0409f2d3c5cda96547ad5a2a7d361e7b318d520f11cbfef9687da5d0eade69a2

Resubmissions

04/02/2024, 01:49

240204-b8t8sahbhn 7

03/02/2024, 15:14

01/02/2024, 21:03

31/01/2024, 22:32

31/01/2024, 22:26

Analysis

max time kernel
137s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Discord.Bot.Client.1.0.0.exe
Size

41.0MB
MD5

535d445dc5a852df3c42f93427ed61d3
SHA1

69d3ba9008707ae9427ccc03ce75aea7e842b954
SHA256

0409f2d3c5cda96547ad5a2a7d361e7b318d520f11cbfef9687da5d0eade69a2
SHA512

71e94b725bfd1541619c90ae588e6d3ab9fbf72e308741cc6bbccdaaa467167d0369f851455d1500b3ed269353b99cae5f875999c741a500b9b3688e23afa51d
SSDEEP

786432:lz+qD8SYqht9SQSdhWjNipptCi1qoHSESsqSlkcAeWWQDRW+r2NfqI7qiV6W7:lzbY69SQSdcjNEpkoHxSSlkLecdahZlT

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\International\Geo\Nation	Discord Bot Client.exe

Executes dropped EXE 5 IoCs

pid	Process
1940	Discord Bot Client.exe
1908	Discord Bot Client.exe
2468	Discord Bot Client.exe
888	Discord Bot Client.exe
3004	Discord Bot Client.exe

Loads dropped DLL 19 IoCs

pid	Process
2224	Discord.Bot.Client.1.0.0.exe
2224	Discord.Bot.Client.1.0.0.exe
2224	Discord.Bot.Client.1.0.0.exe
2224	Discord.Bot.Client.1.0.0.exe
1940	Discord Bot Client.exe
1940	Discord Bot Client.exe
1908	Discord Bot Client.exe
1908	Discord Bot Client.exe
1908	Discord Bot Client.exe
1908	Discord Bot Client.exe
1940	Discord Bot Client.exe
2468	Discord Bot Client.exe
1940	Discord Bot Client.exe
1940	Discord Bot Client.exe
888	Discord Bot Client.exe
3004	Discord Bot Client.exe
2468	Discord Bot Client.exe
2468	Discord Bot Client.exe
2468	Discord Bot Client.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 2 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	Discord Bot Client.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	Discord Bot Client.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
888	Discord Bot Client.exe
3004	Discord Bot Client.exe
1940	Discord Bot Client.exe
1940	Discord Bot Client.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2224	Discord.Bot.Client.1.0.0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1940	2224	Discord.Bot.Client.1.0.0.exe	28
PID 2224 wrote to memory of 1940	2224	Discord.Bot.Client.1.0.0.exe	28
PID 2224 wrote to memory of 1940	2224	Discord.Bot.Client.1.0.0.exe	28
PID 2224 wrote to memory of 1940	2224	Discord.Bot.Client.1.0.0.exe	28
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 1908	1940	Discord Bot Client.exe	29
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32
PID 1940 wrote to memory of 2468	1940	Discord Bot Client.exe	32

C:\Users\Admin\AppData\Local\Temp\Discord.Bot.Client.1.0.0.exe
"C:\Users\Admin\AppData\Local\Temp\Discord.Bot.Client.1.0.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe
  "C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1940
- - C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe
    "C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe" --type=gpu-process --field-trial-handle=1048,5635719430711813549,9588720453960619174,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1060 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1908
- - C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe
    "C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe" --type=gpu-process --field-trial-handle=1048,5635719430711813549,9588720453960619174,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1292 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2468
- - C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe
    "C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe" --type=renderer --field-trial-handle=1048,5635719430711813549,9588720453960619174,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\resources\app.asar" --no-sandbox --no-zygote --context-isolation --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:3004
- - C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe
    "C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe" --type=utility --field-trial-handle=1048,5635719430711813549,9588720453960619174,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1532 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    PID:888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\D3DCompiler_47.dll

Filesize
2.3MB

MD5
ad80f8841e6a92b45372a42c2c5b1793

SHA1
83805242a8d62e64e2f92294abfaae63d079ba47

SHA256
f223f00624e86880d4df6699043b4dab6401b2e2c5072da706133f5e4f1d6184

SHA512
b02c95f07a495942b2adf72910d7264eb4450c7c1434a95667f5562d5fcb101690d1a5958440740e5c3ba571d36282c8f752f1f18e73d5c61dcfc5a16bcb56ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe

Filesize
30.8MB

MD5
44ee6fa64d3bfbbba563eb12aa698bf5

SHA1
e26b06a1aee54382c23ef2d3711af1e6c401a977

SHA256
411373b70ccd4a822fa0b2592df24a86e335afa6f8685971e03ec66e0ec83a9a

SHA512
f8bdda32c41ede1cb38da0ec3f59ce30dba7e85131f1800c02c98857ae405b3c914cb5c6f322dad2334bf3e7f0edce4d72695ff237e9194b8bc3bd8529eb0507

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe

Filesize
16.5MB

MD5
6cdde33b71d8bd69c4f892a70c694ceb

SHA1
2b437385812f5fe970aa35cde41c01862864ab4d

SHA256
d230736d8223ca540f1d3587a7417d87042275404be30d0f27c4cceea9a21ba1

SHA512
ad9c6e385cbff6401cd272b3d6db091b064ccaf17ecd89a905a4667bc0320ed2255943a7553eadfff29247e407ee9c90ba9cb8ffeb800f3c050d67440e8cafe4

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe

Filesize
3.0MB

MD5
7f595a8cf6cc482a41bb72b7e205295c

SHA1
7d8abc032dcd054e6ab71515f4871a1a07d0112e

SHA256
96a340232e9cdd9fcaa36aece3e74f52d6bb40c67d19c0a87739c6f99e04d9d1

SHA512
22ef4726857f7cb82e58f4ad35767f4226b6f076d92c1964d0d6f105a13289cba1ae20e581f68cff2e22ab2cdb1837e7c57a2b44ac95b71e2821686efce21c41

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe

Filesize
320KB

MD5
44f8d98bd6a85e8f1fc629efab414625

SHA1
7775f0fa7682dae37bf09f4493d3d941f14642e0

SHA256
c291e2cf1e3af9a3fbd291f8101f4be9ef1decf76391c9fe035be54a6b63faf7

SHA512
eba2081467b49ddead5bb311f07c13da3042af58bce4026359d68f3884c082946ec26c3a0c6c3759dfea4b253e534e58e71bfebca2566ba8ef46e84153aff113

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe

Filesize
1.6MB

MD5
54f23908a38aa6670eff97b15773cc7a

SHA1
7133382d4b9ecbffd0f2e17452933822311c7a64

SHA256
83364183fa45b41477b55017a9156c41970f17e381d0bd2d6fbae17435364dd5

SHA512
2d7cc7577efefdf25d76e0ebfe3ae4b4735173cda1bfd143380a945695f415f751c4644a73fd89ea1a42e2650e367a1dcf91c0ca1d92a72375ec6fa10e2afaa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\chrome_100_percent.pak

Filesize
175KB

MD5
7c4728b2d58afdd97c4549c96b9561cc

SHA1
1e0d251eedd67e7021fc764b9188184617465c54

SHA256
419cfcc6dc5f38b2e0c970ebd4fad1ef55054579d5c0db2521d7ae494996aac3

SHA512
82d0931e4d1cf38f88050980f518cdacdc981c382771b1732bfbe69f601074a0e7378e27a7470c7dea4e287cb1617a5c038052908ed85134abcd5b6591b4e7df

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\chrome_200_percent.pak

Filesize
312KB

MD5
6af049ad6fd11ee90ad9db31c4e02082

SHA1
5d2f9a59a74dc584b5dd78aeb6de583e969e3eb7

SHA256
edecf8e1ac353bfdae534e42507e5a59973cb4cab76fbb1ff1a470363e725bc4

SHA512
c7fa6e1a57861e62b9b4d615a988c98d13cde8abc23eaed7c36c2ecb86409da4b65b1f579ca2f307e90eb4d08d14b07f7f41ccb8d8c165d6de67c09c16009715

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\ffmpeg.dll

Filesize
2.5MB

MD5
d318f43c91f115e99d7a4afa4c8c49e2

SHA1
6004360df806aef965f16522efe37c80ee82e953

SHA256
6f14dbd131f63e5904e33a91a3327550dc97d563404e46d0cadc606ebf0cc020

SHA512
7313bd2d9771028e0c2d824b3714fe71616621e87d2221b44473d291a6c7dc15a138feeee99685ba7d165b01d5f4c25df2cffb5db80b572af1859e526a4fa9ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\icudtl.dat

Filesize
10.0MB

MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\libglesv2.dll

Filesize
2.1MB

MD5
86c6e5ae5c5990e1ac773851ab506a21

SHA1
f95cb8bb963b6e6efbfba596753a82e2b45202f4

SHA256
2e0da52726848ceda1ea8c4c465e7115e25abda9d877cc88c03c707862fb7acc

SHA512
0186f46254b40f63e724a8f01f54051d93c3c763861a534dd3c931c015f64b793db86b086543a32549688ccf6dc41bee0303b390c59fd5306b4ef6f6a15ab57a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\locales\en-US.pak

Filesize
79KB

MD5
98c8cfc3cb98ab34e06d4323b8bcb043

SHA1
2c0bda072161530b710fa0a1dfc3c23926184afe

SHA256
35adc5aeeebfe440e295b88d2a4089360ada33c353843b1f5438f4118501878b

SHA512
25edeca13b4a29f63bdc4f135eda1b1b8c72f3a58315f57895950bdc15f56b2af1aca42affe397716f5965437ece836f683265a33ec919b8b26056634612ed3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\resources.pak

Filesize
4.6MB

MD5
d9022282a7fbf3aa354559ab6a9c7926

SHA1
ff1f2b77d80848bc1a51e48c21a033eb57d8776c

SHA256
ddc85d749b19cbabae11a0b8f7114daf75900179a2147280dd0f9f8faee7d65c

SHA512
6b9ab157cf8e10d8a79ea2ad4e247210fe2a7fd75dab086eb55951d4e028af3060e1f42175be936c6b093abc2c3071c0fd1c45afee3c567a79e1b722fe5f5d97

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\resources\app.asar

Filesize
210KB

MD5
8312f4af409fd95d9605ab2ae2ecc522

SHA1
40ef23ec3cbc77af3ae5ce557d48d7e2d071f732

SHA256
76b509211b64c83522028be4b5626444f5e1654376540193aa44ba9936454c3e

SHA512
59e253be18b706978b57235eb47130e845308cb7ccfdcdf4ad51b716caec51364e7436c5cd5decb94b0dfd7806a979d7bf0038452028079f97156562e060fc51

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\swiftshader\libglesv2.dll

Filesize
1.1MB

MD5
3cb99c5a3a7d9d58136305b0baa3deed

SHA1
57de55d90bd7bb13fe68e846be539964038ad149

SHA256
dffd195d588eed3e3ee8e41445c6ba0f9cabeb1a9503344d027a2cbc4e5281f4

SHA512
6cb981e89bd4cc41e7c63509a0abedac843cc6acfaae4404506dda4bfa73d37a789e63ce5f292f5451b5d7ab6b7dad4b1a6e947410791bf72c94b89ae23d5180

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\v8_context_snapshot.bin

Filesize
166KB

MD5
ba6a9f0f543bb2077adf3bc57c4a6c63

SHA1
38b124ae1d0dc679a099aa1e436c48b4993e7506

SHA256
2bcc2b2c1f5f3a705a00b26550ba177debffb3bdc2b359b5018661869c51c44a

SHA512
7182e0e7445208fa41e2f0cbe10840852ee9a5e8f150a961b1907a898ed315e9fd9afed003bd59b5fd83ffceaea4d0341d0076074a6ae869da49261d80639c98

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst95EA.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Roaming\Discord Bot Client\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
7f97a903ca7fd2caa7eca2b35fe98ad7

SHA1
a0f9dcca37a8e1c9ef29d9ce3d11b5eb526eb3da

SHA256
13d65cd8d930e398bfa0668ddb53fab2be8259dd0e9730ca22eb9b9acc7aa843

SHA512
544ad3da965f9f9ca276cb2c720bb77960160294019e6149acf2396fc94fea8d94d4940620fb81090bf0adf6b8def4171162dff15acaf46a8526c42ed8d97106

Download Submit
C:\Users\Admin\AppData\Roaming\Discord Bot Client\Code Cache\js\index-dir\the-real-index~RFf77e56f.TMP

Filesize
48B

MD5
1089171c458b9cc548021ebf5b57c518

SHA1
8f7f994104ada8cb264652a5737ff82024190c8e

SHA256
1a6dc769e6b7a336dcc1548f655a7f621c6cd10fa2d957f53266ef353079a01e

SHA512
d69dac9bc7c8b3cda6900279dc45deca44b982d9ae6e7f056aba42efee3d85be69f0168946f5aee50a9fe8a4a87f3f64256cc47a0c1a2be441d59b1ba57686b3

