249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Analysis

max time kernel
392s
max time network
1576s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
19-02-2024 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BetterDiscord-Windows.exe
Size

75.1MB
MD5

43327119366e52928b9aed0c1e734389
SHA1

3777d8387fba8528b6e433a8e763df5dcd542a48
SHA256

249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697
SHA512

bda75994e6dcf5bc9e5b45d025894d62d0138a9d39c47255cd3b6b6e32f60de973da54bf85de57e8f0ca8a253bf414697c4b06e887d45dded90485ce6832e7f4
SSDEEP

1572864:DMKQ/QO4cQ0dPUnqZUPsziv5IANK+4ZYPDHdH/I1z/dHazC:DzXr50lUnqEneWlWYj21zaC

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BetterDiscord.exeBetterDiscord.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3063448957-1373478339-3486599166-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe

Executes dropped EXE 5 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid process

392 BetterDiscord.exe
1156 BetterDiscord.exe
4452 BetterDiscord.exe
4580 BetterDiscord.exe
3540 BetterDiscord.exe

pid	process
392	BetterDiscord.exe
1156	BetterDiscord.exe
4452	BetterDiscord.exe
4580	BetterDiscord.exe
3540	BetterDiscord.exe

Loads dropped DLL 11 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid	process
4424	BetterDiscord-Windows.exe
4424	BetterDiscord-Windows.exe
4424	BetterDiscord-Windows.exe
392	BetterDiscord.exe
1156	BetterDiscord.exe
4452	BetterDiscord.exe
4580	BetterDiscord.exe
1156	BetterDiscord.exe
1156	BetterDiscord.exe
1156	BetterDiscord.exe
3540	BetterDiscord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 3 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

BetterDiscord.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BetterDiscord.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid	process
4452	BetterDiscord.exe
4452	BetterDiscord.exe
4580	BetterDiscord.exe
4580	BetterDiscord.exe
3540	BetterDiscord.exe
3540	BetterDiscord.exe
3540	BetterDiscord.exe
3540	BetterDiscord.exe

Suspicious use of WriteProcessMemory 53 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exe

description	pid	process	target process
PID 4424 wrote to memory of 392	4424	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 4424 wrote to memory of 392	4424	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 4424 wrote to memory of 392	4424	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 1156	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 4452	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 4452	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 4452	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 4580	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 4580	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 4580	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 3540	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 3540	392	BetterDiscord.exe	BetterDiscord.exe
PID 392 wrote to memory of 3540	392	BetterDiscord.exe	BetterDiscord.exe

C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4424

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:392

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1500,3649754226240521083,7856203797444607626,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1288 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1156

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,3649754226240521083,7856203797444607626,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4452

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=renderer --field-trial-handle=1500,3649754226240521083,7856203797444607626,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4580

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1500,3649754226240521083,7856203797444607626,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1772 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.0MB

MD5
4f600d036e7a4b23cd82281be06878d7

SHA1
201c68a68be1700d24fb863500f74b820dfe766f

SHA256
215b5b7271789d4706d62698f07eb05b83d3de2b6f1ef4309e5283e24d6ab353

SHA512
a03851fbbdb6f13e00dab90904a7cb532ba470abd74048559327bd69be6c4d9acf305323addb709cf2d430103a6cd5ee4290cf8ba90e167f9d6bde5e373c9be1

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.7MB

MD5
bd66cba1e867bffc8b883f7bb3ce1bf0

SHA1
583cc93dd1c27ffb3022a88ee09ad6aa603a5211

SHA256
1a4dd20fb18c9502da8417a04a2b0175bf2241d93277d5539a7a7bad8aba9808

SHA512
68baf7cd6dd4d7cd5d1b2df8011429539a0c46ab65c2d0c449a8a00c97261686a8a0c385ff26a1ab3a684171c2ff778f6f5d16565206f6d3a0ada448fd907608

