672	Discord Bot Client.exe
4160	Discord Bot Client.exe
944	Discord Bot Client.exe
944	Discord Bot Client.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Discord Bot Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Discord Bot Client.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Discord Bot Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Discord Bot Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Discord Bot Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Discord Bot Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Discord Bot Client.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Discord Bot Client.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
4576	Discord.Bot.Client.Setup.3.1.0.exe
4160	Discord Bot Client.exe
4160	Discord Bot Client.exe
2880	Discord Bot Client.exe
2880	Discord Bot Client.exe
944	Discord Bot Client.exe
944	Discord Bot Client.exe
944	Discord Bot Client.exe
944	Discord Bot Client.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4576	Discord.Bot.Client.Setup.3.1.0.exe

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 1672	2036	Discord Bot Client.exe	96
PID 2036 wrote to memory of 2880	2036	Discord Bot Client.exe	98
PID 2036 wrote to memory of 2880	2036	Discord Bot Client.exe	98
PID 2036 wrote to memory of 4160	2036	Discord Bot Client.exe	99
PID 2036 wrote to memory of 4160	2036	Discord Bot Client.exe	99
PID 2036 wrote to memory of 944	2036	Discord Bot Client.exe	110
PID 2036 wrote to memory of 944	2036	Discord Bot Client.exe	110

C:\Users\Admin\AppData\Local\Temp\Discord.Bot.Client.Setup.3.1.0.exe
"C:\Users\Admin\AppData\Local\Temp\Discord.Bot.Client.Setup.3.1.0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4576

C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe
"C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe
  "C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe" --type=gpu-process --field-trial-handle=1684,2990755355434771482,17808088374615163196,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1672
- C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe
  "C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe" --type=utility --field-trial-handle=1684,2990755355434771482,17808088374615163196,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2360 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe
  "C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe" --type=renderer --field-trial-handle=1684,2990755355434771482,17808088374615163196,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\discord-bot-client\resources\app.asar" --no-sandbox --no-zygote --context-isolation --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4160
- C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe
  "C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe" --type=gpu-process --field-trial-handle=1684,2990755355434771482,17808088374615163196,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAEAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1616 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1172

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\discord-bot-client\D3DCompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\Discord Bot Client.exe

Filesize
105.6MB

MD5
0ddf9b2cf944f96777827b6dfe86998c

SHA1
eb1d18ef61d7c0b675462ec75552430d09555555

SHA256
85a919986079c9f6be24770e06c635a16ddf1074b546bcfddfc7edc5c044be95

SHA512
80226dc07a924d8f1897bcd3ee843b5a3d398bf209c91dcad0ba98b7f28a5dd3c4e3304bb32551c24a8919625896ba8aab8a58b0bef3f1eb7a6c342d7dbd1616

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\chrome_100_percent.pak

Filesize
175KB

MD5
7c4728b2d58afdd97c4549c96b9561cc

SHA1
1e0d251eedd67e7021fc764b9188184617465c54

SHA256
419cfcc6dc5f38b2e0c970ebd4fad1ef55054579d5c0db2521d7ae494996aac3

SHA512
82d0931e4d1cf38f88050980f518cdacdc981c382771b1732bfbe69f601074a0e7378e27a7470c7dea4e287cb1617a5c038052908ed85134abcd5b6591b4e7df

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\chrome_200_percent.pak

Filesize
312KB

MD5
6af049ad6fd11ee90ad9db31c4e02082

SHA1
5d2f9a59a74dc584b5dd78aeb6de583e969e3eb7

SHA256
edecf8e1ac353bfdae534e42507e5a59973cb4cab76fbb1ff1a470363e725bc4

SHA512
c7fa6e1a57861e62b9b4d615a988c98d13cde8abc23eaed7c36c2ecb86409da4b65b1f579ca2f307e90eb4d08d14b07f7f41ccb8d8c165d6de67c09c16009715

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\d3dcompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\ffmpeg.dll

Filesize
2.6MB

MD5
2a446587405297638961971e31a5c9a7

SHA1
01f322b9753ac1e45b3b96ea848e6080e6657291

SHA256
98adb4e59043d1e7eae99e5535042380be0f6f7eaaf00e41abed8563975834f8

SHA512
ae0c0eac34ab6aa383fbfddbfa4acfc89e783410f77b48836b98df5e04fcc1cad4a6c8b965c420db5c85f9098b8645c03ae17eb63a91b8f304ae958803c625b8

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\ffmpeg.dll

Filesize
2.6MB

MD5
2a446587405297638961971e31a5c9a7

SHA1
01f322b9753ac1e45b3b96ea848e6080e6657291

SHA256
98adb4e59043d1e7eae99e5535042380be0f6f7eaaf00e41abed8563975834f8

SHA512
ae0c0eac34ab6aa383fbfddbfa4acfc89e783410f77b48836b98df5e04fcc1cad4a6c8b965c420db5c85f9098b8645c03ae17eb63a91b8f304ae958803c625b8

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\ffmpeg.dll

Filesize
2.6MB

MD5
2a446587405297638961971e31a5c9a7

SHA1
01f322b9753ac1e45b3b96ea848e6080e6657291

SHA256
98adb4e59043d1e7eae99e5535042380be0f6f7eaaf00e41abed8563975834f8

SHA512
ae0c0eac34ab6aa383fbfddbfa4acfc89e783410f77b48836b98df5e04fcc1cad4a6c8b965c420db5c85f9098b8645c03ae17eb63a91b8f304ae958803c625b8

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\ffmpeg.dll

Filesize
2.6MB

MD5
2a446587405297638961971e31a5c9a7

SHA1
01f322b9753ac1e45b3b96ea848e6080e6657291

SHA256
98adb4e59043d1e7eae99e5535042380be0f6f7eaaf00e41abed8563975834f8

SHA512
ae0c0eac34ab6aa383fbfddbfa4acfc89e783410f77b48836b98df5e04fcc1cad4a6c8b965c420db5c85f9098b8645c03ae17eb63a91b8f304ae958803c625b8

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\ffmpeg.dll

Filesize
2.6MB

MD5
2a446587405297638961971e31a5c9a7

SHA1
01f322b9753ac1e45b3b96ea848e6080e6657291

SHA256
98adb4e59043d1e7eae99e5535042380be0f6f7eaaf00e41abed8563975834f8

SHA512
ae0c0eac34ab6aa383fbfddbfa4acfc89e783410f77b48836b98df5e04fcc1cad4a6c8b965c420db5c85f9098b8645c03ae17eb63a91b8f304ae958803c625b8

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\ffmpeg.dll

Filesize
2.6MB

MD5
2a446587405297638961971e31a5c9a7

SHA1
01f322b9753ac1e45b3b96ea848e6080e6657291

SHA256
98adb4e59043d1e7eae99e5535042380be0f6f7eaaf00e41abed8563975834f8

SHA512
ae0c0eac34ab6aa383fbfddbfa4acfc89e783410f77b48836b98df5e04fcc1cad4a6c8b965c420db5c85f9098b8645c03ae17eb63a91b8f304ae958803c625b8

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\icudtl.dat

Filesize
10.0MB

MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\locales\en-US.pak

Filesize
79KB

MD5
98c8cfc3cb98ab34e06d4323b8bcb043

SHA1
2c0bda072161530b710fa0a1dfc3c23926184afe

SHA256
35adc5aeeebfe440e295b88d2a4089360ada33c353843b1f5438f4118501878b

SHA512
25edeca13b4a29f63bdc4f135eda1b1b8c72f3a58315f57895950bdc15f56b2af1aca42affe397716f5965437ece836f683265a33ec919b8b26056634612ed3c

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\resources.pak

Filesize
4.6MB

MD5
d9022282a7fbf3aa354559ab6a9c7926

SHA1
ff1f2b77d80848bc1a51e48c21a033eb57d8776c

SHA256
ddc85d749b19cbabae11a0b8f7114daf75900179a2147280dd0f9f8faee7d65c

SHA512
6b9ab157cf8e10d8a79ea2ad4e247210fe2a7fd75dab086eb55951d4e028af3060e1f42175be936c6b093abc2c3071c0fd1c45afee3c567a79e1b722fe5f5d97

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\resources\app.asar

Filesize
211KB

MD5
036507748c199b333f7e384cbe1624c5

SHA1
265e4a1f21b795f2daaac7396e99160ccee71186

SHA256
2dcfc2def35de0023d2d7e4403a27d139752f91ed5038554d9a745d231aa0195

SHA512
30685e9113caaeb33a3043d3c8be1fbf4af0c4c2caaacc5e7a8d1db1c28ff55c1c10b9078026d9ee930c473a0d5bc0ea41f7d4eeb547399aa799d82bbcf3db6b

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\swiftshader\libEGL.dll

Filesize
391KB

MD5
663a38aa43c2e13044e2ed27b8e8adc8

SHA1
02239febfb419904af737a0bfb64ede8b5578b32

SHA256
78b4e800e3ee548069316412a6a0137e8103e6e25b86de2acda9d4e39e2db40b

SHA512
012843d57aae9502ad58ef244f5ea91ace41829ffeec96373d348af8130e1fa01d3e80fd133f1841d99c84a77de47f8220851184aa53a77e9b17b9a34a227cbf

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\swiftshader\libGLESv2.dll

Filesize
3.6MB

MD5
a46541cf6eb3118c318226ba1bef7a98

SHA1
1e91a60cd994a6440bde2f48a007033856c0aef5

SHA256
3e484255a4ea2c8fbce03f650001a99d2a63cc78284c6b1733982ec43036e26a

SHA512
aea0f39edc5741e8fd9edf53939902cf48c9f31023df2962cb021b77ed41923c4c4a8200928ed18d94682a567c9d0625d9108ce9555fa3097bace946a8dbbe78

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\swiftshader\libegl.dll

Filesize
391KB

MD5
663a38aa43c2e13044e2ed27b8e8adc8

SHA1
02239febfb419904af737a0bfb64ede8b5578b32

SHA256
78b4e800e3ee548069316412a6a0137e8103e6e25b86de2acda9d4e39e2db40b

SHA512
012843d57aae9502ad58ef244f5ea91ace41829ffeec96373d348af8130e1fa01d3e80fd133f1841d99c84a77de47f8220851184aa53a77e9b17b9a34a227cbf

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\swiftshader\libglesv2.dll

Filesize
3.6MB

MD5
a46541cf6eb3118c318226ba1bef7a98

SHA1
1e91a60cd994a6440bde2f48a007033856c0aef5

SHA256
3e484255a4ea2c8fbce03f650001a99d2a63cc78284c6b1733982ec43036e26a

SHA512
aea0f39edc5741e8fd9edf53939902cf48c9f31023df2962cb021b77ed41923c4c4a8200928ed18d94682a567c9d0625d9108ce9555fa3097bace946a8dbbe78

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\v8_context_snapshot.bin

Filesize
166KB

MD5
d9b62a61b9242c2d29da71d58421f08c

SHA1
62eb4411599dba13fe617a860096fe21a8141d0f

SHA256
9010758e1b4453957e561dfe6dd1c891400d7a0fb78097e8e67d9a8076644588

SHA512
1d0bd25bd3c5cb55e80592bc2a15ec94c31263fc518533c8f8d6434e9896f11aabeda2a8fa08601829fcb395ea5c69629ce2ded43d1f8106d982e1d21946832a

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\vulkan-1.dll

Filesize
609KB

MD5
068e15bbf9929053253a250bdb3848d9

SHA1
b389b252c63be735d58879007264ed045ae0226b

SHA256
2e86beef2b06299cc8608710ac21d6af89dd438f7a735f3a27768ae2caa4eed9

SHA512
da13181f672b37b7915b9f75df231de87d52d41ef258cfb989fa9b54460a52f0c59bd34ac1063ec1ec5029010965f2a03a510293a78afc021d0295986d504e47

Download Submit
C:\Users\Admin\AppData\Local\Programs\discord-bot-client\vulkan-1.dll

Filesize
609KB

MD5
068e15bbf9929053253a250bdb3848d9

SHA1
b389b252c63be735d58879007264ed045ae0226b

SHA256
2e86beef2b06299cc8608710ac21d6af89dd438f7a735f3a27768ae2caa4eed9

SHA512
da13181f672b37b7915b9f75df231de87d52d41ef258cfb989fa9b54460a52f0c59bd34ac1063ec1ec5029010965f2a03a510293a78afc021d0295986d504e47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7D73.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7D73.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7D73.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7D73.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7D73.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7D73.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7D73.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7D73.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7D73.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7D73.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7D73.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq7D73.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Discord Bot Client\9b49b73c-11c0-4b0d-a7d3-09cee5e54bdf.tmp

Filesize
334B

MD5
749cbd1afa835647b233be45dde5bfb3

SHA1
fc892fc8f70dcdb08a9fb0a544e991663d721719

SHA256
1e558fd915c50fbe9f8bac384ce72d2155912855a1d87dcff00f22c7a964c59b

SHA512
243580442586e7b4f49f4d7b3e95cae27e57752d405dd18f0c76df54283407b23f30884f4fd545d537fca8227bff1e1af43cc809d199cc7ee2fb12fb031ad4d7

Download Submit
C:\Users\Admin\AppData\Roaming\Discord Bot Client\Network Persistent State~RFe57d532.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
memory/1672-412-0x000001CF93300000-0x000001CF93330000-memory.dmp

Filesize
192KB

Download
memory/1672-413-0x000001CF95BF0000-0x000001CF96041000-memory.dmp

Filesize
4.3MB

Download
memory/1672-360-0x00007FFCE7900000-0x00007FFCE7901000-memory.dmp

Filesize
4KB

Download