249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Analysis

max time kernel
144s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BetterDiscord-Windows.exe
Size

75.1MB
MD5

43327119366e52928b9aed0c1e734389
SHA1

3777d8387fba8528b6e433a8e763df5dcd542a48
SHA256

249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697
SHA512

bda75994e6dcf5bc9e5b45d025894d62d0138a9d39c47255cd3b6b6e32f60de973da54bf85de57e8f0ca8a253bf414697c4b06e887d45dded90485ce6832e7f4
SSDEEP

1572864:DMKQ/QO4cQ0dPUnqZUPsziv5IANK+4ZYPDHdH/I1z/dHazC:DzXr50lUnqEneWlWYj21zaC

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe

Executes dropped EXE 5 IoCs

pid	Process
3424	BetterDiscord.exe
1176	BetterDiscord.exe
2348	BetterDiscord.exe
4508	BetterDiscord.exe
2736	BetterDiscord.exe

Loads dropped DLL 11 IoCs

pid	Process
4528	BetterDiscord-Windows.exe
4528	BetterDiscord-Windows.exe
4528	BetterDiscord-Windows.exe
3424	BetterDiscord.exe
2348	BetterDiscord.exe
1176	BetterDiscord.exe
1176	BetterDiscord.exe
1176	BetterDiscord.exe
1176	BetterDiscord.exe
4508	BetterDiscord.exe
2736	BetterDiscord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BetterDiscord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BetterDiscord.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2348	BetterDiscord.exe
2348	BetterDiscord.exe
4508	BetterDiscord.exe
4508	BetterDiscord.exe
2736	BetterDiscord.exe
2736	BetterDiscord.exe
2736	BetterDiscord.exe
2736	BetterDiscord.exe

Suspicious use of WriteProcessMemory 53 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 3424	4528	BetterDiscord-Windows.exe	93
PID 4528 wrote to memory of 3424	4528	BetterDiscord-Windows.exe	93
PID 4528 wrote to memory of 3424	4528	BetterDiscord-Windows.exe	93
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 1176	3424	BetterDiscord.exe	96
PID 3424 wrote to memory of 2348	3424	BetterDiscord.exe	97
PID 3424 wrote to memory of 2348	3424	BetterDiscord.exe	97
PID 3424 wrote to memory of 2348	3424	BetterDiscord.exe	97
PID 3424 wrote to memory of 4508	3424	BetterDiscord.exe	98
PID 3424 wrote to memory of 4508	3424	BetterDiscord.exe	98
PID 3424 wrote to memory of 4508	3424	BetterDiscord.exe	98
PID 3424 wrote to memory of 2736	3424	BetterDiscord.exe	110
PID 3424 wrote to memory of 2736	3424	BetterDiscord.exe	110
PID 3424 wrote to memory of 2736	3424	BetterDiscord.exe	110

C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
  C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of WriteProcessMemory
  PID:3424
- - C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
    "C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1608,1548130946832594134,17405852330026802171,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1616 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1176
- - C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
    "C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1608,1548130946832594134,17405852330026802171,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2348
- - C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
    "C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=renderer --field-trial-handle=1608,1548130946832594134,17405852330026802171,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2372 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4508
- - C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
    "C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1608,1548130946832594134,17405852330026802171,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3636 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
3.7MB

MD5
a89099242b5c78cc9952c936f3b7c38b

SHA1
d0ad42de7fe711165ec2c5bb034feac7eab1f14e

SHA256
6c5b6df0a4990ffccf57ae2012a8e5ef5a064676b6dcd3e817a1e67fc9855dce

SHA512
98a1404a218e985ec0d83bf050e9af86dc51f7a0e5a16cf5224c516806bccb18b84e2fe899c059c31fa1bd0e3947cb3571f6e3299c2cd86085010a11447999cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
3.8MB

MD5
eb47b60fa60c5223a25bc2bd656de23c

SHA1
cb4ef5a717593c98cf65989538bf526be62b274d

SHA256
a2d7036d4d5034adce23e294c3a866e263cb1a38a81ecedcde778023d62cf6dd

SHA512
f4764922b91680477639205f80fb2df96feecd7ca6888f006c6b200e40a2f1fed435d4209488e4cb5390417e6bf83503b9968f1dee81a9f0f3e3c893f20cc0e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.8MB

MD5
84aa301d8fd72d5f189c6d52456ab5c8

SHA1
07ecbb33e22bd805d8fa68210ffa42f423461160

SHA256
0cffe3ca7b0823d0d0de5060a886ab183f4c1b75ae8ce53f8494e82d95e4ebe7

SHA512
19e0f108f316d6988e33b751cd8c582abd4c501ee2d9bbce6b5b5ec0153bae9b833e2bcfd69ce83fbac90179e98438e76006324ae18a3977e593d91a2aadb325

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.4MB

MD5
61ab33082a3d3e4ac354bed704b57a25

SHA1
3a15419339091a96c8eb9543663aaf5b723a15c7

SHA256
bdce17c62882a446f610812e863d8acd2710871c62014e60964c308300ce675e

SHA512
c8033d81650f217fa1b37b370de12aac98fae7758aa835edaf186fae2ee3048943e7cbe2c688193167b0500cf9ce63faffafee9be0f564b2eaa7ced89af1392b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
1.7MB

MD5
831a9ed1ebc2f97be83e7064134bfc56

SHA1
a4d5ceba81a25284f7f98994761b37fb969f2928

SHA256
14e44a42f65a3bacd8ce8e7e17362b0ca8b6a7bd829138535ee2be26ca509e47

SHA512
63aac1a3b7e70ce11958cd4c2bc936ddb875cf2f13abb252718fcbdf0764f0acaabd80642f16c25f160ec1f9beb7bba5543dde896dbc45397a8ef301ec70707f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe

Filesize
16.0MB

MD5
7b5669d58f6050891db172ef5361075e

SHA1
deeae620bcca7e1e2b7165aca41ac61877dab275

SHA256
65786ba2a62871ab0b441db5200f2f26470496c1fc14d9b38a382c4ae8161b08

SHA512
12e698e6f1390c6cb8e975fbba653e96ca44a1ba9359bab65725a64884aec1f8b041db06869d76a8045e3c8ef6b3cda121adfd45b16d1b641914870937c80de0

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\D3DCompiler_47.dll

Filesize
1.8MB

MD5
83afbd269259282ef24fb9623749aca9

SHA1
ae78cdb2d1b56952888e7dfa70668301232ef921

SHA256
186302a465f0d2a5f747110698c536d3c15b981205ef2e77b3df2ac59ce35105

SHA512
043062630f369edfda735479348bf4e6234c2d8e03274242ba9323ef9230b4a325619ca91590d3e378bfa13c47be138f3801b7143c6d0f4e2fafd0e90aea7814

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\d3dcompiler_47.dll

Filesize
1.7MB

MD5
bd064a9b163cbe9dc974126a724947c2

SHA1
1b8a1feda1996f2ab7e6737cca3f6ebce80886e4

SHA256
43c355d16435c958a233d83eb5955046530b4e7c7931f41c9ced1020db2c2b0f

SHA512
cc62b86765ad1c19f00ab103b90fa326897c26ae96d5efbcb2bcf8c7494d2db3fce08efe4672b3595581dda400beecc6f8328b78ce04d3a1298639b18897712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
1.6MB

MD5
68ab465eed084f8fe63c8e6df8d2c7df

SHA1
f44dfaf6056b7dd5cd2aaa02443fc1de52885682

SHA256
002f5c31636eb3e161d6d94c8403be555877b17c894dafe43bf0a3416f8edeea

SHA512
430874ec693364ac6b74ff7ea22a32860e0dcd845e4437767f312ca24ed265b75204ee169b89be8a7e64a06ae57283e0a723b732eb11d51ea9ea3a919cee88cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
416KB

MD5
038835a0c004fd922e6c99c1dd63dd59

SHA1
53e3d2303b69097700420d7a3c2727aa28102d80

SHA256
7fab5d49c339c58b4328d6ddda7e7fd893ea7756916042184e2429a96932fc1d

SHA512
675232fdd480c9f222d407f2eecfc33896f66d93bf63b4eaf45aee61f1e86c2ad6512be7605cb15e6f386cd562a193755bebb8f5bfdd5f1b800f7d28724fff4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.5MB

MD5
d2cc6fc3a7b6c5bcca5fae428fe799e0

SHA1
89cba6e9195cf95a7aa993d7aaadb331392b3bda

SHA256
0d4ebdd32f016c6eb203aef4c70ad2f93fa68e5b9e92087a862b21f8133c7319

SHA512
34f7e6c49ff2a230abc7c5aeeebc5ec628f07170c4638b3bfc5897a645fa5f167c54230373a39021548e0aceba50c35ef730e4ecb454bb4d882df2d699c86736

