249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BetterDiscord-Windows.exe
Size

75.1MB
MD5

43327119366e52928b9aed0c1e734389
SHA1

3777d8387fba8528b6e433a8e763df5dcd542a48
SHA256

249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697
SHA512

bda75994e6dcf5bc9e5b45d025894d62d0138a9d39c47255cd3b6b6e32f60de973da54bf85de57e8f0ca8a253bf414697c4b06e887d45dded90485ce6832e7f4
SSDEEP

1572864:DMKQ/QO4cQ0dPUnqZUPsziv5IANK+4ZYPDHdH/I1z/dHazC:DzXr50lUnqEneWlWYj21zaC

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BetterDiscord.exeBetterDiscord.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe

Executes dropped EXE 5 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid process

2948 BetterDiscord.exe
1708 BetterDiscord.exe
1600 BetterDiscord.exe
1392 BetterDiscord.exe
1536 BetterDiscord.exe

pid	process
2948	BetterDiscord.exe
1708	BetterDiscord.exe
1600	BetterDiscord.exe
1392	BetterDiscord.exe
1536	BetterDiscord.exe

Loads dropped DLL 19 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid	process
2188	BetterDiscord-Windows.exe
2188	BetterDiscord-Windows.exe
2188	BetterDiscord-Windows.exe
2188	BetterDiscord-Windows.exe
2948	BetterDiscord.exe
2948	BetterDiscord.exe
2948	BetterDiscord.exe
1708	BetterDiscord.exe
1600	BetterDiscord.exe
2948	BetterDiscord.exe
1392	BetterDiscord.exe
1708	BetterDiscord.exe
1708	BetterDiscord.exe
1708	BetterDiscord.exe
2948	BetterDiscord.exe
1536	BetterDiscord.exe
1536	BetterDiscord.exe
1536	BetterDiscord.exe
1536	BetterDiscord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 6 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

BetterDiscord.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BetterDiscord.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BetterDiscord.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BetterDiscord.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid process

1600 BetterDiscord.exe
1392 BetterDiscord.exe
2948 BetterDiscord.exe
2948 BetterDiscord.exe

pid	process
1600	BetterDiscord.exe
1392	BetterDiscord.exe
2948	BetterDiscord.exe
2948	BetterDiscord.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exe

description	pid	process	target process
PID 2188 wrote to memory of 2948	2188	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2188 wrote to memory of 2948	2188	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2188 wrote to memory of 2948	2188	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2188 wrote to memory of 2948	2188	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1708	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1600	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1600	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1600	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1600	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1392	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1392	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1392	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1392	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1536	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1536	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1536	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1536	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1536	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1536	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1536	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1536	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1536	2948	BetterDiscord.exe	BetterDiscord.exe
PID 2948 wrote to memory of 1536	2948	BetterDiscord.exe	BetterDiscord.exe

C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2188

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2948

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1040,9319674073233067473,17521375667390904601,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1052 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1708

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1040,9319674073233067473,17521375667390904601,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1340 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1600

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=renderer --field-trial-handle=1040,9319674073233067473,17521375667390904601,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1488 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1392

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1040,9319674073233067473,17521375667390904601,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1188 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
462bef5b5a9c29632054a7d8a8f50323

SHA1
4d228cf046d7ee7f1cdb86090a3dead07cea8e73

SHA256
65a1e68e5909c1eac78f2ca04e6bc1f8efda577433850ab48afa72c726661973

SHA512
4be5689ad771f2e513be69b284502661a9a3864d1ec876af89da2be065100330751b580fd3486fda6b44ab87c46c3678c4aecfa43118242e647984e41f334702

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.4MB

MD5
63e040573aa9afbf3e78f0bb61f8794b

SHA1
799771ced68f62be32f51e3fd1b6752e8c2d2912

SHA256
2295a1f48bb19b0d52684380d04b6dbd771218f2be13df098444398c2a76bf07

SHA512
81569ced0eea91989986c384abf4a46f2f791f79db74467d92a9afb8feefed868c8d5d2b5576631682ef3591182c5f0ec022e6018c150337959eac0c9e73b241

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.6MB

MD5
884d5875a457479e73cfdbc939a5181b

SHA1
b53d2ea88d3266c8d4975a6e88f302623df586e6

SHA256
c7ac6ea48113def65ce8b5d050b5f99430533ff52ad0a5b04515b7c2a8a88641

SHA512
49f484fdaa5d969cc2b3bc36c689a3b337bb8a11a5b9f96feea9f5091b5558c4618ef2305880357b9766b9311a59d83f92e796eac67216d382f8ab67b35fcc9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.1MB

