249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Analysis

max time kernel
139s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BetterDiscord-Windows.exe
Size

75.1MB
MD5

43327119366e52928b9aed0c1e734389
SHA1

3777d8387fba8528b6e433a8e763df5dcd542a48
SHA256

249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697
SHA512

bda75994e6dcf5bc9e5b45d025894d62d0138a9d39c47255cd3b6b6e32f60de973da54bf85de57e8f0ca8a253bf414697c4b06e887d45dded90485ce6832e7f4
SSDEEP

1572864:DMKQ/QO4cQ0dPUnqZUPsziv5IANK+4ZYPDHdH/I1z/dHazC:DzXr50lUnqEneWlWYj21zaC

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BetterDiscord.exeBetterDiscord.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe

Executes dropped EXE 5 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid process

2848 BetterDiscord.exe
2468 BetterDiscord.exe
1392 BetterDiscord.exe
2508 BetterDiscord.exe
748 BetterDiscord.exe

pid	process
2848	BetterDiscord.exe
2468	BetterDiscord.exe
1392	BetterDiscord.exe
2508	BetterDiscord.exe
748	BetterDiscord.exe

Loads dropped DLL 19 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid	process
2088	BetterDiscord-Windows.exe
2088	BetterDiscord-Windows.exe
2088	BetterDiscord-Windows.exe
2088	BetterDiscord-Windows.exe
2848	BetterDiscord.exe
2848	BetterDiscord.exe
2848	BetterDiscord.exe
2848	BetterDiscord.exe
1392	BetterDiscord.exe
2508	BetterDiscord.exe
2468	BetterDiscord.exe
2468	BetterDiscord.exe
2468	BetterDiscord.exe
2468	BetterDiscord.exe
2848	BetterDiscord.exe
748	BetterDiscord.exe
748	BetterDiscord.exe
748	BetterDiscord.exe
748	BetterDiscord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 6 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

BetterDiscord.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BetterDiscord.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BetterDiscord.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BetterDiscord.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid process

1392 BetterDiscord.exe
2508 BetterDiscord.exe
2848 BetterDiscord.exe
2848 BetterDiscord.exe

pid	process
1392	BetterDiscord.exe
2508	BetterDiscord.exe
2848	BetterDiscord.exe
2848	BetterDiscord.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exe

description	pid	process	target process
PID 2088 wrote to memory of 2848	2088	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2088 wrote to memory of 2848	2088	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2088 wrote to memory of 2848	2088	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2088 wrote to memory of 2848	2088	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2468	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 1392	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 1392	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 1392	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 1392	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2508	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2508	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2508	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 2508	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 748	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 748	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 748	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 748	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 748	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 748	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 748	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 748	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 748	2848	BetterDiscord.exe	BetterDiscord.exe
PID 2848 wrote to memory of 748	2848	BetterDiscord.exe	BetterDiscord.exe

C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2088

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2848

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1044,16734299570859647371,18052617625236680972,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1064 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2468

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=renderer --field-trial-handle=1044,16734299570859647371,18052617625236680972,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1396 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2508

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1044,16734299570859647371,18052617625236680972,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1260 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1392

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1044,16734299570859647371,18052617625236680972,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1184 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40133bd976d01cdbce85cc36b15253aa

SHA1
fea9c4feb7abcdbb5df4494337b8c13cd4e30899

SHA256
d4fc1e8cb4795ce4d4d76bee34c065cabaf5e055755d19adb1c2a457b3307147

SHA512
92e4255e42e7d6489c643ed352a9e58ffbd1992216be417bc940db7979519e4b6c8c2c98b9f14ce0c9e3766eddebb17b2a6435de761c139a11acc74e6780127a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
617KB

MD5
4b32a4d7a8d396ee869622ef0fa18594

SHA1
6dc0aaa5e54e398f62e5a21ff83407ffcadd1858

SHA256
8b6abd7f759c24ba4b0c512cdc73210c39b9485403005b3a62c9812fca9e6a37

SHA512
ef40324e60632020e6a979277dad6c69c89ad388af3d8d9a0d8f7e21f3b31773f3c2eb3a7f269867aa903366c22a92189877ce97325d6323c76afafb905f24ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
235KB

MD5
05196214ab74b6f9046f0dc446107ab1

SHA1
c1063e64a84a5d41a9c12bfdbfaad3ea5c435e1e

SHA256
e90e7f0a16d90a3adcea7b37f439b3d26276305c32da649f7b04cb1c35c22771

SHA512
fab88b573b2ea8a1972c6679900dc0bad197706ca9bb3ab5aec993aec4f648637fbed57d8a6320fc042324c7b6bdd36c66a903bb3f284f2ab97a4f972e42a0c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
342KB

MD5
b5504fc6c9321b47bc1c6a51081c0178

SHA1
0cfa7297d1faad55e6478538b8877636414919c9

SHA256
d67d7f901d7836d2c6c11e972d05d817301ff34f0a8870ad143b060ff116eb56

SHA512
363d1799e6a247a0fe360a04c744582f85f3d65fc4953ac2f09c1f30144bc2a37e1ba564a585c624eae71c385c0cb94852f85f2546bae653815e85f913dd168e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
245KB

MD5
29b54631d804d5d2011eed5966fbfaf1

SHA1
2ca1c6ac06c793289a99dcff19e8a3e58db4c579

SHA256
26d2a1e8327f4a3ac57f981b471f5a856216e0d049c36a30b3b76b4add147f3e

SHA512
db97f125d796a86a12befabf09fbe208c32f048b9d007a96443079f6c74953425cb19a6c51ffad868363a7f53a213bb08d9f8d995e9b7acb6b2652d0fe083713

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
521KB

MD5
872ca26ba771a7f99f441287e10e157e

SHA1
e29d0f54efa4473fc9017d802678895d32191896

SHA256
afbeb5b95e058d8a118cb73fb918379d009f3f100e997fd72c54108f953f061f

SHA512
55571b52aafc912fa930eee2593daa4a2dd83148d4dc1a130025fee209ac40f47231a9d157f22c9c63de5f94a9c87717d9df094bc31152736b4ce0716ab69d48

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\D3DCompiler_47.dll

Filesize
83KB

MD5
70fec0913805be56c4cf443d51b80581

SHA1
0e0a54be66253f3e3b7a30080c9d7b11312deb97

SHA256
fea7bf439bfb47d055992d13999fba870b3a8ee0db82ccb483afdb11bb310143

SHA512
11336964c953d7a3f343a097223c8475a125ac0bb2285ed1e2ba244279095843e886aebe80fd2859dbc6b382a31c4aafd066ebc6590ac1313f3a1a42ea9817b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
526KB

MD5
17e45d1cca3addd99ed4b89a7442a255

SHA1
3a586ddd44fb7aa0c1dffb78f8d191580f38c4d1

SHA256
27c1caa0a81ec78f4abf9bdf9df923a8bcb28d3636adf3491bff673938a27de3

SHA512
184c18e8f63c6dbce54dbbc20f69b2191ff655a6bdc022e8a45fdf6e2ad23979a2687a51c8ab3fbb8ed1a406b3d06ccde917711021e4160ac6d1c506406072bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\icudtl.dat

Filesize
594KB

MD5
bfb36c519b528450b1f46da8e59840c0

SHA1
c6c157d1036071f3f08097a6b5ca2b20d582319e

SHA256
47d964a8f785211c73d8da37e5ef38a5f1b6af1b1b9c82eb219d359484c05274

SHA512
b6ad067a503eb333e307b6e4675a3f06f2483098048d2d3337c0852b2010f03f68c74b5f754b5ff549503e8ac8c02c2aab2d2c3376030d4e63f35fbfaf261a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libegl.dll

Filesize
204KB

MD5
16f961a836b3472f0fe1dbf9e2915e63

SHA1
a1e75626e40df8d4567b8bb7ee039874192556de

SHA256
66a637ce2bf924c9cf3205a7903526e98be786a39cf9c6b1098c65f56084924e

SHA512
2aca978a265c34511754a824651139714adbb08577346f536e37e44df80b4852e8b0b63633abb416d9f5a1d177bc530189c9b6373814255abf54788ccba0f9df

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libglesv2.dll

Filesize
373KB

MD5
90f3be098d8ba680f14b3ad1a323d0bb

SHA1
5f3d1792ad73dad7368641cefba991ded8406b27

SHA256
a079fc6228b7080b50a95ce9adae1fc37a99cbb191c3a21cc1d80e435f384625

SHA512
dcdca2341129d59813530be7d757daf66424ad02ebbe25ed6ee86102192e51a884832d58997222ce9fabff258d51a84064865091effcbc76b99c94b1e3e156a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources.pak

Filesize
45KB

MD5
1a934d0a77c9e0d47b36ff7c25bfb6b1

SHA1
d6e5178932fb2c3f486d30e9517dad7c5041f379

SHA256
692c0bdbb62a30aa500a3976466f476c97ad602a93a669fc2128ae63aed3a08b

SHA512
4e81913b0be83986e428b61614ed2a56b730508bf07f64080430dfbb98bbe95dab88e3fab9ac58d5723338bad05b7ad5e2b04ef7abe6a6491b504ffd23bc8fd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar

Filesize
496KB

MD5
ef03c0ecc6bb52dddb94376e0ae085d4

SHA1
ff410fe239491373de28c672a2d77694f8e7b5d6

SHA256
94ffde8582e4602c7787b59b741702a78974b007312afbb418300e674118e063

SHA512
0c95bae0a5ff60409ac66290ea277a128796eaaea8f2bd203a71267ba8bc321b1288cffe22deada54592ea45c31315bc0cc716b35607069b17e1c17fecc9fd4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\images\background.png

Filesize
297B

MD5
32338b60ff8368fd431b32109eae89d2

SHA1
7a3a844f2e6371c8f3a08a142e2e792a6e77105a

SHA256
1d370406c3b0c6bfe109feb76229fd4a0fe1d4171ae2a77655a0fd3264558d2f

SHA512
be71b3dcc24cea203d59e08d8a4082dcf253eb02a971e67034f8cc0930f6af72830b1e35430cc861c08341082156585adcedcbfc788a83ec35fbd78107e20f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\license.txt

Filesize
1KB

MD5
32882ef2f1119c5bde3c797336ab270b

SHA1
7fb3aaa9e1ce05d6b40182154be977f482b9fe9c

SHA256
930fd6e387a7453ffa6829c95c973143279add6ab09ef086287d6169a7d5cddf

SHA512
7aef5fbfb6dd5ae21b7de47259dcef0f9f933869ae65ef97d8390539270c3e5a35ee3884dd0fcfcac97a5a6957e177886d5ac0a32982ef1d910848e6026e3d35

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\v8_context_snapshot.bin

Filesize
161KB

MD5
d88d23551a4d7230f98fe0cbd363695b

SHA1
8e28eb4153e00aa5345bdb539b925a777588a26b

SHA256
72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

SHA512
ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD3E4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
97KB

MD5
02c263ecdfe0342a3fd3d24a2cb6db97

SHA1
854007916be4789dbec2a08f2debae537a196097

SHA256
a2130e540a2bc6cd531acd91b21a848ad09d615188269e74092a7852034d8742

SHA512
6b00e22279e256332a2dc8ce213cf49493207faa63ce5e8bd7a9e76b148c72962db1a0a29648de42aa15a146bfe2374dfb038b83e5b120047ed2cffa8ad3b7fb

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
247KB

MD5
7990516996ffce698f072136ea6045c4

SHA1
d72fcaecf7a7de462047104dd09c3376807dc05c

SHA256
f5272dacc0214b4d2ee6e15bbc3e625ef15828d5301df9ae1b87e5efc2b86432

SHA512
c8177d3cf1476c3c111b0283f9f6c8f532387853ef21a8b00e3187acaf22c23f0700cb9e1b4aa36260adb9a638800ed4a860aaa20902bdab246832be0481c707

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.4MB

MD5
a2e2c9ea2778086740fc5ca81d6f151e

SHA1
690f26d4dfa7b32264f7582b3e78b9cd7ed0a334

SHA256
18bf0af692d0abacd444853885a8227f9b42840181d1886562a701dbcc00475c

SHA512
b6f614e78216922fadac8ff62442405f2155f46e382b1b08de3d4b82b15547a7f0e8c18eac64f17cc5842d272e7e9f5e85c6f05ca8c6be9bb6fa323dac0462b8

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2KB

MD5
aa8e1f5083dc9f8060bd363a651eb9e6

SHA1
c1cc07749021f104c0446cd8115b4865eee9e428

SHA256
813438789de5bf98131cae06b256f68ca40e0e2deb4029ec0a6ef3d37c5e5378

SHA512
b1c4794fdc64aaf8b1bfb8621e4c936ed70afb24871a7a9d15e4af60f35f2b9d4aeca430475ffc170c91d1c274b16ebb5d25f7e55872b4a5804dfbb6a3d54654

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.3MB

MD5
b99b1a32e45194627d8581dfb25fa223

SHA1
9dc89a4f54bfcab95253fc6331fe38849e4f1f4f

SHA256
459a4c9b0aa705aaaccf128f25e308fcf902f3e7e70b6f33bbf878028bc68add

SHA512
7f12d074e67bc157a3fecc71969a6a5572e7804aa716375426f2b323e6e1568d484c67940a1fbea0e9853291a7639cfffa93225632b2330bfe0cc5ee36bb2625

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\d3dcompiler_47.dll

Filesize
244KB

MD5
1e94b981fed28ce5b39222bce63399fa

SHA1
9b5a9e4de611bc6a169f9841f09241517c12ffef

SHA256
7c60bb242291da539029c6a1e53c987292cc9599c226865e75cdcd57a2d2b379

SHA512
2bbc464a0f0d34cf74e9fcf1a66f8859cdb4bac1893633f6063ddd313f261fdb47a5a594ed02ec41e25be74ae05d2dc30894533908433aba4a904a1790ca3efd

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\d3dcompiler_47.dll

Filesize
76KB

MD5
01fc4253612ff999e070262070d382cc

SHA1
cf07c1431a9ce7cf436df8038e7095212c66d9f5

SHA256
d06c2a668b7091ceb497ec7d841daa69828f321df551b0752904f7dce1c113fc

SHA512
1ee2e996dd42a9ab58a9e423922d85f9c6315ab5fb0f5d518c658080f3c00028d5b3c5457cea1b3ec72d093f8fc7e8e6ef362b286d203ba4b7d6be8df440329f

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
1.0MB

MD5
60e5826336ee05ff26482259c68d4125

SHA1
c69a698cfee08613e6392728dadf9f5fa5e1bac4

SHA256
91378618ba7871dad21797269c1769c30e090ef3a7b0b71431abe8ed85d9549f

SHA512
026943a6a40dc6e7d5a7728f706597e71408b8a9ed638289c92eb211a4851852f2c5d2695554b89dc54c1139ec788b81e864e874ba969be6d9e8cb6dc495a034

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
48KB

MD5
6fece219c184303c1cb180debbb07015

SHA1
ff4924ab00badcc51b69021762d6c0d316f68ada

SHA256
5b38ce69575a0b476fd1127b2175b4f5bf63535047de914f1ed4319eba13f2c8

SHA512
5e80ed6300cde76e5949ab4b41345ab058531e8434edec722b7d5919175b3132bd1aedc210f7872cebf325c3dc737b9cce5d05979c62b259b56d391f48d39cbd

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
63KB

MD5
c88bc0bdece5b3cfc5fe17918b16e8ac

SHA1
f6145eb3a1f1b0bbe3bdbe2a944b5ad579dd773a

SHA256
98a6c0041f2398fc935b8abfeadafa7e8ecb8ed51ed502620353c71f04e07bd1

SHA512
07469af37c89dec1b702a426ce4ca114a39d645d363fc8ef28f2d9d6edc7b68b1a1fe1d28bdfdcb0cfc1e58a9f7d9835d6b83d6dc9705292f9d27743a54aff03

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
420KB

MD5
5502cd00790700a7fe7319142c4d5f4f

SHA1
da8f1aa47421e1410095a3c978bf42686935ddfc

SHA256
778723371070c4bece66d54757be60f47f6125058e77b6c737824654c0aa521f

SHA512
bd8d17bc82eb928fd9ba2bca6b4981550e9797753f4ae3ebb678d285035d4fee494187052383fff54fae012564dafce81016ff18ecaf08f2e6481a2fcf0e2e51

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
1KB

MD5
3f16f30013ffe188ec2b13dd1a51026a

SHA1
01d9bb22c4606ac8b445139512e6652f3c4e2a11

SHA256
7f1129056fd1a09a6a76febe08b6b450aadcc9a867dac0c29f5652f28bb0660f

SHA512
91463cb45e830721fe9ca04c025277831d2956d3b66b17711fa319ccd662fba49069d9b7751a931558a888783bf2531f7fbbb6ca7fb45c1ec10ab5bd18255d8e

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libEGL.dll

Filesize
140KB

MD5
f78560302b96740baf583c373a41f272

SHA1
ef7831895ecfa80fdad54a7a94d53e782477210e

SHA256
34489c6b7b3b63d602591ef9bd466bcf87ba0300c214cc4c418a784ba5308308

SHA512
594ef3d3ddf889e5c0445a57f0c789bf82a0f4db5364118646ed76d29b1692da6d265d3a0106e54cad7a757e24ed6d39ee473bd5891ab0fdc59eec2c62b0563a

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libGLESv2.dll

Filesize
111KB

MD5
c7196a7578afc4b2128c439e79a7f7f3

SHA1
781f61411d0f323ce8566c15c2c95710a0aa30b4

SHA256
40538ddd63353ed8be4559ea0ce6a0f1b24851c1f21e1ab4906e0ddc0f3f03bd

SHA512
3c1368d3bff13b0fe8fab6d0d3f6324fa5bbd5731d108e0a692e19468af4f57b777430d9f7346aab5ebc06f3ba4f53441a4b30716752d37d2b1612273dff4f70

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\swiftshader\libEGL.dll

Filesize
1KB

MD5
2a1f8bdd1abf5c95b8c8ba630b7f067a

SHA1
37f55f7c5317b2f0685c5c73d1a6b19e49151c91

SHA256
c846f9892d35c80e6beddc27db74b560bae39c7d80f822d6c674837c0d4f565c

SHA512
51a212a5ae634b329304a74196418ddeef20d368a0215697861b09ae93a8dcd51a21e8a21eb527c949512a23e95850f959322ae550e7fecbc9278cfc01ee0c7a

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\swiftshader\libGLESv2.dll

Filesize
92KB

MD5
f46243c961851a65514933a81d614a5b

SHA1
850eceb88ad18efcca38d405e44f8207a8966cd3

SHA256
f774923d12a7469b63b01d16292e875761538d9df9618d1bf956044b9566356e

SHA512
93ab613d73af998cf851167f22dc4a76db1b531abd6a1f587d61fbf34f2a8348afc931cae48b0b1b7bc7d0f71899867e9317947f38103f2fb98d68762e001e51

Download Submit
\Users\Admin\AppData\Local\Temp\nsi5F21.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
\Users\Admin\AppData\Local\Temp\nsi5F21.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsi5F21.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
memory/2468-114-0x0000000007790000-0x0000000007791000-memory.dmp

Filesize
4KB

Download
memory/2848-152-0x0000000007840000-0x0000000007841000-memory.dmp

Filesize
4KB

Download