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.0MB

MD5
bf54d68c537a5595b1beda4dfe42f493

SHA1
26509e0483ec7a7da368d64e939fb28654d762b3

SHA256
1a2bb4e5c60ba60915496e62769f2cde23153c794d57c004a07e1151c14a754e

SHA512
3fe43d530d9c6326f65c437fd8f633328757e3762ccb24766ab875274c74bc41bebe70867a4d65db81c8d8fd3317395c72005ab2f0a7478761135bc9f3f91590

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.8MB

MD5
1eb6e954738ccc4c779a051b7a0c4858

SHA1
ea52ea7bb35a3b1b357c2cbbfefad601850c58a5

SHA256
17b4ee6014a1f008f1e3773810eddac18f70b1cb5300d919c9cb7f2e4ac23caa

SHA512
191a488198073340ba8f9220b1b0fe805161d913a59afa2875839ce8ee01a14b81129e9c0740c360fd8c5642d951b0d72c656b08ddb8c0cd1aa783a78c3863ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.9MB

MD5
4b582aab8c25dc3157755eb36c858fbd

SHA1
a296c79c0d91c41049dffaf7099c11b0f1e6591a

SHA256
36209644e120007a04ce7766084e1b1c662d44d605cf10fea607f10c5c23d69a

SHA512
bd3e35369acb824797256ec44e1b7ea5913c07fd68b58ccecefaacb912b5e6d3fb94477437e0d1162d05463ee72b0de1233f57f641e7a32edeac94598470c953

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
112.3MB

MD5
673c5e8265f3f9c40e2fc8a4b56744e4

SHA1
5d0b271b850f0cd8e01229b1a72a2c1215bc7956

SHA256
43894debcd60fed8d64c1a724e60eb860a9d5453b3fc0529ecf9efdbc10a8128

SHA512
920c25220fe7d0b6b0079f9856d3931c3dcf93c8c6cf74f1ca1b3946a327093b24c03eb726b4344445b4d386847fc67e9dcf8550c20617a79df75b5d9c3e7483

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.6MB

MD5
6ed7ab454dc781fa271e504dd9d0d235

SHA1
d115a7df08707ff41f8b18431204b7de163b5a04

SHA256
929cb5e879d751d5f3a2c3acf8bb6731c37eebeded4f1bef78150954843e1830

SHA512
5b389811a792aecdc54656fd4e79f87d5f508857ac2cd3fd4fa26bcbb68f16fb57d1d31c13fcaf3b9a411bafa809f0ccc6fd3b49a45e7310cc504236d2b427b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\D3DCompiler_47.dll

Filesize
1.5MB

MD5
aeb419ea906fd2f2ff201dd5a0d4e70a

SHA1
184c463702e886cbde74c78863174b359260c5cf

SHA256
e3688b1d75bc225c8bb6e925caf973d063035e56ac9ddfb9a5823ea136f26268

SHA512
9fa4aa929bb90108b3be53fa9f26e2712b4b1ebfd4fa2ccf1b2aabb0c987c45f7a44fce18f2e2d07145154ab48f3b8c47332bc2db94a7c2fcee689a72dd5d519

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.3MB

MD5
3e5a303c89d4940a4f0e0e97a2e3fba2

SHA1
03f08c795669e4f17537883f27938a90bfdf8c34

SHA256
68f35204f66ee829d7528960584b7877b056fb7cf936fd46d00fe11db85fcc06

SHA512
6228f4a76d3452e01a0d45706247c5cc31689207f62eb66e31188f42a1eaeca18cbc77aa91e2a5fbda3493e1e442bc824b2d6086aaa8b7975bbbbb4e1081c633

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\icudtl.dat

Filesize
2.1MB

MD5
1c435aadd78b734ba0af8ec23ed04f9b

SHA1
8b0def8272f4a8922a5cf2efacac919900ad04f0

SHA256
c8eee2744574013a09c7b85e90fe590568a851878660cacab7e5154460ab24e4

SHA512
56894e42ff76fb731e0438e702edee336dddaa865063c750c72bc626d0adb1a55f1ab4386fb01da362b4c0cdb7913602ae10788593907569d7e2820b8caa493a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libglesv2.dll

Filesize
1.7MB

MD5
25581528f3057178988fc7a0e057af68

SHA1
e5e40cc357cb6d66287602dd35e7b06198a4c4a2

SHA256
825e1e0fa5ad128e08488572a01f1ccdc71c7fe0f5a14cdfde9c8ef0a43a6f07

SHA512
0856a35abb9509b8f331b792c67670f289dd1fd3c036efdb52208ac3790f0f23edab0993d9e6716765a3e32eaf39d39a36d840b49322182c842bc660ae550a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources.pak

Filesize
399KB

MD5
c5bbc7fad709febc2b9bf29c9fa447ac

SHA1
fe5e4c25f7e3e5c938e7c3e1493e3a0a55a3cd21

SHA256
903bc9e9925b2dcb9614887b2000d962a44f26b9936841521c9192d98c0c0864

SHA512
2dae13dd81e5d3e2744a3797c89176938ebd29f7c0903ec36a08e64949fd1b3970bd3584f47d34a4ac09f2244af3fa79bf8903b7b295686a4095b65b90368cab

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar

Filesize
826KB

MD5
4576437be4eb43f72b6cf59b9a7c2fb6

SHA1
f2397284135f1a17c4725786b05e6c90c9be912b

SHA256
9c65189f165e286267e809c571ee09f0663476f8ce66124aaec6c2fa495ce1c7

SHA512
eccbcfa904b2ed4d78d5c8c4b348ff509a00612b0b0598b9e3d2add7ebf5de8d35ae7fbd925612e7d4d3271bb193717ad05fe60e0b5e6ac458a9eef7e84b8dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\images\background.png

Filesize
297B

MD5
32338b60ff8368fd431b32109eae89d2

SHA1
7a3a844f2e6371c8f3a08a142e2e792a6e77105a

SHA256
1d370406c3b0c6bfe109feb76229fd4a0fe1d4171ae2a77655a0fd3264558d2f

SHA512
be71b3dcc24cea203d59e08d8a4082dcf253eb02a971e67034f8cc0930f6af72830b1e35430cc861c08341082156585adcedcbfc788a83ec35fbd78107e20f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\license.txt

Filesize
2KB

MD5
f31549cdc3abfa48981759862a07519e

SHA1
1168fdb04883a65057168eaccb75e153aa3fe438

SHA256
267c8e6f5387fa5d54290044d30a5da427be3597fa7815c32689a533eaee8886

SHA512
f084f518eafc6a58c377c3f80d8a186d9a1d55473afc931bb913adb1fa6fd0bbbc2ba09a30ea39283cd5327079278ae7babea6a74b93a7f2d7cb48bfbba95795

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\v8_context_snapshot.bin

Filesize
161KB

MD5
d88d23551a4d7230f98fe0cbd363695b

SHA1
8e28eb4153e00aa5345bdb539b925a777588a26b

SHA256
72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

SHA512
ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\Network Persistent State

Filesize
175B

MD5
2b7e4377653e6e07536efe7fc1bd78a7

SHA1
cdd9c03b91e368bc14c4ac0ff7204ee698fa285d

SHA256
bd367325bb3c469e1aa6dcff50b6296b9b8d5bf5bed538f01f36c29b0603511a

SHA512
5dae5ba1af5ae6e52a39092bc5b4ebb454906c919735ab5b7f7a4c84a487e26376f68aee9c86265142e03c0f163cc0623094fa4f2936bff17504c2059ba112dc

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\Network Persistent State~RFe58a7a5.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\d3dcompiler_47.dll

Filesize
1.3MB

MD5
a899d98bdd252e0329652c9a84bb16e6

SHA1
289ea5e572d5c32b676f952c5f1e6cb0df669c32

SHA256
b9ca91837444c79c84bb88b818a352f122e13c9eff8dc58c1ed9cf79f4b88ce0

SHA512
05d8f0e1b6dc77f6a1804f62c105c75c998bf4924b29186df6deb621f02ef5ad06c076439d0f929b4aa85cf43a8726ee981ca62b9f04afb448c78d18f96f6f45