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\icudtl.dat

Filesize
6.5MB

MD5
97bc16d1bab90933bb9770cec5179ec2

SHA1
0a11efef8258c4a98dfe99e65639baa50e33fbb4

SHA256
e25f5ff0e7baa05cd9da56a1cd2b5c8b70f66b73b1021f9f6619bb327492f2cb

SHA512
cbbf8f0ddb889571f31c4e91f8f369fea300949708cadcd3f54232d0eb19b6e579e8ef3831e431dcd91885bf2c78114eb825ab356de735fb51f92ec5edc9ca6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libEGL.dll

Filesize
346KB

MD5
dccd99cb80c5022d4ed21c068d4e4ae5

SHA1
4fcdc6be313d0e3baa5168a7556df992e3364da4

SHA256
2166f8830bfbf3d574d7654bd927fe6e05fb74fb05d8e57af59c93090f6bc2a6

SHA512
02f18a691d85545a0452631b1c1e218aa5853d71937f7ae1d4f3639142399017139c1d9cb81f769754303635ce689605a7fd65765a3d8b4873603ced57925faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libGLESv2.dll

Filesize
1.6MB

MD5
4dc3d5c221d1aaea9f9a01f082c2caaa

SHA1
c411824acc606192daf08646aec6305220a70dc0

SHA256
d9e5bef700d7815aa9f0b40a234d9a8cfef9f149625f56bc099ca448034c5d1a

SHA512
4468ff81a7205647f3cd4e9f062bde438689cb3d9ca4c7f9c654d99908c289a4cc4f4f354e63dc5f47eed5a1698d4bcc1f3f2698c9b00a3e9f5702147c2fceb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libglesv2.dll

Filesize
1.6MB

MD5
c18931c600149d7c30c11110a444f728

SHA1
34eaa78ffe4bd78f320ee0c279665fbf112dde52

SHA256
157edfae3957c7331f5c9f29436924de7776413234962509eb3f922797a560dc

SHA512
9e0aa89d01e7d7ec7637732cf411dff38bcd66181cfab345ef1cf11a82ac9b2ed138c8d0719d0d44910f569e1a6457ab42b105301da283e2fd658fb6b907a07f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources.pak

Filesize
2.2MB

MD5
81c00c18b5fd5f77ca6bdf73e69b2dd2

SHA1
fcd5080ec3573dec52b0d68e1b850fdd344e4ba6

SHA256
f5d124634ff2f37dcd2503a2cb070ca705b208361409d9c7850caa669e132bbc

SHA512
9963fff1c570ce89acd92065bfc4d595ff2e4d74fe4ae6513a8c3882278c420606705d61b9607eed375c228ba6cd9c7e6e6cd626e204c4f920a8c5fde864a8b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar

Filesize
1.1MB

MD5
f64750a616dcdafc38fa3fdaa966fbc5

SHA1
358b77012f4a1a9c96f6370d4f7b96ab55e302fa

SHA256
eaddb78f5f24d73c75e3f016457e79f0c1685d5add4ec5647efdcb3e5841b7b5

SHA512
46221e0b9c11674847b9de39a23effa339ece2fb15ca6036e1bc4444f0dbe1ad6ded144ed2ae511525034210842614d295f001dab64b360c97fb9e2cf3f9e984

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\images\background.png

Filesize
297B

MD5
32338b60ff8368fd431b32109eae89d2

SHA1
7a3a844f2e6371c8f3a08a142e2e792a6e77105a

SHA256
1d370406c3b0c6bfe109feb76229fd4a0fe1d4171ae2a77655a0fd3264558d2f

SHA512
be71b3dcc24cea203d59e08d8a4082dcf253eb02a971e67034f8cc0930f6af72830b1e35430cc861c08341082156585adcedcbfc788a83ec35fbd78107e20f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\v8_context_snapshot.bin

Filesize
161KB

MD5
d88d23551a4d7230f98fe0cbd363695b

SHA1
8e28eb4153e00aa5345bdb539b925a777588a26b

SHA256
72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

SHA512
ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx735C.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx735C.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx735C.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\Network Persistent State

Filesize
175B

MD5
2b7e4377653e6e07536efe7fc1bd78a7

SHA1
cdd9c03b91e368bc14c4ac0ff7204ee698fa285d

SHA256
bd367325bb3c469e1aa6dcff50b6296b9b8d5bf5bed538f01f36c29b0603511a

SHA512
5dae5ba1af5ae6e52a39092bc5b4ebb454906c919735ab5b7f7a4c84a487e26376f68aee9c86265142e03c0f163cc0623094fa4f2936bff17504c2059ba112dc

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\Network Persistent State~RFe58ec9d.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit