249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Analysis

max time kernel
137s
max time network
151s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BetterDiscord-Windows.exe
Size

75.1MB
MD5

43327119366e52928b9aed0c1e734389
SHA1

3777d8387fba8528b6e433a8e763df5dcd542a48
SHA256

249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697
SHA512

bda75994e6dcf5bc9e5b45d025894d62d0138a9d39c47255cd3b6b6e32f60de973da54bf85de57e8f0ca8a253bf414697c4b06e887d45dded90485ce6832e7f4
SSDEEP

1572864:DMKQ/QO4cQ0dPUnqZUPsziv5IANK+4ZYPDHdH/I1z/dHazC:DzXr50lUnqEneWlWYj21zaC

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe

Executes dropped EXE 4 IoCs

pid	Process
2996	BetterDiscord.exe
1916	BetterDiscord.exe
2384	BetterDiscord.exe
2212	BetterDiscord.exe

Loads dropped DLL 11 IoCs

pid	Process
2352	BetterDiscord-Windows.exe
2352	BetterDiscord-Windows.exe
2352	BetterDiscord-Windows.exe
2352	BetterDiscord-Windows.exe
2996	BetterDiscord.exe
2996	BetterDiscord.exe
2996	BetterDiscord.exe
2996	BetterDiscord.exe
2384	BetterDiscord.exe
2212	BetterDiscord.exe
1916	BetterDiscord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b0b000000010000001600000047006c006f00620061006c005300690067006e0000005300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 190000000100000010000000a823b4a20180beb460cab955c24d7e210f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	BetterDiscord.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	BetterDiscord.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2384	BetterDiscord.exe
2212	BetterDiscord.exe
2996	BetterDiscord.exe
2996	BetterDiscord.exe

Suspicious use of WriteProcessMemory 54 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2996	2352	BetterDiscord-Windows.exe	28
PID 2352 wrote to memory of 2996	2352	BetterDiscord-Windows.exe	28
PID 2352 wrote to memory of 2996	2352	BetterDiscord-Windows.exe	28
PID 2352 wrote to memory of 2996	2352	BetterDiscord-Windows.exe	28
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 1916	2996	BetterDiscord.exe	29
PID 2996 wrote to memory of 2212	2996	BetterDiscord.exe	30
PID 2996 wrote to memory of 2212	2996	BetterDiscord.exe	30
PID 2996 wrote to memory of 2212	2996	BetterDiscord.exe	30
PID 2996 wrote to memory of 2212	2996	BetterDiscord.exe	30
PID 2996 wrote to memory of 2384	2996	BetterDiscord.exe	31
PID 2996 wrote to memory of 2384	2996	BetterDiscord.exe	31
PID 2996 wrote to memory of 2384	2996	BetterDiscord.exe	31
PID 2996 wrote to memory of 2384	2996	BetterDiscord.exe	31

C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
  C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2996
- - C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
    "C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1068,18188274600504625750,12235267422917045694,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1012 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1916
- - C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
    "C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1068,18188274600504625750,12235267422917045694,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1248 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2212
- - C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
    "C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=renderer --field-trial-handle=1068,18188274600504625750,12235267422917045694,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1408 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
4.3MB

MD5
22f5a86aca11e321bbffb3d27cc7b864

SHA1
1dbfabb7b72e9f33d484b0e2554750810f6016b9

SHA256
5d1959d6590605a09fea071d26b025dda49d34c5ee693ae1ba8c81869baffc21

SHA512
d67969346afd9c7e1bda5572fe81c268f62c40d74e70dfabef2058a1a46a46d279d1abf014103170ff2e1e282ee967614ab9e06b5bb2f760a41696f01fc79535

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
3.9MB

MD5
39c858aea210d2c9f39154503daae6f2

SHA1
58bc94565756b1c5d728632538be51ec0eef53a3

SHA256
1e7d348318ab341e57aec64f6b7367734e61cc15c532a5cf2a2e4b5c1362fa06

SHA512
58ebaf9acfa3c9fc30286bd5e4094502f6987f9235c9346d8e188e714a741c9c910d1ae777295c4182886eee0ee4e6bc6884aa3883938b4e7d36e811e1d4d063

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.4MB

MD5
63e040573aa9afbf3e78f0bb61f8794b

SHA1
799771ced68f62be32f51e3fd1b6752e8c2d2912

SHA256
2295a1f48bb19b0d52684380d04b6dbd771218f2be13df098444398c2a76bf07

SHA512
81569ced0eea91989986c384abf4a46f2f791f79db74467d92a9afb8feefed868c8d5d2b5576631682ef3591182c5f0ec022e6018c150337959eac0c9e73b241

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.3MB

MD5
1f685a63e502232e2806ca6915253f57

SHA1
7e3c6f2ad3b20f6cdd2bf79999c10d4f64f8549d

SHA256
12bb93fc8a15c19527a053b474905217a499310a17d33209489cb4fa3468474c

SHA512
53fc9c030a0489093b16b6d472e9eeca61b6bcae26f6b0127639f5dbfbe3fd128d006b1d65554fd26c3b0c8706b44fe9e12323c0e75f6594cec0c38f20a09fdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.3MB

MD5
fe72c550afb068c0161b73e88e65fc64

SHA1
8c869c523efdeba5c9d123a048067fee86ca3332

SHA256
1624e77d84a6769785b7c7a0115037f22b9e428fe43caee76573415fe48ba302

SHA512
a7baa4457f540472a1a6c3e3d3ef2014d557c2bd4ca47d467e981219df80da00c78727222b3f1d84fbec856c31a9b50066c789218692abb8cc877e54db259491

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.5MB

MD5
d2cc6fc3a7b6c5bcca5fae428fe799e0

SHA1
89cba6e9195cf95a7aa993d7aaadb331392b3bda

SHA256
0d4ebdd32f016c6eb203aef4c70ad2f93fa68e5b9e92087a862b21f8133c7319

SHA512
34f7e6c49ff2a230abc7c5aeeebc5ec628f07170c4638b3bfc5897a645fa5f167c54230373a39021548e0aceba50c35ef730e4ecb454bb4d882df2d699c86736

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\icudtl.dat

Filesize
4.9MB

MD5
18ad39bfd8b3585c0cd5b85c40cd1290

SHA1
e6bb9cda63b8f50f9aebcf6c2a0d9ee61ee225ea

SHA256
fcaeb2890a2dccbc86b576601a59ba09f1213b7d443a1b587d983a6f3bf099a1

SHA512
4e30b89e403fac739255b7cb8b4b58e63308c79cae08ab7628a3cc4ab83414162f68118730aa50cab5eccb0beefc27f1ab522bb336ce122948caec89fc79dc9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources.pak

Filesize
3.3MB

MD5
c24cbb261db43f916bdaaad0a3d7b64b

SHA1
52192b50f5f090138053536117d91ef273046dce

SHA256
8a4b9d562fc1d544fce50063377d18af497d139553b57699e0b850e9f1615183

SHA512
f4e497acfa28478046d435f403e8b017a3cf4ac116a62b20ae37146e5d24d25610d19a763886fd4c4c38ef7521f632dbc79d37479f87efc7beb3b51d26b792ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar

Filesize
1.1MB

MD5
f64750a616dcdafc38fa3fdaa966fbc5

SHA1
358b77012f4a1a9c96f6370d4f7b96ab55e302fa

SHA256
eaddb78f5f24d73c75e3f016457e79f0c1685d5add4ec5647efdcb3e5841b7b5

SHA512
46221e0b9c11674847b9de39a23effa339ece2fb15ca6036e1bc4444f0dbe1ad6ded144ed2ae511525034210842614d295f001dab64b360c97fb9e2cf3f9e984

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\v8_context_snapshot.bin

Filesize
161KB

MD5
d88d23551a4d7230f98fe0cbd363695b

SHA1
8e28eb4153e00aa5345bdb539b925a777588a26b

SHA256
72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

SHA512
ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
3.6MB

MD5
ca21c1af7c9ea4833b8cece559c7f73c

SHA1
74c77a603d0be815bcc276869a360e9d310e0f49

SHA256
7f90e95bd03a6fd50b414d398a2f4b8836eadbee572ddafdf3225552b855ce59

SHA512
253102049a7d5262c1ae031ee1e80726b773e86dad59b58ac775965d44f993d98fdad64ffa3261634d6df08b1073e771db23ad57e347124434270560a1c2cf5d

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.4MB

MD5
a5b11aef5d96745c36fb43e9607f206b

SHA1
5758a3bf6a62a39831903f310b8051b3ceda6814

SHA256
2fbc7c62d7d80fddf56b5224f718dd775ce22a0c1088b5decafd3e7675765554

SHA512
8247371f7f302b363552e0cb945e20b9dd5dd4265eb4f7e1129db1bc554856130dfb14a96b54dd56c303d9d0ed291c31b62013fc33c01d6449c2e53d4c0a0171

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
2.1MB

MD5
b61c4dc45822e073692756586582db95

SHA1
a60f32b6ca45ec5e1dea808952a1cb5edba83fca

SHA256
4f184f1c399c471d27510d98a5678883271a9c2965d72656e0ba1282e2966a96

SHA512
9f47ae10ee37e6f52230018036289abf9ab26baad97f7ed41caa736d4ea232152a300d653ac9468cb3446a37f058f0000889547f4441a3e5be1999b49b5db515

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
6.9MB

MD5
3d5b221aa8c27927fa92631128983bce

SHA1
c0a8e38a3a000e198e7fdb25c0abaff07c4f7e3f

SHA256
3b7fc6fbd7221c87808df1f8b389333e6c7af2bdbc3e23e388e61ef9b25dcde2

SHA512
3933d08d1ae15563be90c72e221681c595cb7bebd3b5d3323fe77ad4d454858f0b0eba0dc91f92c39112bc0b139f9bc60ce1906711816bbe02642e44f1208e38

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.1MB

MD5
6b4683a9d644bdd25daf12ec06335379

SHA1
065ea6c14503ae9046884eaa28aeec949b61e3b9

SHA256
d7deb9b210d93dae6e0f2dea0d63f5665b72024cb6ff3e284fa3b9a0a9260460

SHA512
35b6c57a350972ad927357e18740778aea4e74d7f307def7a495086237460465355320b6bbf8aed27291807d1598798a8a555c26e4c0fff3e89911458341a060

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.0MB

MD5
429f202c8466b70fc6dc43c342baf17c

SHA1
17e63a9c65d0ce0b69f98ce84178e665bd6240ee

SHA256
06aefaa2fda21b7d20c0fdb9d131f2fbfe238808bd684857a96685b6516f828c

SHA512
d2042613229f1bb796b884775a83b83d652bdd36fe31d0899d896a0186df52ae46c87eb4f80925ab217b13dc410a51f277df12ffe975b53b87d451f4ff76a473

Download Submit
\Users\Admin\AppData\Local\Temp\nsyF5D.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
\Users\Admin\AppData\Local\Temp\nsyF5D.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsyF5D.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
memory/1916-114-0x00000000075A0000-0x00000000075A1000-memory.dmp

Filesize
4KB

Download
memory/2996-117-0x0000000009970000-0x0000000009971000-memory.dmp

Filesize
4KB

Download