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.2MB

MD5
2cd7babdb6949f5f18dabd32aaaeda6d

SHA1
739ed6bc5ad2e361f11e4a65b48d8416eaeb5bcc

SHA256
0997ed513f1e763d89707ba703c0bb0b3b97c2590bfbf2de2cbb94cd009a6d4d

SHA512
9cf3648366aab9408deccb96c40a35c1d1462c14e914f4f18a2c5c96daadfcd38a514755a2c17ac4bcb1b22dd2897532cee2bc8e95f849edd5032592b1464956

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
1.9MB

MD5
417494377c07cc34ef4deef3b1b3bf35

SHA1
7c1689e128ca9e4d2a3d24b76513dfeda5b2b0ac

SHA256
2ae2f9ec28a3f6a5af1ee621889eb0103438af3de11a903a4212d4171edeac35

SHA512
d8a2d17e04a373c93d9c89f4d4b656b03fddf3fe53ac7beda0597ba76c1ccd6a2aff20851350ad5e66234422a2d177a2104e8cc1e588f1969022b345c505bc60

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
1.5MB

MD5
e4088188b6b674bdc5712c9bd420c5f7

SHA1
fe9339086ccb727afad8630ce765fd1a0589385c

SHA256
4403bf0e12bb351fe97fb456691f443e42812154a36c264a30d41246b901f2f1

SHA512
c52d1f6f2278436fb5b65acf1f9140bf46da66cc2b7afdd8cf2548e7e3224de6c405428f96ed4e52a8ea9bbea8168af0d2141a03e8fe895ecdef13805b736332

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.3MB

MD5
b5131b4a6309fdcf0701b9bd500e1903

SHA1
215a748072cce0787ccbaf9e0b06fa7775a2e3a5

SHA256
04336b659c130eeae4417e48aff21d0524ede42bdcccf7d23450a89bd771c570

SHA512
a8e74708d53a3903784841b614a8e9b9f794e3f9850404b99315e1838de91074e26cd96a22fd54932211a85af519f645f22a2deb1830255f69f674c77f73c21d

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.5MB

MD5
d2cc6fc3a7b6c5bcca5fae428fe799e0

SHA1
89cba6e9195cf95a7aa993d7aaadb331392b3bda

SHA256
0d4ebdd32f016c6eb203aef4c70ad2f93fa68e5b9e92087a862b21f8133c7319

SHA512
34f7e6c49ff2a230abc7c5aeeebc5ec628f07170c4638b3bfc5897a645fa5f167c54230373a39021548e0aceba50c35ef730e4ecb454bb4d882df2d699c86736

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libEGL.dll

Filesize
346KB

MD5
dccd99cb80c5022d4ed21c068d4e4ae5

SHA1
4fcdc6be313d0e3baa5168a7556df992e3364da4

SHA256
2166f8830bfbf3d574d7654bd927fe6e05fb74fb05d8e57af59c93090f6bc2a6

SHA512
02f18a691d85545a0452631b1c1e218aa5853d71937f7ae1d4f3639142399017139c1d9cb81f769754303635ce689605a7fd65765a3d8b4873603ced57925faf

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libGLESv2.dll

Filesize
1.6MB

MD5
c4b4702e87577f24c248c434b45912e5

SHA1
079f0e611811d139d861ccd652ff63d18151798b

SHA256
6cf0c99253a7e4a5f8cec8a00001fe31974ff8aa5c1dea6c42b569b60ad25a77

SHA512
b154e9317d3f28e7cf9a8eb919e8de9af297ac5b934aae123dc5ac9f530dd0e52af99e210ce95cf9c06bd79c9b2cbc3185e99e351216168222e5ccf21b9aa414

Download Submit
\Users\Admin\AppData\Local\Temp\nsp854E.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
\Users\Admin\AppData\Local\Temp\nsp854E.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsp854E.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit