249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Analysis

max time kernel
129s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20-02-2024 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BetterDiscord-Windows.exe
Size

75.1MB
MD5

43327119366e52928b9aed0c1e734389
SHA1

3777d8387fba8528b6e433a8e763df5dcd542a48
SHA256

249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697
SHA512

bda75994e6dcf5bc9e5b45d025894d62d0138a9d39c47255cd3b6b6e32f60de973da54bf85de57e8f0ca8a253bf414697c4b06e887d45dded90485ce6832e7f4
SSDEEP

1572864:DMKQ/QO4cQ0dPUnqZUPsziv5IANK+4ZYPDHdH/I1z/dHazC:DzXr50lUnqEneWlWYj21zaC

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BetterDiscord.exeBetterDiscord.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe

Executes dropped EXE 5 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid process

2956 BetterDiscord.exe
1780 BetterDiscord.exe
1756 BetterDiscord.exe
2348 BetterDiscord.exe
892 BetterDiscord.exe

pid	process
2956	BetterDiscord.exe
1780	BetterDiscord.exe
1756	BetterDiscord.exe
2348	BetterDiscord.exe
892	BetterDiscord.exe

Loads dropped DLL 19 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid	process
2508	BetterDiscord-Windows.exe
2508	BetterDiscord-Windows.exe
2508	BetterDiscord-Windows.exe
2508	BetterDiscord-Windows.exe
2956	BetterDiscord.exe
2956	BetterDiscord.exe
2956	BetterDiscord.exe
1780	BetterDiscord.exe
2956	BetterDiscord.exe
1756	BetterDiscord.exe
2348	BetterDiscord.exe
1780	BetterDiscord.exe
1780	BetterDiscord.exe
1780	BetterDiscord.exe
2956	BetterDiscord.exe
892	BetterDiscord.exe
892	BetterDiscord.exe
892	BetterDiscord.exe
892	BetterDiscord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exe

pid process

2348 BetterDiscord.exe
2956 BetterDiscord.exe
2956 BetterDiscord.exe

pid	process
2348	BetterDiscord.exe
2956	BetterDiscord.exe
2956	BetterDiscord.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exe

description	pid	process	target process
PID 2508 wrote to memory of 2956	2508	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2508 wrote to memory of 2956	2508	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2508 wrote to memory of 2956	2508	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2508 wrote to memory of 2956	2508	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1780	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1756	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1756	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1756	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 1756	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 2348	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 2348	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 2348	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 2348	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 892	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 892	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 892	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 892	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 892	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 892	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 892	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 892	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 892	2956	BetterDiscord.exe	BetterDiscord.exe
PID 2956 wrote to memory of 892	2956	BetterDiscord.exe	BetterDiscord.exe

C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2508

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2956

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1068,6241189950393935931,17699491091974110631,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1080 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1780

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=renderer --field-trial-handle=1068,6241189950393935931,17699491091974110631,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1400 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2348

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1068,6241189950393935931,17699491091974110631,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1272 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1756

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1068,6241189950393935931,17699491091974110631,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1080 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.6MB

MD5
48ce7959fbc7e04a43edb7b97888a825

SHA1
8b9f82a5f82c99e3a746a426b620883205791681

SHA256
e4f22895b991666b4fc950e075052024b6121a0aab5c06538ca5f0a03b65cf7c

SHA512
d92466bb13142c916bf153245907bd131f5a77c167fc0b1038a6ccc5c8ac5f75b75201beb6633a5aa50f4c6f88d3ba6eff42990d7098ec8b3bdd3c8a26da6c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.0MB

MD5
ffabde7cb79295474d2a9953a143dc55

SHA1
a6d7afaffb618621ba0d9350ee590cb63596074f

SHA256
6d6feef6b30a988230823bb38c7a36929658defc5c249a9ed7e881251b404e0e

SHA512
f96f7c4bc8c34ee52bff5492562950e38effa9703936976623905450dcb53ec4f55dec8a1f17867292adbe6ec8250aa0a86c35e2c4fa47d30aae48c9308e1d05

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.2MB

MD5
ebfe6111a30e75054a8bcc3fc676229c

SHA1
823455ac60024dc1262da3cd21e7c05b97b03585

SHA256
950339d71894c4f10628093f4d73ca95361d610730536e88680992be9132c016

SHA512
7e2b606627034358fd37cf47e928c321cb824fe05d54175b42617bce32dd6bd9ba01fcf3b8fe5c7ba3275ce3832c48d370dd65bb7043078b19778109ab341009

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
936KB

MD5
757f40dffba3c82cd9833b4b4beca9cc

SHA1
01f726b8f354397a8c8d00329c9e92c68e76d6c2

SHA256
5b0cc00df0a47d43466db6fe4cbd477448064a95816682d7b131a2d5605dfbad

SHA512
f964a98809e2f19a29531ad8df69d36001129cfe8c0943b78edf7b578864e1423f4e6650b789d3dd5791138359f061ddb01ef569079c6d012f4f748ff6b9e11d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
849KB

MD5
efa968846ffdb3459512e4f057cb94b1

SHA1
170b6c539bf6d3e288342bb2dc0d1eab92126af6

SHA256
30f3f71d348b9e36933a9641ad39cf091700865fe9d3dfe4ae0964d2ca7232c8

SHA512
1fb0efcb30d9cc85c812d6f675ffb43fdf8d82a3be215a6bdade0899a634db719b282708dc0d111ed67e042836959ac737509180c2a9f6b7fa68f06c84dfc01b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
188KB

MD5
457634dee1798108d2a86bdca8cdf0c9

SHA1
14e577c28aa57a6d3f8545fe7748b210203db2db

SHA256
d3c3fc477848ae5e0a5e723a653c0ee230f13ac93c5f5a82450cfb403dd99f09

SHA512
eae90217af10ef1b6bb37f1b3d3bd2a6b9fc2b41fe4fc5088eea29a3d2fcef0725d2d84d2e60387fd12d736f43c4fa08135fa0541ee3ada3926ed8705c202918

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\D3DCompiler_47.dll

Filesize
311KB

MD5
4791ce4c574f1c277b0f83403b314e02

SHA1
a9750f30e56f8a0fee63ed6bf8222ea76d8d3c17

SHA256
c855ed3c50ea18d750d856c7fd455c1f9477017841aeddca19eb03bb94d05894

SHA512
c22e55e7b3bc9ac0dbacfc3785fa1971b5e5302fcfefec3a1d2346deb811e4e390c276b0085bc1e2c1239a7f2fd77205d96c98fa74fa63b2a22b1cb382112a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_100_percent.pak

Filesize
107KB

MD5
9b62f55c1d8c7244cf13c3897d15644b

SHA1
afb6ae821252bf1009fb28a37fde7f0316816e67

SHA256
e0955cab13d93c0ee52960f43e75b3faa93fe5f3d145739f5dc040e67b27c74d

SHA512
46731aaf71c2138f26b656084a581c3815c6207e57ad91466b54c9b1def54e1e4954c20c31b54d8835660c39ca61cdfe597e220a12b6ec83c31e764ac8874f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_200_percent.pak

Filesize
96KB

MD5
e58fac42304a26dd48003556d8442677

SHA1
a3405c2c23eb547b846802fa0e62bb633d1b172a

SHA256
e72a2cbdd5d62a68cc175375fd279441086b655a355f8816afb7147dcd207bc6

SHA512
f5e503eb2060e9fb307c17bd838457ecd9fe4e18c03333fc19cabddaeab198aa25183d8004f8bf006b23bb8170bcefa1a318117a0709e1f513b7e90ffafa59df

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
1.6MB

MD5
53877e19afb21020a51a4ef4a2a13429

SHA1
eee8c57b3c57ecc748da4ca7a3ca5fbbfa93b3c1

SHA256
e5d1c868b4edda938358b465cf2a0c7aa6cb0292bf6b6929db8a95de027da8e3

SHA512
4f9fd074b3dd9da2685156ff7bc087d82405f1401fb3303a5d88638a54f8dd540f7dbbf0a581714ec4de978f3a6539a406390d5b40d9c94170248ef8251a7b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\icudtl.dat

Filesize
1.3MB

MD5
c1d00835a4098c81091b3c270de5f933

SHA1
3b9e0a4db2344dceb5fabd55d2e711fe5b6011d3

SHA256
67d7055a823fa42cbe11d1fc20a194cf27abfa62bd78b0ce91ec0ee407100eba

SHA512
edbb2ff75666dede1e5d63a652a161ff0a011bc57b81b6c686dec016da5fd85ce40cfb1071ad6499dd0df73b3e9e48bb3b78db4e3d71e1c24918429557573e89

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libegl.dll

Filesize
346KB

MD5
dccd99cb80c5022d4ed21c068d4e4ae5

SHA1
4fcdc6be313d0e3baa5168a7556df992e3364da4

SHA256
2166f8830bfbf3d574d7654bd927fe6e05fb74fb05d8e57af59c93090f6bc2a6

SHA512
02f18a691d85545a0452631b1c1e218aa5853d71937f7ae1d4f3639142399017139c1d9cb81f769754303635ce689605a7fd65765a3d8b4873603ced57925faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libglesv2.dll

Filesize
264KB

MD5
1978fdb080e963b4e2bc7db380684c41

SHA1
ac24df87daca9c5cc40f05ca61639b734c58f4eb

SHA256
f06dc6e6aa51dc3b409a7f8ea04484d288d125c6096dddf915a59637b4594d31

SHA512
74384da53d60eaaf593bb6ae441c681f6be947d040d535373eb15e0d1c387e28c31d1e4a894a3a4d18b2b7fc2df03be0bbdd536541a0965013a1acb7213cfc0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources.pak

Filesize
180KB

MD5
d5b379197985f10f86d7019808efc29b

SHA1
4f0f034a76aaa1277fffa0714b94cbe9d9718064

SHA256
201c2f887b487f1e3622d8701ffffb394ba9df89c722d504c52c5891da8c14fe

SHA512
2adb97b26fc7e26308d9d5d6d94af143e86e24722cadd9ac95ed530defbf62d69ba1bb3393d9727eb2608bcbba24717af95d17c1243b4c0fb03f50f141171744

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar

Filesize
215KB

MD5
d90e4abd5a418eadff45fbf519770c6d

SHA1
08ed43572ef6e62687f42f2093d29fd4da534b75

SHA256
3349ca99a29046087e1760b02007a2730b1332ba34b9aa3fd8e09d006da5c7b3

SHA512
082f9f6b113e740ead6b5089544662120668afd0c2f172a51f23784b723aab0c1f4d444ed6aa8084f373a0fa18de768aa7ad1158af0d1a0732a6c187e2495168

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\swiftshader\libegl.dll

Filesize
366KB

MD5
c51dc7e0ca92c9a45467a202aeceebf3

SHA1
5f35ec0c4e9b7663d7467a6c5f10062479519758

SHA256
0d4015adb1b1a4996378e06c9341b19d00e3cab8d18c002197ea9311feaf5d11

SHA512
8439f2a36f0a85dbfe12e786672278c6f6250be5029313efa285f851491357e134d6c9e03b339985eb255e80988e82d37540ffaef4f358c4428f6fc6aaec9ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\swiftshader\libglesv2.dll

Filesize
45KB

MD5
bfd328977ee0056e81971f25bbc13c28

SHA1
17a6e036b9bed63c5747265f32b221e5bac309d2

SHA256
60603a3d8e3b316836f4adf5d5eb3a08489b7e8cceb0a4dd309de80b1b50b372

SHA512
4d3c7b5fcf137c631fce5060cc579ca15617a13d154b76683f82afa37e9e76a1b8644d1aa9c88279b8cb96371c064068fc2d8bb5b49d60432c52f26e13955b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\v8_context_snapshot.bin

Filesize
161KB

MD5
d88d23551a4d7230f98fe0cbd363695b

SHA1
8e28eb4153e00aa5345bdb539b925a777588a26b

SHA256
72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

SHA512
ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.5MB

MD5
4f97849498a48c9b1cb102e775726f03

SHA1
a94135671706644fa99386f072a52688c734ccd0

SHA256
fdb96a5d5ff31f00f49c301c0c69dbe81a0c51615ea55ad30fcb101b6d8fd14f

SHA512
aa12efadf66af1c9f2fc9601dac82d10ec5c0f40aeca6feff2254298de710c127e2af20f4a5793f9f97704acf47f376617f7c16016b8d6e4f16f0a4fc652d7fb

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
583KB

MD5
0ac3dae112c135bd9e781ad20ee9ad6e

SHA1
b10f5e32ab9ebbf70d0f905b4d4cc0502f38acd6

SHA256
cb7f5a3ba9a9d00473359fbd6c313a0423c9ed3bce49de08741001b4f214d1ed

SHA512
ce3e07057403de989506e70ec99ef78b9a28930dd20c3a5c623420876195dbfb041cf3f87d9eab6c5735a320a68b9de68764513d8d5b7914697cf2b4f309a8d5

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
502KB

MD5
ce6c60f576685bfe5bb1a027ddef056f

SHA1
fcf4f31cd3bfdb134a8b4179fac370fb6107719a

SHA256
2192fd53e9531f600807b4745653f05634f0d7b648223d5386412e1e084ba1af

SHA512
09b0312edc5a46485b5c69589398bdc592a9baed1372b8faab5296d37157045ef550b9b86eb6951446782bf06a3a2f7253283260bf60650c97a2f6f882777344

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
503KB

MD5
d29369607a45c5eaaf3541385e8506d1

SHA1
0d80fc9955f6dc351b5f753861d06a4677706b51

SHA256
e5afa251b0bcb2ba53e70593e2e3b64e104d7f64d32cdeb19b0486e92b2be0db

SHA512
0725fe3ababfc74cd092fabf44a0725eee7d30386d8fefdc616826aa91f48fbd0686d0d53a9f44f82a5f50df2a261d69630418c5268b0290e2c5c3f70ffe7a04

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
3.1MB

MD5
4308bf718b2000639966dbe02b362436

SHA1
2ca51067ec7d987ed99d0dc002e33bc79336ad89

SHA256
3a73fda553cd93171467a062a053c34f759aa25400e859ee12e660795c88eca0

SHA512
a63fff6be8b9fe3dcb9e1db4d1610a6b42dfa01cc3bb506763fdfe4583d720c1ab24083950df3923d65e37f7c25eda2e19a4f5673244b279e1c4fa8e0ac115b2

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\d3dcompiler_47.dll

Filesize
355KB

MD5
9c7bc4b5c347adebea0fb41c35d14178

SHA1
622ad2ee867d5ffcc8556e7e4d17c673ba608fbb

SHA256
496793898cce9c920125a13188bcd5d3be1d029e6a72ae5407bf1b4327bd08cf

SHA512
694ff1f72bd2dd5d23706fafd8728447ea760db1f69717d72b0a1460c4d312659793ef27c8da434e422ecb6efb5a225808176b3520d17bdb6d52987068c6949d

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\d3dcompiler_47.dll

Filesize
228KB

MD5
8bb3dd1815e1e70000be7a33117fe187

SHA1
0040028d873ff62f22a2f5464414bfecb56b1336

SHA256
74efb4d913c12c05a38055e9d4d0baff700a61f81576755b0be3b1b3b074eb9e

SHA512
20a802d7c34eca66d6952e35db2e0435f4d484956340c4f04933911d85b923b5b6c80972dd49ec1778caa1d77b236fdee5bd623fbbd1fd7faad21ae6a0c133bb

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
1.5MB

MD5
f7dd492d8080c3b5201f51a0f9d571fa

SHA1
aa0f6530fa66365363ba99e1cd6afbe84b6eee86

SHA256
249657ee4f3e19e77429ba13af64fd2b6a55fc39758938a87c1b3e95df1614f1

SHA512
28c961825889a3518823ca7dbcf311f2e9fd088560d7467691d432e1b330eac3cac263c4f33a2741272a998ac99c6e5c60fdf9b3a7a9ecfe5a3ce9e6be849fea

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
855KB

MD5
a9ceb74db5bff2f11c013e6c08311911

SHA1
684ad102adf39ed0ad81891d8f0e1f91e4dd240c

SHA256
ffafcfd55dded80225732f8608941955d419accdafae45d8cb237cb9cf13fb97

SHA512
8749098a179c443e6a16033cbc9bda469611aead68ebb59aad1ae87d34504c0ea071e7885b8baa757e3440b1365f4d63424d203eb444d63e69f3c47dc0241fb5

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
998KB

MD5
c043c2e5cdadfe8a215eae745919c330

SHA1
4b4a6cdf6b84e677ac3a50b353b4a014b0476d72

SHA256
2d60fb41b3fec6f8d35c74bd8996edd960e0b33aaa39f7c893b86da37914c71b

SHA512
c47f58f19111e111ee9127c26552616e2f8f8928c01f6ff966f8390757380b8945f5529c172c294358e95f85e456a151b2d8c291eae8d44041a968e393210e3b

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
721KB

MD5
840ddea03f4cecb639f2e0330350308f

SHA1
8270ac7f26b81883cfef5295abf02e3bb4667840

SHA256
1f1e036028755e13f50a93a1bce16a44f63bc4c7c31399607e267f7fd421d0a5

SHA512
eb5f21372c7bf125208b6c38e23eb3f40e956714fca230534934f9c5517721ec72414e8c73fff7c7c6d3c93847630cf1ec417f0e3fa27660b5fc37c887cd906b

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
117KB

MD5
578bbe5da311249ca1de9b2f292a2fb8

SHA1
b488751985b255a1a264137e0d59e668baf539b1

SHA256
a20ff69d226e308e93c300133d564d3cef61efcf77328de7c9622d1df5455317

SHA512
f50fbf373c5b4d4a919f401547610f0bbf74190d662ebb382ac050d8bc3a67e3acce78c2e968f667b442089d520660b55dcf51eceb42601cb7bc4820de9a63f4

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libEGL.dll

Filesize
273KB

MD5
a0469ddd65c4554e79eba2ffdcbd9b32

SHA1
56df11d31f03ebe1889980a2208905ff65f31917

SHA256
6369ff69817d284108196c8e8ec8fa433053aa755c4723e2aa09a61a37898563

SHA512
9a6256228ece04094c3e6efb3586810a8f5353711a33e04d4765aed13573da01fe7956707f56ef1e8288c81eaed847fbf2f087f5964657ff116029fa1dbed5ff

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libGLESv2.dll

Filesize
375KB

MD5
461ba49027d3c1670cd99dcdb7953ebf

SHA1
febaa735f1bf0a0bb53779dda65d977d820b597a

SHA256
c4c08c777557ea2f96eb1fd21e8ce66c009cb8e8db6e46a5ea4c5a0847af6e42

SHA512
d808e1b7d13e67e167e35496c347234d038107b038697592e3fcfe0c88cbef07b9a8d5aa7e1a99b45e083fd9f7b034b6a31d333be3c67ca33f3a88c57138d2e1

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\swiftshader\libGLESv2.dll

Filesize
39KB

MD5
c617c29bfce57e731417f1a0e9b3f8b6

SHA1
5bd674c81b368f608ad71045e8c8e37bdfb19c5f

SHA256
dc06a5127467a4013589a9a9d493ac23f5aef1cfc7e86e870804fd36f1c6c79d

SHA512
a1d2405656a5ed757c25105059eddc15f037920b63379f594c7e2f3097c1b9dfefbd28343cf9d882c40c6dd5f507c576f1247f73166347d5de792330b2f9defe

Download Submit
\Users\Admin\AppData\Local\Temp\nsd695E.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
\Users\Admin\AppData\Local\Temp\nsd695E.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsd695E.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
memory/1780-114-0x0000000000C50000-0x0000000000C51000-memory.dmp

Filesize
4KB

Download
memory/2956-122-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download