MD5
551cd88100b3593f35789a121666af43

SHA1
088f23fae2f8c4e635c9e928393c4da4164ac53a

SHA256
91ba9672b061c8e4842aaae0affe7e3df9dfad202d37220bf6e0a36a4d3f9d51

SHA512
92f1a10cc177341b33a8c3bbbd9db3079dbd13179cf465c09d1b68399b885998fd871bb93ae0feeba593822896e027067608d24c3a6f2aa91988ec732d894e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.1MB

MD5
0090a942f6dd689ce0b460a2af7fbeb1

SHA1
8774f86a219ed26a2946025dfd733fd0b522705f

SHA256
fac9c90bb73f67bc2a36412c726e97d5e8c0cde7d15c3d3a861e490f5a14d3d4

SHA512
575f1894d2aa32819dd9e9190e7cc3c594147f9709e18ae5fd63eb5a12b9ffedb53e013d1d1e3137cfec71801c5c212aaf8e0b7f765dc7cd0755d1b72a3bc40b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
703KB

MD5
10b377037dad4ee989fb818627dcbeec

SHA1
c9830750fed407f75cc3691457b6e3d3323ce9b6

SHA256
5b7638636e45bfaaf86fbc055a759d2037c9fbea405df64ca7eb0f7b9a73d8a5

SHA512
b9e1a7e1c0ccff49a43998fbb667a053d3cb75425d14fa762d100875e5544e2f99194cad2ac48d3aae3ae38ce5fad12e0c3b3b3da79211250ad38d7c80be3e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
806KB

MD5
4a457dd7be39b3621fec045ba7bc5fba

SHA1
ccd5c4cce57e483f804a4587fe789b28b6dde5a5

SHA256
206ce6abcbe4346bc510051f87a8fe9c7b62e869c458c900dd5cbda352043b72

SHA512
356807922a5da4304d269213e6f4d1e7a3ed918b20f8175d56709ad9f1b6c15b5e2f29ede0bbdfb12426b3da9570de321cb74f1bb039ef52e98c8651f2eeb8a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\D3DCompiler_47.dll

Filesize
747KB

MD5
08849b87a3dcf7e79971020afb44bee8

SHA1
f4b476164111ba499dc20a5c3f87dd31cbbd44f8

SHA256
f8a19d300bb1652550cfc978f4e46c1ce7ce3e349cead8c676f2112e7c9e0a49

SHA512
a50002cfceab96bdd3b5e10d009e69eeaa84f8bfa3b96caebcb7c9c16950e068c8d66808cc088006d2a32529e9406218124728645ca52aa4f1d4f25ed5e52058

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.5MB

MD5
d2cc6fc3a7b6c5bcca5fae428fe799e0

SHA1
89cba6e9195cf95a7aa993d7aaadb331392b3bda

SHA256
0d4ebdd32f016c6eb203aef4c70ad2f93fa68e5b9e92087a862b21f8133c7319

SHA512
34f7e6c49ff2a230abc7c5aeeebc5ec628f07170c4638b3bfc5897a645fa5f167c54230373a39021548e0aceba50c35ef730e4ecb454bb4d882df2d699c86736

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\icudtl.dat

Filesize
9.9MB

MD5
b4835c946570220b1c7eefc21903f03d

SHA1
71243432e088ebb86512a1cfeeb2fa93442dc050

SHA256
8b3306c520a6559d8b53d1133f6bb3efce913e1d780a0e4cdbfe6c79d76de431

SHA512
f6004f3562fa91a3287d370ebb071b8168778063d218498a3546aceb302958de50c77d6d60ae9e7576cb71db682fccb06de87a02c3d2a997710487fd08a60e64

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libglesv2.dll

Filesize
822KB

MD5
f7263cfe80047f407a2fc993304e0caa

SHA1
85a81ebae369ccbe10ff00f529d3e568b99a15fd

SHA256
a5cddaef7b7c5b4354f3664b64b952ce563ac5566427ad2d44994ffb54a030c5

SHA512
cb8cb20d71b352ce45c3ec61c4e711bf8e996775e3e249b810be3cbdab20818e68922bbab291bd04dc1f75a8e39d7b69a4ae874f31c7c135bd8a822ffd1f304d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources.pak

Filesize
4.9MB

MD5
91f8a4b158df6967163ccbbe765e095a

SHA1
95db67f0a2352fd898f4a4cfdfc860f6a9c58c87

SHA256
a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182

SHA512
6450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar

Filesize
1.1MB

MD5
f64750a616dcdafc38fa3fdaa966fbc5

SHA1
358b77012f4a1a9c96f6370d4f7b96ab55e302fa

SHA256
eaddb78f5f24d73c75e3f016457e79f0c1685d5add4ec5647efdcb3e5841b7b5

SHA512
46221e0b9c11674847b9de39a23effa339ece2fb15ca6036e1bc4444f0dbe1ad6ded144ed2ae511525034210842614d295f001dab64b360c97fb9e2cf3f9e984

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\images\background.png

Filesize
297B

MD5
32338b60ff8368fd431b32109eae89d2

SHA1
7a3a844f2e6371c8f3a08a142e2e792a6e77105a

SHA256
1d370406c3b0c6bfe109feb76229fd4a0fe1d4171ae2a77655a0fd3264558d2f

SHA512
be71b3dcc24cea203d59e08d8a4082dcf253eb02a971e67034f8cc0930f6af72830b1e35430cc861c08341082156585adcedcbfc788a83ec35fbd78107e20f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\license.txt

Filesize
2KB

MD5
f31549cdc3abfa48981759862a07519e

SHA1
1168fdb04883a65057168eaccb75e153aa3fe438

SHA256
267c8e6f5387fa5d54290044d30a5da427be3597fa7815c32689a533eaee8886

SHA512
f084f518eafc6a58c377c3f80d8a186d9a1d55473afc931bb913adb1fa6fd0bbbc2ba09a30ea39283cd5327079278ae7babea6a74b93a7f2d7cb48bfbba95795

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\swiftshader\libegl.dll

Filesize
366KB

MD5
c51dc7e0ca92c9a45467a202aeceebf3

SHA1
5f35ec0c4e9b7663d7467a6c5f10062479519758

SHA256
0d4015adb1b1a4996378e06c9341b19d00e3cab8d18c002197ea9311feaf5d11

SHA512
8439f2a36f0a85dbfe12e786672278c6f6250be5029313efa285f851491357e134d6c9e03b339985eb255e80988e82d37540ffaef4f358c4428f6fc6aaec9ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\swiftshader\libglesv2.dll

Filesize
1012KB

MD5
b1af2fbb5d082af0cbd2d8628c35511c

SHA1
ae732ac47664d8f61ac719e6794a7135dcfcf672

SHA256
58ddca1f5ec08ffa99941551f34b52dbfa120e78b9d386a0d1fc813bbec69396

SHA512
48b32d03d5b8fb536d25bd87dca2496197e28605313832ee3cbdd98194f4f02bb4c2c85cc92497a4b43d962f985fcc59fc429f2890db20a8d132a8185c3e1203

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\v8_context_snapshot.bin

Filesize
161KB

MD5
d88d23551a4d7230f98fe0cbd363695b

SHA1
8e28eb4153e00aa5345bdb539b925a777588a26b

SHA256
72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

SHA512
ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF8D2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF942.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.7MB

MD5
7fe7a9d9b718edc015cef8fc77c96da2

SHA1
fe9b5555aab6c56c30c84b9f7037ae23d56ddb15

SHA256
57da6eb315137f4c9e51a6c3b25c82cbb2144202e2b15e2fe8d9776ee42758a8

SHA512
426f621820d59bf1a15dbe4e7df75e9cdebc9cf2b6525769cc1ac3923844b0fe07164db255e8d966abcbefdd188a30d25f22fdff0c9612a339eb1fca53582bf6

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.8MB

MD5
87285ce77aa1daa9bcb29d960f1ee14a

SHA1
6737200a5e9acdcdd24653e80dd5eb70332c74b7

SHA256
28467ff2ed34cca91b609321a1397f42ab6587f683b257af6221a5e2861d823e

SHA512
9a44778447b1e4aa6eb3a5aed364db8fadc282a0c84225824321902c04e0301366f53d6ad61ee517466fba513a655689a5db280399cba6302b28edf523cc42f6

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.6MB

MD5
b00ce22636876baffd0fab4b333d7f9a

SHA1
e17a70f325499a5fa1487dc1e2d15e4b5feb6a9f

SHA256
d4ee88808fbae5c4fab9e7fafb34a7fe4f3eb355f03ac0a613af8a086fc7edca

SHA512
a83d9b38b579665434991689ffc120a21b886a9086c50ab9b70a258f701a49c2f1132eca19bc1450ca90d59b379072949f9bfd32a3b53024b827c4b64d1c7cec

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
507KB

MD5
f148e4f81975a1c578e2391f40176b1d

SHA1
b79c9cb128710de1eff34b478e9005d69aa40578

SHA256
2f381e5f19ea3cf63a166bf40689e92d2a5c3d9e65a0ca16c00da332cd19b0b4

SHA512
c57400a464757b832a74ca13a56bba9832637848fea9d02cb6fcda5b00e216da8b777e6198389e6ad1d2fc1482f2b4e615e3e335b75b5f9e3ff2e90f585ee79d

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.0MB

MD5
503a3ebcba8f2f36ba540dcb723936c1

SHA1
b14e06bda1a29aeccbd7682034061f72402719b7

SHA256
938683498be7c517bdb12fc7f4ba96987171d32ffac01ed916d3897c287c4836

SHA512
0cbd01f0e9e0f23b13ec021db6d2bc2b7510687fc4c9fb0bb88c021e3d2fe693585ded453bd2285528ed3809dbf310139fd863b435e25fa1bd62e1536fce997a

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\d3dcompiler_47.dll

Filesize
803KB

MD5
88fa9ab4fa689349b0ec12cd290946e1

SHA1
aa832c4cdb5f6c736f8d608fa7bd021478c0ce84

SHA256
106adc35ee8e259fef6f11fa87afe2924334fa8f151675d95ed1a9c06f98c0dc

SHA512
99fadc5d6e93879f5fc563f0dc96ce5dfc0cddd7439b67d8ee23c64a4a1387d6ee89de5cdbdb8484c5107df17b7305c5388cd509e9cdb2683ce7d558a30bae38

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\d3dcompiler_47.dll

Filesize
955KB

MD5
4e097ca7b856a7911138d0a307ad57c8

SHA1
c4d5b6499dc3df2620fd9493b536867a99906427

SHA256
5510d6ea42f02985aa2e402b5bab53a81b6e2f6ffeadbe9e53a56c4396a23bdc

SHA512
1f86221d1a25b296829b6d5488f33f4bfd235c381a974a0bc589c5924c1f35be968d9b23ec467d16575cd835ea8e40a230ffcf4e32454a54d08876db6c82e8ab

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.0MB

MD5
8ae2251650e5c9375353e992183235f1

SHA1
7dfd838f9fb2bd7255c413945ebb23f0a61ffd7b

SHA256
6e3235ed67470af98c8074226844e1559b704e53339ea5b39936ffce945637af

SHA512
4140f151eebbdc754eb6738e6cee6e27cefe109803683f8557cc6cd2db801408350b5399642273978a4e2275b2c9c649bc61023c016e982c70fa6297d45a3282

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
513KB

MD5
103a1d2dd43e35ca444c02b16ae09e3f

SHA1
e1fc63f096620547239a464fcf18c6b3a8454a74

SHA256
f35aad8032a8a220ed11714624a266a2407960ca5347b47c4bb870d4b85a79cf

SHA512
ccd903f79f5c1406ff9736aadefa5d1d07ac39e6cf1d9254b53fd402bbe032bb4c095f6c3257f6b2b92a4ae6b5ba5bf11ebc6e5a8c484ec5dc35c01bbaebc45c

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libEGL.dll

Filesize
346KB

MD5
dccd99cb80c5022d4ed21c068d4e4ae5

SHA1
4fcdc6be313d0e3baa5168a7556df992e3364da4

SHA256
2166f8830bfbf3d574d7654bd927fe6e05fb74fb05d8e57af59c93090f6bc2a6

SHA512
02f18a691d85545a0452631b1c1e218aa5853d71937f7ae1d4f3639142399017139c1d9cb81f769754303635ce689605a7fd65765a3d8b4873603ced57925faf

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libGLESv2.dll

Filesize
558KB

MD5
262b2184bc2847482194db6505e8c25e

SHA1
ea93bb166246e688a5f9ee9ff2c1d9a33d9fc621

SHA256
ff26f1a684d209861ddf0b556e35bf0904f48a30f57b4caded70f975e90de984

SHA512
ebd432571802fe0b1b7cdb32f0cc73b072f5ebec9a97269d1153df24f85f17d06e6a6286dfcf9fe34aa508965853b8f987a199e4e4186bcf93003a3c5040d069

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\swiftshader\libGLESv2.dll

Filesize
910KB

MD5
11cad27ca32905eea598011e18427419

SHA1
3c047dbe1f1118efcfec199879f8c7f818191d8c

SHA256
1936d443af195151e1869db9731da9bf1511417c8df7d82082f0cc53c9503bef

SHA512
1adbe4b2fc9794c8d6396e9dee4422e2d44ac22d58b3655d90a7de16388512461f7ba3f18a1a0ebc6efa45d5b8e1ec9fd24daeb4d62ecbc5e2be5939def6475a

Download Submit
\Users\Admin\AppData\Local\Temp\nsd77B0.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
\Users\Admin\AppData\Local\Temp\nsd77B0.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsd77B0.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
memory/1708-114-0x0000000007490000-0x0000000007491000-memory.dmp

Filesize
4KB

Download
memory/2948-156-0x0000000009300000-0x0000000009301000-memory.dmp

Filesize
4KB

Download