249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Analysis

max time kernel
69s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 15:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BetterDiscord-Windows.exe
Size

75.1MB
MD5

43327119366e52928b9aed0c1e734389
SHA1

3777d8387fba8528b6e433a8e763df5dcd542a48
SHA256

249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697
SHA512

bda75994e6dcf5bc9e5b45d025894d62d0138a9d39c47255cd3b6b6e32f60de973da54bf85de57e8f0ca8a253bf414697c4b06e887d45dded90485ce6832e7f4
SSDEEP

1572864:DMKQ/QO4cQ0dPUnqZUPsziv5IANK+4ZYPDHdH/I1z/dHazC:DzXr50lUnqEneWlWYj21zaC

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

125 discord.com
128 discord.com
129 discord.com
131 discord.com

flow	ioc
125	discord.com
128	discord.com
129	discord.com
131	discord.com

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BetterDiscord.exeBetterDiscord.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe

Executes dropped EXE 4 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid process

2500 BetterDiscord.exe
4380 BetterDiscord.exe
4648 BetterDiscord.exe
4324 BetterDiscord.exe

Loads dropped DLL 10 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid	process
4548	BetterDiscord-Windows.exe
4548	BetterDiscord-Windows.exe
4548	BetterDiscord-Windows.exe
2500	BetterDiscord.exe
4380	BetterDiscord.exe
4380	BetterDiscord.exe
4380	BetterDiscord.exe
4324	BetterDiscord.exe
4648	BetterDiscord.exe
4380	BetterDiscord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 37 IoCs

Processes:

BetterDiscord.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 50003100000000008f57565b10004c6f63616c003c0009000400efbe8f576a594c589a7e2e0000008fe1010000000100000000000000000000000000000014fd6f004c006f00630061006c00000014000000	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 820074001c004346534616003100000000008f576a59120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe8f576a594c589a7e2e0000007ce1010000000100000000000000000000000000000025096d004100700070004400610074006100000042000000	BetterDiscord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	BetterDiscord.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	BetterDiscord.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	BetterDiscord.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	BetterDiscord.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	BetterDiscord.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	BetterDiscord.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exereg.exereg.exereg.exe

pid process

3740 reg.exe
6076 reg.exe
5320 reg.exe
5488 reg.exe
5084 reg.exe

pid	process
3740	reg.exe
6076	reg.exe
5320	reg.exe
5488	reg.exe
5084	reg.exe

Modifies system certificate store 2 TTPs 3 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

BetterDiscord.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BetterDiscord.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier firefox.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exe

pid process

4648 BetterDiscord.exe
4648 BetterDiscord.exe
4324 BetterDiscord.exe
4324 BetterDiscord.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 636 firefox.exe
Token: SeDebugPrivilege 636 firefox.exe
Suspicious use of FindShellTrayWindow 9 IoCs

Processes:

firefox.exeBetterDiscord.exe

pid process

636 firefox.exe
636 firefox.exe
636 firefox.exe
636 firefox.exe
636 firefox.exe
636 firefox.exe
2500 BetterDiscord.exe
636 firefox.exe
636 firefox.exe
Suspicious use of SendNotifyMessage 7 IoCs

Processes:

firefox.exe

pid process

636 firefox.exe
636 firefox.exe
636 firefox.exe
636 firefox.exe
636 firefox.exe
636 firefox.exe
636 firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier	firefox.exe

pid	process
4648	BetterDiscord.exe
4648	BetterDiscord.exe
4324	BetterDiscord.exe
4324	BetterDiscord.exe

description	pid	process
Token: SeDebugPrivilege	636	firefox.exe
Token: SeDebugPrivilege	636	firefox.exe

pid	process
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
2500	BetterDiscord.exe
636	firefox.exe
636	firefox.exe

pid	process
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

BetterDiscord.exefirefox.exe

pid	process
2500	BetterDiscord.exe
2500	BetterDiscord.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
2500	BetterDiscord.exe
2500	BetterDiscord.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exefirefox.exefirefox.exe

description	pid	process	target process
PID 4548 wrote to memory of 2500	4548	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 4548 wrote to memory of 2500	4548	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 4548 wrote to memory of 2500	4548	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4380	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4648	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4648	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4648	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4324	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4324	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2500 wrote to memory of 4324	2500	BetterDiscord.exe	BetterDiscord.exe
PID 2100 wrote to memory of 636	2100	firefox.exe	firefox.exe
PID 2100 wrote to memory of 636	2100	firefox.exe	firefox.exe
PID 2100 wrote to memory of 636	2100	firefox.exe	firefox.exe
PID 2100 wrote to memory of 636	2100	firefox.exe	firefox.exe
PID 2100 wrote to memory of 636	2100	firefox.exe	firefox.exe
PID 2100 wrote to memory of 636	2100	firefox.exe	firefox.exe
PID 2100 wrote to memory of 636	2100	firefox.exe	firefox.exe
PID 2100 wrote to memory of 636	2100	firefox.exe	firefox.exe
PID 2100 wrote to memory of 636	2100	firefox.exe	firefox.exe
PID 2100 wrote to memory of 636	2100	firefox.exe	firefox.exe
PID 2100 wrote to memory of 636	2100	firefox.exe	firefox.exe
PID 636 wrote to memory of 3800	636	firefox.exe	firefox.exe
PID 636 wrote to memory of 3800	636	firefox.exe	firefox.exe
PID 636 wrote to memory of 1724	636	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4548

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2500

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1308,3804727865449875981,13728728274237351244,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1608 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4380

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=renderer --field-trial-handle=1308,3804727865449875981,13728728274237351244,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4324

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1308,3804727865449875981,13728728274237351244,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4648

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1308,3804727865449875981,13728728274237351244,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5360 /prefetch:2
3⤵
PID:5532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.0.1411617995\946426128" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1604 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db83c929-b3a2-41ce-b95e-662963966bfc} 636 "\\.\pipe\gecko-crash-server-pipe.636" 1960 23dff3dab58 gpu
3⤵
PID:3800

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.1.724922377\460291616" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65a34ce0-2ae6-4948-9274-73fcba87c748} 636 "\\.\pipe\gecko-crash-server-pipe.636" 2360 23dff2fcc58 socket
3⤵
PID:1724

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.2.1879325801\1266982232" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2880 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {829a659c-6a2d-4d01-9a57-6293fee7f0be} 636 "\\.\pipe\gecko-crash-server-pipe.636" 2964 23dff363658 tab
3⤵
PID:3116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.3.969355192\1391929863" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {843e16fa-a8a7-4743-911f-e2f0cb265413} 636 "\\.\pipe\gecko-crash-server-pipe.636" 3576 23d882c4258 tab
3⤵
PID:1196

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.4.1326227504\1428606789" -childID 3 -isForBrowser -prefsHandle 4600 -prefMapHandle 4596 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dd23caf-aae1-40ac-85fb-5408643463db} 636 "\\.\pipe\gecko-crash-server-pipe.636" 4612 23d898f2058 tab
3⤵
PID:400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.6.1703891074\609153278" -childID 5 -isForBrowser -prefsHandle 5304 -prefMapHandle 5308 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82e91e7b-5b68-48ee-960b-e51cadc13ac1} 636 "\\.\pipe\gecko-crash-server-pipe.636" 5296 23d8a117c58 tab
3⤵
PID:5448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.7.785822201\32648989" -childID 6 -isForBrowser -prefsHandle 5492 -prefMapHandle 5496 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8a0d15a-e71f-43bf-8afb-d15ed63e89b6} 636 "\\.\pipe\gecko-crash-server-pipe.636" 5484 23d8a3d9258 tab
3⤵
PID:5456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.5.1872931883\1968278054" -childID 4 -isForBrowser -prefsHandle 5160 -prefMapHandle 5152 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d65dd01c-caf6-406a-b603-da6610b8eaa3} 636 "\\.\pipe\gecko-crash-server-pipe.636" 5168 23d898f1758 tab
3⤵
PID:5440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.8.1068059446\79780404" -childID 7 -isForBrowser -prefsHandle 5928 -prefMapHandle 5924 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dbeea82-a6de-4908-ad5b-831ae78d424d} 636 "\\.\pipe\gecko-crash-server-pipe.636" 5936 23d8c378f58 tab
3⤵
PID:5964

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.9.314977838\215991987" -childID 8 -isForBrowser -prefsHandle 5744 -prefMapHandle 5528 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7bf0107-7c8c-4153-a7ac-359bc366b34e} 636 "\\.\pipe\gecko-crash-server-pipe.636" 5296 23d87141358 tab
3⤵
PID:5312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.10.532072802\844614629" -childID 9 -isForBrowser -prefsHandle 4592 -prefMapHandle 3028 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa3face7-3231-4ff1-8174-465fa4ecc7bb} 636 "\\.\pipe\gecko-crash-server-pipe.636" 2820 23d89cefc58 tab
3⤵
PID:5332

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="636.11.880175952\563292536" -childID 10 -isForBrowser -prefsHandle 5608 -prefMapHandle 5472 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bac36b20-0d12-4857-8e57-5ee15bdea34b} 636 "\\.\pipe\gecko-crash-server-pipe.636" 5620 23d8cd14d58 tab
3⤵
PID:5804

C:\Users\Admin\Downloads\DiscordSetup.exe
"C:\Users\Admin\Downloads\DiscordSetup.exe"
3⤵
PID:5308

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
4⤵
PID:4708

C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe" --squirrel-install 1.0.9032
5⤵
PID:432

C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9032 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.26 --initial-client-data=0x568,0x56c,0x570,0x55c,0x574,0x8d95d78,0x8d95d88,0x8d95d94
6⤵
PID:5660

C:\Users\Admin\AppData\Local\Discord\Update.exe
C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
6⤵
PID:5948

C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 --field-trial-handle=2216,i,3173969200055006056,11181925417353863282,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
6⤵
PID:5564

C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2040 --field-trial-handle=2216,i,3173969200055006056,11181925417353863282,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
6⤵
PID:1376

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
6⤵
- Modifies registry key
PID:3740

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe\" --url -- \"%1\"" /f
6⤵
- Modifies registry key
PID:6076

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe\",-1" /f
6⤵
- Modifies registry key
PID:5320

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
6⤵
- Modifies registry key
PID:5488

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
6⤵
- Modifies registry key
PID:5084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\Update.exe

Filesize
65KB

MD5
569e1b6fd0dbc0c6c82c9fb1f9e18856

SHA1
e14dbaf3d25098949baf246b5a111f0e47f2ecf4

SHA256
8fb7a6b8d61b948736b23d646467d4826a05c43fce245539a16ffc1da5e44714

SHA512
6aba5e7dfba4767e7e526265b83855848d745f77936a371cd5ad49f98513ea0f2514385f3e2f73629db988915b839f44fd5f870197ef902e45d07621c2dad56f

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe

Filesize
1.8MB

MD5
d7bbe7e09fc47e3c8a31890ce2bbfcab

SHA1
1dc40bd81e6392c0037bf66efef17b1f9ec58400

SHA256
2a88296972730b4dc212925b58ba2a94de13ffe93c4ff1d33b11e9c7ad98bdc3

SHA512
dffb323fa2b7913d0e521e115a4133dbeca2d16a78fb56959391fc45c5cb399dd797787bca8aa286cb050cb26da7f66a12780d742b5507becb683816b35f13ed

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe

Filesize
609KB

MD5
21461c7d6fff5d9cbf2152e2a14998df

SHA1
c3d2c88ee5b5d2097feb1f073db96b570cdf0a1b

SHA256
34f426004b5d0cbf1853b31f36a8f29a26d8aaf3af42b666e3c0bcba125b5b73

SHA512
e72554ee1e765a9befd1e0da0bea1ba6ffc3e03ce1b75252d5895ab95d86caf89141ac3f82b42606e61cafaad3f10654f2fca341d22d3ed562bfb70563123b8a

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe

Filesize
775KB

MD5
fbe0fcd314361f89ba5d32c8e7515439

SHA1
28f0e75cd7525e25f5fbb1ef475868854b8223e6

SHA256
8eb15404e9051a6ea45ff8916ccf970139fdfac3df99f855431a946c448e4806

SHA512
0208a217a59833b104694a2dc5e6f7e4197cf239184ee405e2d893110c0331c7d0d582b52fe7e4127b553262b44621beae6fb5960bc193ef53496a3fade85996

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe

Filesize
128KB

MD5
a4d4dd342f21bfb5b4672bf054582919

SHA1
7d92adc5c730dab0679ced616f37e872f59bd765

SHA256
daf905662616f68d216168dd6744d812cec19a1d9265fcbbcd98eff1723be52a

SHA512
24a55a54b26bd190a16f7506747db369afd22f9db7265547835ecc51e0baf0d11d47699b6e9b7a72a026f760c821919c9e9d5b81a5e90d08fc14181ca58db1a0

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe

Filesize
992KB

MD5
172dd7cdfac141bd8afb3f17c90eb152

SHA1
baef0440b9b3cada00c0c0b67a8a88bfbb53ed16

SHA256
4e4e336a6cab529595a31a738bbda96c3a87d52edbd12f7811d1109e9d014f51

SHA512
0dfb12ce72e52537ecc81076d6ce82a0bd0d77827d8264546fcb18005f0e1aff80ab965cc0fac8352b8ecf755a2bb8e483ab3c2db95d2aabf843e530bc9df47b

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe

Filesize
648KB

MD5
93626cb9838962c0b38370aa4a0d1707

SHA1
9a5036d4f290ebffe60fca13268d66d856f9730c

SHA256
c3cbc7b7d78ea9ccbcbe911f478f1785544a1fad749a88951b2222587642aab5

SHA512
29c0cf7bd22a10031b462df3a3e6ff4cb40a62b940e7628a8053b04f14f7af05c38f7c2ac1b0dcb0fff4c12f8fee2aa345f89225f98df21200dfb662633ea155

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\app.ico

Filesize
57KB

MD5
631705984d5453f6c4135745173e3fe3

SHA1
ee955061d52c2c3231aa1e7787794386be29fb1d

SHA256
1def50028b478e9807aab13163d98c404e2002353ec3ffe674653a1b5001f06b

SHA512
6a14f5abaf02e05189f727ef257049062f1813fa505f00e1153f07d39ad2d3cffd5a3eca8d27ed84bb15283e1639ffc002ca7545e4f893dc03ef22492c2995e2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\ffmpeg.dll

Filesize
1.0MB

MD5
8ccc71c6c3a23c826d98cd4d65cad5c2

SHA1
4c6cd2d37c7841c88ad8d80373731fb93694aaa1

SHA256
d273a2c32ebb325cffd9fd20926f79f74fa4a0ca09252335aeafbb35fb2c971b

SHA512
33ee53ef193cbc064902368ee79a541c604c6a587e4c65ad1891713ef1005f27ffc8b13e3958529705d95b957ab760684acab5530888ee31556bd2fc24e94f40

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\ffmpeg.dll

Filesize
525KB

MD5
e8ff69313c8cf67c53d2312458b329e5

SHA1
d3d190a0c690bc824d03c3429d7bf072b3e48065

SHA256
5d27ec09df271b764ef34ef942683a5cbc28a65b0d50b1b908417f066587d423

SHA512
04b469ff4cb2d22fcb663d7016c8b95a008609b615b4340bfb061eab9e6f843855664ecf5dfe129a5693f87bc693a7f52ea8b7c100291b9c26d2a91a18d2266c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\ffmpeg.dll

Filesize
88KB

MD5
0c423dd5efb8a9e0fd14b06616bce574

SHA1
ccf59d3f3a69d21c12056ea9d898fcce523d8c06

SHA256
a7933bc25b2e33782c25fbf2b5c6fbe76d85b8c9bdb34c55766645b8bc33daf9

SHA512
e159bcd0b1c710aa6faae062e3731475a9e785e69d46f35bf1bc938a9b94e820cee731e6e8103457dc382ef7e472ceb00b290b30e2ca7afa8def824c2064e123

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\ffmpeg.dll

Filesize
935KB

MD5
e431887454dc8d12095c248e6b2899a4

SHA1
a2a92e504531897dbc69aabdf378e87cb261ba39

SHA256
797a826892fda61dda5eab24881879816943e038f59def708160e673941c08da

SHA512
bb1af4bd68244cd37f8cc9141d4fee6d051927cc638b71a94f423ea1c7d43e54f2a67e7a2e81c808ba2f019f3c318c8dcf9808afe2f3956d6c3458a0f6fdd7ee

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\ffmpeg.dll

Filesize
661KB

MD5
93883085be793442143facb0816e23b4

SHA1
28ce11b746676e765cc4691fa7fb4b23a03ebe8f

SHA256
1cc2fb01cf48a01b0635a00389c1199a14b83aef4b8b2b344c277bacece30566

SHA512
fb32b8959a9c4e385a73253f98004aa9592065dec61be13562071d5b2733c6b80c46eb25c82870a586937e3d7dd29a71134b9c92dd5977276d08dd61891007c2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\icudtl.dat

Filesize
498KB

MD5
ef8ed4528f8397a05aa92a26b101b2bb

SHA1
5f65b7396b4f961caea06a3e4b09687a5cbf52b7

SHA256
33cc5bbe21157b4b35f1066db93d96140b1e867a685fc5748a62ea5d2de293fc

SHA512
480b21ba6583bb478dafd4a411556b1ff3ad28b3f2bd844932f736360f66c0862c61bbb5f318edd620e420960aa0c899396cfa267279f249574a2f82686a1875

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\resources.pak

Filesize
2KB

MD5
ff32084612d8f78f33a7ba7a9dbb5e31

SHA1
1c46eeb6c4b5c37875d4cfe219f24db67d9bcb6f

SHA256
2f5d6e583c95ad2721fb8aa9950e88a5fc874c01d45be4f7e96fe3f904768263

SHA512
cbb32c5294490087d593e4ea5b00a89af7960f12a9c120fcb2bef104bee27be133fbf47fc4a8f6de90c881ef7ef497df13b0391c178ef282cd0663cf16d89f44

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\resources\app.asar

Filesize
426KB

MD5
7195fba6c1e960f7123bd9c7299a1e01

SHA1
bd9ed18d2c521d67b5a5441de688d88108416756

SHA256
61f7525983cdea7b51c812fd9621982740f42cf59f5cb1780df72a922743835c

SHA512
242a9bbe865159c10b7dd9757067456ee729787c0390b44c9f797a2d8fd979e3051df51e80fdfd8b101a0c49767d1d91ca05569240026526ce69abc1ca242d7f

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\resources\build_info.json

Filesize
83B

MD5
154fa0d6729df74a2f342517a229ee17

SHA1
b1374448243a4dccaa368746b71d13baa0fe83ca

SHA256
4dc5d5ea381964db913c5fc2c5e2bf4d35bdc591f6008e72bea2fb80504d98f5

SHA512
d1205aab830d68f63ccf26ee7f7136acc37b53e073b28ef48e649fd7e92c9df41eada31327c7bb0b006c74a03c44f81113ff1f6eb75184e39944cde8ec987cdb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\v8_context_snapshot.bin

Filesize
569KB

MD5
7f30b25bac37822d8942b5eaf308c353

SHA1
6e76a2500f11e52911572dc09b325ec9c11f93f7

SHA256
6e623b9ff6e67509a5bf4a8b33ad9d26f6d658118b33d6d1784886f8980c0d1d

SHA512
971f6b4071a73b550628690785e4f8517bc9df519a433c4c9343295fde59c763fca478553d01eeb0e262e657e37825cfa1a3046a93348146b9d58532bf104f15

Download Submit
C:\Users\Admin\AppData\Local\Discord\packages\Discord-1.0.9032-full.nupkg

Filesize
1.1MB

MD5
f60c8ad4e062d5bd4487bf2e637deff8

SHA1
cc3bdd5fa0e4cbc08791418ec4fb1b01a71a84d1

SHA256
fc9f918b9ffa0978b0008e9aa2529bb8a466e73de143a079ca2211367c909684

SHA512
2a4594d864ec0af3b6eabda879a7a8686f0a3bab176822fddf2fc5b73cb44efa4759caa92819f1ebb226639a55204cfe7465964b4f4da20d1876323f696cf7fd

Download Submit
C:\Users\Admin\AppData\Local\Discord\update.exe

Filesize
275KB

MD5
6b7a74fad1d96a74cfc1fbe3c7a05659

SHA1
4f2a944e657b4eb83518c455a4e7386cc9e6a41b

SHA256
c2e2684dd3e1c3a35bedb014de8782a19f88e3b51cdb7961d34b7522f500eef5

SHA512
fa4625474f700621b30ab945285d9134884226db21309257e1b1bc91b9e26ee138cf8520e586517e5b147cca8813fc9b97e278ff03ecdc1281eb0fb8a9a59b3c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g5azq69j.default-release\cache2\doomed\13212

Filesize
21KB

MD5
8016811c3dcdf0d95d6c653fef38ab92

SHA1
bbaee5166ff681791586aa6f709273d3734e617f

SHA256
e5f6528c171dbc8de9beb7cc082b3f9c435d6fcf854b1a67ce06ea0e7c400845

SHA512
ffb42e16d5b1f0bbccf396e8ce636c6c369c6bea196bdce176e3665db43fa5cbb4e9583622649856d841688640766682e45d71525fe48967476c8e477c0b7a4c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g5azq69j.default-release\cache2\doomed\1956

Filesize
10KB

MD5
6fb42dc0f17e989aadb2b66219527f13

SHA1
42cb647795beccb6d6c921cc6b121a0c4f41f67f

SHA256
49614230ba7325583ecfa613a25f9a40c43484e357e1054a9b680477e5594e28

SHA512
f749c9c43acceebe76a4b8211694d2f09fea5051813376cb659c68f139ebf0c0b07550eab5331b6e6be3ab4b89b0fbcd54b951aba4901d698c8f192efe1b0611

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g5azq69j.default-release\cache2\doomed\9341

Filesize
15KB

MD5
d9c3bce519ffa2c5ff542a97163fc576

SHA1
3174482aef55fcc802665d351fc6a15fee087178

SHA256
558aac03a4c17a885ccb2c6b0b748f16e178f65d5979d504d7bd39c48c71f9d9

SHA512
4da6e1811ae2c7943d7e7615fe79305b76fc11cf86fb0cc4c35fc153fe8e9a19bc8eec20cb530e8eaae173cf42f1dbc941775b8b8d04fe847722b4a13157fab8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g5azq69j.default-release\jumpListCache\RxvKwiEim6RLcDBoDNZloA==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9032-full.nupkg

Filesize
1.9MB

MD5
0e7607aa8c560e9439b0d7604e78388c

SHA1
3f3a771f424f4d3df78c0867f2eee6d12f8b88d5

SHA256
828aa38c8f92591c2aaae3be860ade35fb59b1b1d9c4d23adedd9d90c101c7e6

SHA512
c350600a22974b349ff72ebfa47c868844a591abf7f9b82c80c30965af0968f3ffc229bfa75525b334f5b4e6ebc9a46822073e53d3e30f964c414cb50e66eb38

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
ae5c63df2f52fa8ef3530af1135449b5

SHA1
269077ed0169fba60e5b9fd2c0c697b67b94afe1

SHA256
236cf449a70a058f0c7a10cff001bd9d5984417c2dad8b2f92a7a391f0519c20

SHA512
2b037bbf8a7060bdc69fac1903453d41dab05deeb70f57906c2b51f933fdac7aa7a010a15a8fd5923dd0d234dd748d537380d1d22eb6cab571a6b958ac37bd44

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
28f41e3c6b07465128bde253d66164d0

SHA1
e4f1e108d30da01be709882e378a4b42c1b21e19

SHA256
85da3ea63342c060f421988ea402e40091035fdaa5e85e93a62789a4740b314d

SHA512
1c0633ced4076005967a01712450e73c18618ef983bf37ffa804ae10c822fded1ae55260e02c2175ced130cfb7825bc5af35072156295a832f8cc53bb7e4d43c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
4.4MB

MD5
13d5feb3eaf4cfbfadfb9fa63467c3bd

SHA1
2514918ef6a401c8463aeb4c3fcc04b72936c77b

SHA256
9727a5c9318d989ca46b3da04273ae422541ce10cb98f645e145f75acb47f112

SHA512
d947bfbe626cd80d3e1d8f684e7c4d66392723343156a441bd8f4163d0f908c57f2a59827eff473949af48171501d8100b5097b43747216024fc94b6c879e8d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
4.2MB

MD5
d5b5f0212ddc8c4694b317bcab300473

SHA1
c7b46b5d85f5922ba078ad1e2c5ad5ea10ac3681

SHA256
f9a9281d09197a9419e62c9b9cdff21618c4f9bccd0f49681fd4daea93d4f1a5

SHA512
636c44683e37a5ef8549dfc629ac5543de1bd291d5192a2e5ccc1ebb1eccb3825683f4d9beff13c2696b8a767059dff3c6ae701a727993e45e8c57ba16e6ff84

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.1MB

MD5
e776ef5a782b5e44f5d93080742076f3

SHA1
5f0a011d1df00452a614aec9f0b9a9f0a929a3b7

SHA256
f51cdc318077e7237814e22eb5f1cd1c65c1adee2262ce7fb4e060f21989931b

SHA512
650b5b6d174e32639bdcb478c91862ea02274de018dde66d5c8e6c99d5e14f906d1f3e16e1a8f7d1c9332ebf45cf0bf7a7f926bd625b442725578a8ba4fd5b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.9MB

MD5
5230cd304b7620d79d54c9d9f2d0e188

SHA1
356a0a480358230d1efdeac4bff4a3debbd0cc52

SHA256
a75b1036906a8d7aa844fa9a5b407572f03db7f90a2744ef8a72230bf734be0e

SHA512
c180feeec21e7fa1be0d35807bdae9edeac237d989890851a3af00c0c5f1b5fc86beb7d8f329cb59959be086cb0aa1165150ddac83c7aebbbdd5c808139f6dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
3.0MB

MD5
f3b443dabca6b246ae1705ffc5093b78

SHA1
9b53539f9c13ce4b4810a1d2af7ec577eeec782f

SHA256
7a683216278540d7b5b306d93f2952f913d2386688be5ddcf9cd3b575110bc5d

SHA512
af007f5888f02246f525718553abf0c635538a681fb7bbf9b015f09d2502bdfec9b6f4b70e4855cfdc700fa7f7359e076b55c1a5d100f8b462b3ca48e9827cf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\D3DCompiler_47.dll

Filesize
2.1MB

MD5
73f697a146350a4641a73bd084092044

SHA1
0c6c92254facd7ec32f30ee81c659822a8997a0b

SHA256
2310719b626c612bad7b617df29dd500ea6c00148aea7d3b9534992e585d9a73

SHA512
3ce511caf1ba94b0871161dab8aa30db4471eca26371dcc4d09249bbedf4e179757a90c35c815fd4f512b388fc62644221a8c986e6482e9883e7b4487a612f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\d3dcompiler_47.dll

Filesize
2.4MB

MD5
3104d63949668256fe5969ebf2816c93

SHA1
fa74e8d1670c94680ade522b017394d83da58031

SHA256
be48d6ff2562d51b7c93868ce130352cede79faf53aaca94eafd98457fa06992

SHA512
4be33813ed0b69bb9a5a2f8d950cb4248b645925861e8ebc1313e3312ad9635949f32b3abbbc4dc50118e97c9176e5747b08c091fa30d0ca253d80329ecb7aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
1.9MB

MD5
cb3fdb69c950e76fb3e0ecb762121f43

SHA1
59aabff2ac2dc2dabd17e2603b6a23c79f10513e

SHA256
c73d4ef15cc531dcef39d21c7c5f50c014a5aada5d2d6dfac057f936ca946e19

SHA512
f54824d763d8a77679f793f833bda808016ddb66cbce9d1dcf4c14a4ebca4d4b497faf352e4f9a54af5e271b0fe9a88eb6c8e91aec675889550fe81dfac4748d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
1.8MB

MD5
f496edc5047c35ebf8ed7b4dbf2766a0

SHA1
c7c612418abae86a4054f0c91f241f28c33b88c3

SHA256
25454f1e311c0996d7aff6a81034fa12909536cddb107c0b56e75c311398f927

SHA512
e917fa1021c18deaa4c12847d2eb4272494e3fc2aa5e9d7f2a3de1f785776e4d335c8791e32daf146bf702f731e8d0e0cd0630a2e6c1191415b075225edc54c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.5MB

MD5
d2cc6fc3a7b6c5bcca5fae428fe799e0

SHA1
89cba6e9195cf95a7aa993d7aaadb331392b3bda

SHA256
0d4ebdd32f016c6eb203aef4c70ad2f93fa68e5b9e92087a862b21f8133c7319

SHA512
34f7e6c49ff2a230abc7c5aeeebc5ec628f07170c4638b3bfc5897a645fa5f167c54230373a39021548e0aceba50c35ef730e4ecb454bb4d882df2d699c86736

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\icudtl.dat

Filesize
5.1MB

MD5
e7a57ec4da78c80a8cc95c21d9238e5a

SHA1
86a04c57ad54edf1a662935fe4854f4a7f6fc07e

SHA256
988f025682e14bf51dc7973330044f180116ac05d4341683806b9f4e3c1413cc

SHA512
19bccd01ef19f49d6da5380b741f4362b8d8a51f6466397ac7190859ebacf942049ed51ca3d2ac843eb79e387467546b297061714aa8dce05e99297c50d4e209

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libEGL.dll

Filesize
346KB

MD5
dccd99cb80c5022d4ed21c068d4e4ae5

SHA1
4fcdc6be313d0e3baa5168a7556df992e3364da4

SHA256
2166f8830bfbf3d574d7654bd927fe6e05fb74fb05d8e57af59c93090f6bc2a6

SHA512
02f18a691d85545a0452631b1c1e218aa5853d71937f7ae1d4f3639142399017139c1d9cb81f769754303635ce689605a7fd65765a3d8b4873603ced57925faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libGLESv2.dll

Filesize
2.2MB

MD5
5387c0d6ff392f3bb8929391f8526c17

SHA1
324397175f1a07caee255aa5fc8819dc3f8b945d

SHA256
8250086fcd7b8cb7c23d9e89702e9ef1313c58e09f95effb8303b17cfef58a7d

SHA512
4471c621113453e4f8b7e6c0d66644c41a2ea348eb85711bca8a5051352a851c155be56f1bc8cc699a79601630639726efeb201d5f7af0a0db903515cb58e78e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libglesv2.dll

Filesize
2.0MB

MD5
0eec127d5f603d04597db5874034d600

SHA1
726d62c93fe10662abb3ea1c380e46cd21d7e479

SHA256
369cd98f5fc790ef770f4e27cbe38ba36d7aaab10f6d96cd20920353314fbfe1

SHA512
2671768f9c0ce4ba119b1571246f632212abaf2fcb1ec2701ba5b2900f9d658da753be61310ba687590cfb302f78d7d4c23e21b46876b50134018fb101f8c24e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources.pak

Filesize
4.9MB

MD5
91f8a4b158df6967163ccbbe765e095a

SHA1
95db67f0a2352fd898f4a4cfdfc860f6a9c58c87

SHA256
a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182

SHA512
6450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar

Filesize
1.1MB

MD5
f64750a616dcdafc38fa3fdaa966fbc5

SHA1
358b77012f4a1a9c96f6370d4f7b96ab55e302fa

SHA256
eaddb78f5f24d73c75e3f016457e79f0c1685d5add4ec5647efdcb3e5841b7b5

SHA512
46221e0b9c11674847b9de39a23effa339ece2fb15ca6036e1bc4444f0dbe1ad6ded144ed2ae511525034210842614d295f001dab64b360c97fb9e2cf3f9e984

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\images\background.png

Filesize
297B

MD5
32338b60ff8368fd431b32109eae89d2

SHA1
7a3a844f2e6371c8f3a08a142e2e792a6e77105a

SHA256
1d370406c3b0c6bfe109feb76229fd4a0fe1d4171ae2a77655a0fd3264558d2f

SHA512
be71b3dcc24cea203d59e08d8a4082dcf253eb02a971e67034f8cc0930f6af72830b1e35430cc861c08341082156585adcedcbfc788a83ec35fbd78107e20f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\images\canary.png

Filesize
2KB

MD5
a2636a83d1e5d412d1459b3134f0a3e0

SHA1
ad04552d42a12e0aad79995bba521d163f1c6af3

SHA256
dfd3446ba31a55a11b45e0196b4eb2800e0271749c99102660d0df59f2ad9b85

SHA512
c51cf43252083bd2c5a31510f8a1e34bc08b3c142484d40f04d4979bfd334c9c34456f4908ae881e90de355551bccefecf88de187383dc0a0d8e9d146917bb80

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\images\ptb.png

Filesize
1KB

MD5
d17d46244937c3705cccfe590b5a3d0b

SHA1
318949d0fd6d1638c7e0bb170e59b8d2f3662e34

SHA256
b5b0f8076b0ac106fcc8f172b5e81516b69387f4119ca54715bd00739861fa27

SHA512
930eee25bddfe72835f5ebf6d5bec2e05e2e3a8740a588264efb8b7bb1dd7b46d3ff402206124b5a9878ce317bc64cb53d7fe0611e2a20902e9fc129760dd861

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\license.txt

Filesize
2KB

MD5
f31549cdc3abfa48981759862a07519e

SHA1
1168fdb04883a65057168eaccb75e153aa3fe438

SHA256
267c8e6f5387fa5d54290044d30a5da427be3597fa7815c32689a533eaee8886

SHA512
f084f518eafc6a58c377c3f80d8a186d9a1d55473afc931bb913adb1fa6fd0bbbc2ba09a30ea39283cd5327079278ae7babea6a74b93a7f2d7cb48bfbba95795

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\v8_context_snapshot.bin

Filesize
161KB

MD5
d88d23551a4d7230f98fe0cbd363695b

SHA1
8e28eb4153e00aa5345bdb539b925a777588a26b

SHA256
72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

SHA512
ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5005.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5005.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5005.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
247KB

MD5
1ff24196c3c3ccdb33e5ddf5fbfb7863

SHA1
bd014047a0ddb2d3555d4b1c9135d2044859deef

SHA256
0c422037baa6c92ca7bdcc098a630b46a998a8ebb19da564989d0bb4a67b3bac

SHA512
d43e0367654268c16567855941cb4303b459c7a7bbd4ca7fb7c53f1879e75f2feb5cdab93197611bcb9488144aea29fe4529dbdd9a3544e1045d87fe38d2ea44

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
358KB

MD5
6b3828e4d1a69ded50df392dc1300b91

SHA1
e2508c0caf8f0cdb7073df6f2673b35f1c66fc7c

SHA256
ea392aa588258a9877bacfbeb5a1547457ea905effc8c8be6ce8bd69f62e09cc

SHA512
fb9c78207652268ed7b133794ecf71b74cae352a9e2ea5a30276b68c90d16740185b33653d73adcc597d8d89fcc06569eee98f0c7316fe01d41ff6f11210df1d

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\Network Persistent State

Filesize
175B

MD5
2b7e4377653e6e07536efe7fc1bd78a7

SHA1
cdd9c03b91e368bc14c4ac0ff7204ee698fa285d

SHA256
bd367325bb3c469e1aa6dcff50b6296b9b8d5bf5bed538f01f36c29b0603511a

SHA512
5dae5ba1af5ae6e52a39092bc5b4ebb454906c919735ab5b7f7a4c84a487e26376f68aee9c86265142e03c0f163cc0623094fa4f2936bff17504c2059ba112dc

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\Network Persistent State~RFe587c40.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
28fc09ad5ea326a4fe976eee6ed92215

SHA1
2795571c31e51bec41a49026acc0003251d13238

SHA256
7966311caf040d9e29009b785ca13e4f1da0bfbfdd53ecf3968436e4996d053c

SHA512
23ec2fbc9276b1f34e6d485e6ab5871ca2185274a2709334b618be3ec5119f3417957af7950a283913a63ec604ce4923b8822b55b23a57b976c6f31abbbdced7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\pending_pings\61c7e4f3-5b67-4f17-aa00-0c6cc6c9598c

Filesize
746B

MD5
b46c9ef1a2457215995f583e4d3466bf

SHA1
36cb55e6bfef8fb013ecc99b331e5dc56b6774bf

SHA256
d7d8002388075e85a7885ece10b8f72499f2fdb3879f8507b6b680291e2bdbe0

SHA512
43926f51871682326ae59e64cbba062c20746dee6978aff3103204be47df259e96e72bcc4c82219a658151fd4283368ea4ed5ce9c05750cf211a3480ad90cbbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\pending_pings\9e422744-8cbb-47f1-bb9f-48b96e4a3534

Filesize
12KB

MD5
1ea3fe97904fe154f7e13e25c621f070

SHA1
e178d9876435540e4899d722fb966b7f01c03747

SHA256
53ac7a824c93670058f01879924dcc9a75712ffe2a4b357ec18b30f24f54b12a

SHA512
f04acf5886ca4277f494acb5f6dd1879fac77cd69739ec86bc51ab448ec01fa7280c7e35443dce483678b14df9b57456cb54e6f05e32e15000d8bc6db91622e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
163KB

MD5
64eff5e2b0f313639561cc603a72fe44

SHA1
1b846d09f713aee5d5e81de8d436a7ec6223fe49

SHA256
55bbaae674071588418f601239798dc14383ef255efc641fedaa540eeafa806d

SHA512
4a5d90ac68a943db698dcd7f9247067fd1c3a698e4dab083dee66e823a747e2483131e2eefe633285f113aff9b7772b1b07b704d3dbc7a19cd84931ee5dc44d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
503KB

MD5
0c85751210b41c26d01bec0a44c1eebc

SHA1
86f8e3eda461c8dc2a4e712f4dc52199576d3271

SHA256
70474094ac4a327cbbe1d6de6daed68b51da87a7a94cd2f1c8b097c408c93e8e

SHA512
b8212517cc8291a46f43ff55dec3bf59ae1c9f9849f7ddf7d37296f3ecb0a8cc3aef58bdbf5853e1b2eac54979bffb3684db0d82b6fe55e88504962bfc2ea755

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js

Filesize
7KB

MD5
d5253cc4fcb65bffcd3efb4d3e72a4fb

SHA1
f9a5a19e79e9a98a42ca336e0f9865642f638c78

SHA256
3d8ddb260c68d0e559dd70dd168bf767a9eddaac7dd58a0673345068c2824e30

SHA512
52b02fa60b1594cab3a49e747467f207021becf0d41acf6505bd9ca32c7afbe3138d5af62625143b117fab8e561984185ce4f6f44b4225b32498b61d9fc6e762

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js

Filesize
6KB

MD5
f6cd16b736e554640d45e1118eec40db

SHA1
59c33864f9e63c23e403d1359afd1c6eece3cca5

SHA256
6e71bc5d82e1dee09de3666549d0a1faad2330da95446db05c7bf11b3b68829f

SHA512
170f06200fc467082c30f2868c04fe3c673d0e8b2d3480bc612fff35b070524063d7a461012e26ee7b85e72e0379fc64e832745ef21cc7fef876bde5939219b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs.js

Filesize
6KB

MD5
896d807414131ea33e10ba64065de9c6

SHA1
705314a25f665415d5cfa7b83fa6374d108047d0

SHA256
a75ef27c675850a3d0102c01e9b9552ee8c55a4b0263d21fa1ba22460337b32c

SHA512
6d5bbffb226b872c8fe0b91e6573de89c45440586f62b835ed85e48d68c50e4118efe2f99467248520ac318eae45439c9cfb0afdc686abc22ff1084e2dd24c94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs.js

Filesize
6KB

MD5
fb7897c2a98b948d3409e450bfa65bfd

SHA1
7a64b7209a97b69f8a32b3f50f4a29e4d249eb99

SHA256
c5e3dba87945fa8c62eac86fea92a3f874392b5e3199d4d28539f5ed10d62cef

SHA512
2985a5644c600b4ffb1d297f0ea3c3a471f6acf25707ef3e23b2bda1fda0623a96b3118a8f80a9b45d57fc040a99bcd2746d64babef18283279f0d2444d2c1d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs.js

Filesize
6KB

MD5
054771c17cdecac43ddb2f43d99bfa8a

SHA1
96dc404219255ef42a0fc72eb1bfb185ddb8b111

SHA256
a965ac269064648c0764670d9d8a858b5923f265aedaa35c4fd9f2defc5a681a

SHA512
a6986ac2508c0d0330979e6ef96a36c0f542aa0907eac7dc0e0f531aa6617d5f05f83318ab38d275b0116770a18c3cfe94371f4fc701e9756b42afd1a0cdb2ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
00b1dcdf4e50bf09b79cd5f90aefd022

SHA1
53aeaabcba6820fee990007bc14d39cc9c6f874d

SHA256
5bd5fe2485c052f5b943c9d3d6007e8b7a2404b9085836264378ed9389b99601

SHA512
57a8b5560fb5d86cfe3dac3725b80b47bda729bb66b5d3689a14afdd4195a6ee63914fd78dc947ae806767f3afcd07cd06c9362a43c09e0b93cc580f89682c1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
171a265e7f886840cb7e722bdd08cbff

SHA1
832e3ed4e46ee678c53d3584f82f7fcd04d55a64

SHA256
d561cc70571468b9239391b0e67ccb6f36bca986bb4e1c5c70c4bebebc3917d0

SHA512
13daf6ae2b7a8cafe36cc103fbe048a966afe48b8939f6b6fa72fe1f6b5ad50ed4dcc733febb48e6970c16bf691e1893e38add455b597205d4c5b9bc1a63ab00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9ade667cd4d5c594876a78670606fc06

SHA1
c1df5de937fa87f9ccb6b440c01b1323149f5bfe

SHA256
b0ad26cb5449568c1af6d4073b5a1a3de739da216b8cc85dddcc049c050c6a1b

SHA512
47b3a31bd0a0c8e9c5545c2dd950f625910fd7d48ac359b10c06c3aaded7911a2c0d50413261f512ab1167ae9c2331cd8cc3d15cfec4c6756224806d9c8aaf4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
04d2d8e596cc3fd969417a896ef7285c

SHA1
e35ddc819526819839bb1f2dec411576051e7413

SHA256
eae913feb8f3e5d3b10f986e64542a4cbb6732c028826e580f6797af326453a0

SHA512
6071e7bc4adb25f6c80da5dce2d841f314922f63bb38e26364a6ba85cd620fe131a77b5b17ea73cb97584454634f9d74e5850eed45a3ae6dbd1480f9f0694462

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1ef7ba87efc43a51014169e3257b978f

SHA1
1fe3ae81cab6866424bed865e7210700f3de8711

SHA256
cb7c9fcba2bdc4880c9d9e91fb287bf3476bb72c321026ddd54de1ccb0d6470b

SHA512
4f984e9216efd32dc7fa4d850f610377e52f9c7b02c53905fb0233a531ecc8e0040ee97e8dffa39caf0322e2904d06d6632fa8bbc10758455ae51818eb81e266

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.exe

Filesize
6.8MB

MD5
0abb34427246c6cad658943adfad6d4e

SHA1
439d7d61d6653f2c4a92f17ee4966a7e0a4c26fb

SHA256
56b3cdf3b72d64f293017dd3d2036e507c14662818ef7224b631c61394fd07c6

SHA512
a1773b43cd9556fd2e8f11c1ac0f04282f6f3281d94ebc74af8e86472c7604b5f1ba62430d27394b943df6d5fefa5ec23a5492b545b8d011ac8a6b254e90984a

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.exe

Filesize
6.7MB

MD5
79a34bbeff3e6f1113d8812150a17d3d

SHA1
ba4873ad2bbcb12801afc1b462ec004aaad4dd67

SHA256
dc27d43bb105d8697174a510303868dcdc31f82d2cbef0592479b9444552ba25

SHA512
9ba2497f9b33028f580022a86fc125415e908a7630b5b681d47a43e0994b8aedabbbf19a89b6e9c754321b3f4e9e964fa5d14a923a3729c74933175e2b790ee1

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.pFAJ0mQh.exe.part

Filesize
28.3MB

MD5
2ae17fd15331691ff684e4bd21db0569

SHA1
a88ae10fcd16f781d2a2653cbf884f468c3f1f41

SHA256
f2fb00d99d8e5868044ce965dcae5a7d3857a3c525d42c49e428ca6073dfc8b3

SHA512
0b2f8ee1fb4c78d3db1e0df92f568179562850e02940b45fba792381770b17d17ef324cde19263f7ed7554890a87cc84e3de344cdaa51407f981bde000cc0650

Download Submit
memory/4708-1013-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download
memory/4708-904-0x00000000076F0000-0x00000000076F8000-memory.dmp

Filesize
32KB

Download
memory/4708-907-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download
memory/4708-705-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download
memory/4708-1012-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download
memory/4708-906-0x0000000007750000-0x000000000775E000-memory.dmp

Filesize
56KB

Download
memory/4708-905-0x0000000007770000-0x00000000077A8000-memory.dmp

Filesize
224KB

Download
memory/4708-703-0x00000000003B0000-0x0000000000526000-memory.dmp

Filesize
1.5MB

Download
memory/4708-1011-0x000000006E640000-0x000000006EDF0000-memory.dmp

Filesize
7.7MB

Download
memory/4708-704-0x000000006E640000-0x000000006EDF0000-memory.dmp

Filesize
7.7MB

Download
memory/5948-966-0x000000006E640000-0x000000006EDF0000-memory.dmp

Filesize
7.7MB

Download
memory/5948-922-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/5948-923-0x00000000051E0000-0x0000000005200000-memory.dmp

Filesize
128KB

Download
memory/5948-920-0x000000006E640000-0x000000006EDF0000-memory.dmp

Filesize
7.7MB

Download