Download Submit
C:\Users\Admin\AppData\Roaming\Discord Bot Client\Network Persistent State

Filesize
265B

MD5
a1cde6e60f27faf24e1db56b18dd0d18

SHA1
be7c96d4994bf09fe655d08466a2e4cf44df7fad

SHA256
a62b52082ae82afc4ba40ec2d0a5caa053ec143b0086199976eb6fcbb68e2162

SHA512
2c0e3c2edf95e9512549897274a00fa934b7de092aafb473efd8222bc43f57accf262ad4fd3ddb06dd3fb506542844ed1d0b17db6283cdf37c18f7827c1806a4

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe

Filesize
24.1MB

MD5
4a550726fe9dcaa24629ae1cd19d194a

SHA1
846af4a3dba33a082b76b86f481ef9cbae0e2b2b

SHA256
c7330a1e17b18920861672a55ecc7f7c140e6a60be09302ca80de9ec958d22f2

SHA512
5b1bdef16628de69deec747dd7f546a66501ecaf3b2bcecb863f06b1b0b36963b208b5a1ee231877c72209b39280fc051554334fee658c89f1fe06ba50dbb5ee

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe

Filesize
2.3MB

MD5
fba6c30820804e67251b0c45293b3d9d

SHA1
9e4f9f864ad95302042ddb47366b99b192175994

SHA256
6c9aaeaf65548ebac350dd51955ff36b27b6a204c2b75de4ba506cb7367ae794

SHA512
587b5576402158a78f3ff148f505553ecdb15025bcd52174a377dd66f971099f6eb0137d9810ede508db272ef52efa408a8a90ae1cab1d21cf84d812edf880d8

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe

Filesize
1.9MB

MD5
c24b16d5f734a31ff1c8cc84a9fa9031

SHA1
7d7b707e7fd590f04f402088cca872d383664520

SHA256
9a927e6f2e49746d5dc691386ce222affe27a195228ba7b35399a3e4857840ec

SHA512
a6c60991c493812ba85173823518fef73f6a938078e21d284555bedb8927224e8cae3ac4034532086f48c19f9252f8410ff24752f578fb87bd6590752f0ac244

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe

Filesize
704KB

MD5
cab22dd90bc5840cb3695c2c5e25fbc3

SHA1
42be70fde202e361c07ec32eea5085737119244b

SHA256
1983c12cb85bfd5ec4c1353aa262449f57b98f06875513960dd87e8021278550

SHA512
2b4e50306ce19abd34201563aa3fdaa8a69ce1afb2dd5d35972f80f6f29610ecd73774d3659309c66ffbcb077ccc47f8c40f09eb2358e29f6f308d5d4513d4ca

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\Discord Bot Client.exe

Filesize
128KB

MD5
e7d7a80f380deb6bf169012f09662fcc

SHA1
6986a7106f346ec59fe0e4ea2e9767d30b0bb7f0

SHA256
1fa1b566600a0365491945347c4c213b3326fa4e4e603b8aba0ca3253f1dec7d

SHA512
dfffb2a8ad0cf2fc787632c7978ea205223e523d737bc43a2d8287d256f226562c2ebe7ad4e3364bcd2011fc677edb0c8446a5e6abb22bd1b6a89931defd2a41

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\d3dcompiler_47.dll

Filesize
2.0MB

MD5
468b682f740cf636e515fbf4f80486a6

SHA1
1f1733c7362779f5c5bd0b8e90465653a52e1636

SHA256
b1580c274f28b5a5899674d1d663e85aaa3455d8a7e348c2d7da63abea946942

SHA512
4a4bf29c607a910e7694eee74a67b1430b32bc24d8853392942f7f39351bbc1859876a8d1e495c08983923d98a1b80c0b8499e553370ef422b2d6cf21eaf0906

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\d3dcompiler_47.dll

Filesize
45KB

MD5
57e12cf652f9fe254fedbcf4416b253b

SHA1
aa8d034dfe53d1299ac26ebe1be68051fb7c8950

SHA256
b0ec8aa68c2b9436efd011f92a25f77941c90d7780ed977e317f6481ab504b0e

SHA512
fd855ad5196914fc2de04db75d65f3eb85bd2abccfb0cc50ba0ff4ca9ce34ebc628dfcd36ebbdddfdf94fa1ed2fa4587430be49580b1d81ed25f24c7a5ab5699

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\ffmpeg.dll

Filesize
960KB

MD5
a26eca75bd242eba2443ea364fbed923

SHA1
95cdb05ca87d94b890840b2e5b284bff68626ed1

SHA256
f3a97a6161917b9aae0bc558311cc4df438207b8373ef5ae6c12255679ea030f

SHA512
0811fef9ef6acd364d49a2285223067bdd555ceccbe7a3649c645d28ba45366a76d3c7dd6bd99f332e3591431bc44ef20e0c49128a222e97958ce1ede4561b0d

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\ffmpeg.dll

Filesize
192KB

MD5
75604fc47a58c86041c7733d64236a6c

SHA1
8c925cd162909b0e7a12093b0b74551fb56ef50c

SHA256
d093c4679ead1583b49c7724151d7032c1c0b9434c851335960cda65bec7fcb8

SHA512
1a4a17710395cfbfe0ed816c6ec4cd6337e34d7ba6f205d1eea6e2da7ef08ffacdd66e7c7b2d773d22eaf3c87f88bfa7d186efba498a5392c0f105888c29fd35

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\ffmpeg.dll

Filesize
121KB

MD5
b0612fab88c882e3a53261bbe3743b23

SHA1
6f808181630054b6b890b72fcf7b912d97ee8154

SHA256
046a149e8ad07f73cf797694804ec0e66e1905887030e78b392396a85bc0403b

SHA512
87ea0d0cc2bca3711fb561fb7c571c4512e585e0ec6823a112f5bbe5a76672644e5d1329fe44086d6baf1f865d08251767cb8507cab43ce48b9efa6adb21f0d6

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\libEGL.dll

Filesize
307KB

MD5
d83e9a76a8f910da9f5e8232545212bf

SHA1
99bd81a462eaaeb23d4bc62c3f5049a3722ca788

SHA256
06a83c0ed8efe8a43294ed91b589036f27c4fee58967837e8ba9797c8b81de85

SHA512
53d7bd07826cba69b2dc2be7137ed693f534f40c3ffc2339fa2f10190afbcea9f0a41fb747cabff46d443815cc9ecac071c9f99f7961e7e1f8ddede188255330

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\libGLESv2.dll

Filesize
1.9MB

MD5
24ae561760bb245ae7327241aa79654d

SHA1
20c326bfa0e36e45411c9f98cf99f3306cd0c9eb

SHA256
7822ff2054de5cc98323bec1755e985c1fbfb959ccaf5327a87bfc9fd18c8de0

SHA512
de41913bdf07da93b093b7682223eb266cf6ce18d10beb6194ddab71039ba055f5516b699b4ca7d252cbd6613e3d92d1bdc3691dd86b92ea77e456ec02de1d4d

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\swiftshader\libEGL.dll

Filesize
2KB

MD5
c0ace76332fd9a4bb5bb49de05852744

SHA1
c83a5f1bbc27de986949b60ecc13767409b13f69

SHA256
be26433863220bd546e0b2206f3ebade2dcf1ba2dabffd5fb2d8588ade0d1991

SHA512
58fd325588583902cdfefa36b43b2c1b2d2ce5b63d1fafa8b50ed09a591f1c200cc9474afeceebf7450155042ebf3cf152326500090346459b9621a4f699b666

Download Submit
\Users\Admin\AppData\Local\Temp\2B7SbwheeSlrAfwSDUtyrAmS7G3\swiftshader\libGLESv2.dll

Filesize
1.1MB

MD5
cd1bd61b7b59ecad73e120c19e8610ec

SHA1
8817f0f3bb45793cf579fdebcc483d2964741c50

SHA256
a4032e6d59285c89bcc5b8aacaec67a0dfa7acb5650713194f7749bde46137a7

SHA512
e623f6ca781468ef0fa842de1e54c767da4e47fa9d3f9166f9364d73ec113c407c0a938bf4d730ca25c1a8d63e878d5b7b4986e9e3e993778c17e5e2794a0763

Download Submit
\Users\Admin\AppData\Local\Temp\nst95EA.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nst95EA.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1908-179-0x00000000009D0000-0x00000000009D1000-memory.dmp

Filesize
4KB

Download
memory/1940-248-0x0000000007FE0000-0x0000000007FE1000-memory.dmp

Filesize
4KB

Download