249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Analysis

max time kernel
151s
max time network
160s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
03-09-2024 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BetterDiscord-Windows.exe
Size

75.1MB
MD5

43327119366e52928b9aed0c1e734389
SHA1

3777d8387fba8528b6e433a8e763df5dcd542a48
SHA256

249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697
SHA512

bda75994e6dcf5bc9e5b45d025894d62d0138a9d39c47255cd3b6b6e32f60de973da54bf85de57e8f0ca8a253bf414697c4b06e887d45dded90485ce6832e7f4
SSDEEP

1572864:DMKQ/QO4cQ0dPUnqZUPsziv5IANK+4ZYPDHdH/I1z/dHazC:DzXr50lUnqEneWlWYj21zaC

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI55922\python311.dll	upx
behavioral1/memory/5372-902-0x00007FF82FB50000-0x00007FF830138000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_ctypes.pyd	upx
behavioral1/memory/5372-912-0x00007FF845C80000-0x00007FF845C8F000-memory.dmp	upx
behavioral1/memory/5372-911-0x00007FF845C90000-0x00007FF845CB4000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\_MEI55922\_bz2.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_ssl.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_sqlite3.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_socket.pyd	upx
behavioral1/memory/5372-941-0x00007FF844A80000-0x00007FF844A8D000-memory.dmp	upx
behavioral1/memory/5372-942-0x00007FF843A80000-0x00007FF843A8D000-memory.dmp	upx
behavioral1/memory/5372-940-0x00007FF845C10000-0x00007FF845C29000-memory.dmp	upx
behavioral1/memory/5372-943-0x00007FF83F980000-0x00007FF83F9AE000-memory.dmp	upx
behavioral1/memory/5372-946-0x00007FF83EEF0000-0x00007FF83EFAC000-memory.dmp	upx
behavioral1/memory/5372-947-0x00007FF83F6C0000-0x00007FF83F6EB000-memory.dmp	upx
behavioral1/memory/5372-945-0x00007FF845C90000-0x00007FF845CB4000-memory.dmp	upx
behavioral1/memory/5372-944-0x00007FF82FB50000-0x00007FF830138000-memory.dmp	upx
behavioral1/memory/5372-939-0x00007FF844A90000-0x00007FF844AC5000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_queue.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_overlapped.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_multiprocessing.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_hashlib.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_cffi_backend.cp311-win_amd64.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_asyncio.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\unicodedata.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\sqlite3.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\pyexpat.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\libssl-1_1.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\libcrypto-1_1.dll	upx
behavioral1/memory/5372-918-0x00007FF845C30000-0x00007FF845C5D000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\_MEI55922\_lzma.pyd	upx
behavioral1/memory/5372-948-0x00007FF82FA30000-0x00007FF82FB4C000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_decimal.pyd	upx
behavioral1/memory/5372-915-0x00007FF845C60000-0x00007FF845C79000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\_MEI55922\libffi-8.dll	upx
behavioral1/memory/5372-949-0x00007FF845C60000-0x00007FF845C79000-memory.dmp	upx
behavioral1/memory/5372-952-0x00007FF83E3D0000-0x00007FF83E488000-memory.dmp	upx
behavioral1/memory/5372-954-0x00007FF82F6B0000-0x00007FF82FA25000-memory.dmp	upx
behavioral1/memory/5372-951-0x00007FF845C30000-0x00007FF845C5D000-memory.dmp	upx
behavioral1/memory/5372-950-0x00007FF83F510000-0x00007FF83F53E000-memory.dmp	upx
behavioral1/memory/5372-958-0x00007FF844A80000-0x00007FF844A8D000-memory.dmp	upx
behavioral1/memory/5372-957-0x00007FF83FB20000-0x00007FF83FB34000-memory.dmp	upx
behavioral1/memory/5372-956-0x00007FF83C830000-0x00007FF83C8B7000-memory.dmp	upx
behavioral1/memory/5372-959-0x00007FF83F500000-0x00007FF83F50B000-memory.dmp	upx
behavioral1/memory/5372-955-0x00007FF845C10000-0x00007FF845C29000-memory.dmp	upx
behavioral1/memory/5372-960-0x00007FF83F4D0000-0x00007FF83F4F6000-memory.dmp	upx
behavioral1/memory/5372-962-0x00007FF83F1E0000-0x00007FF83F1EA000-memory.dmp	upx
behavioral1/memory/5372-961-0x00007FF83EEF0000-0x00007FF83EFAC000-memory.dmp	upx
behavioral1/memory/5372-963-0x00007FF83F6C0000-0x00007FF83F6EB000-memory.dmp	upx
behavioral1/memory/5372-964-0x00007FF83F1C0000-0x00007FF83F1D8000-memory.dmp	upx
behavioral1/memory/5372-968-0x00007FF83F510000-0x00007FF83F53E000-memory.dmp	upx
behavioral1/memory/5372-967-0x00007FF82F530000-0x00007FF82F6A3000-memory.dmp	upx
behavioral1/memory/5372-966-0x00007FF83E3A0000-0x00007FF83E3C3000-memory.dmp	upx
behavioral1/memory/5372-965-0x00007FF82FA30000-0x00007FF82FB4C000-memory.dmp	upx
behavioral1/memory/5372-971-0x00007FF83E310000-0x00007FF83E346000-memory.dmp	upx
behavioral1/memory/5372-979-0x00007FF83E940000-0x00007FF83E94B000-memory.dmp	upx
behavioral1/memory/5372-978-0x00007FF83FB20000-0x00007FF83FB34000-memory.dmp	upx
behavioral1/memory/5372-988-0x00007FF83F1E0000-0x00007FF83F1EA000-memory.dmp	upx
behavioral1/memory/5372-998-0x00007FF83A7D0000-0x00007FF83A7EC000-memory.dmp	upx
behavioral1/memory/5372-997-0x00007FF83D9E0000-0x00007FF83D9EB000-memory.dmp	upx
behavioral1/memory/5372-996-0x00007FF83E310000-0x00007FF83E346000-memory.dmp	upx
behavioral1/memory/5372-995-0x00007FF83D9F0000-0x00007FF83D9FC000-memory.dmp	upx
behavioral1/memory/5372-994-0x00007FF83CA30000-0x00007FF83CA59000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

39 pastebin.com
40 pastebin.com
41 pastebin.com
42 pastebin.com

flow	ioc
39	pastebin.com
40	pastebin.com
41	pastebin.com
42	pastebin.com

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BetterDiscord.exeBetterDiscord.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation	BetterDiscord.exe

Executes dropped EXE 5 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

pid process

4164 BetterDiscord.exe
700 BetterDiscord.exe
4820 BetterDiscord.exe
1624 BetterDiscord.exe
6952 BetterDiscord.exe

pid	process
4164	BetterDiscord.exe
700	BetterDiscord.exe
4820	BetterDiscord.exe
1624	BetterDiscord.exe
6952	BetterDiscord.exe

Loads dropped DLL 59 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBoostrapper.exe

pid	process
2216	BetterDiscord-Windows.exe
2216	BetterDiscord-Windows.exe
2216	BetterDiscord-Windows.exe
4164	BetterDiscord.exe
700	BetterDiscord.exe
700	BetterDiscord.exe
700	BetterDiscord.exe
700	BetterDiscord.exe
4820	BetterDiscord.exe
1624	BetterDiscord.exe
6952	BetterDiscord.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

BetterDiscord-Windows.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBetterDiscord.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterDiscord-Windows.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterDiscord.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterDiscord.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterDiscord.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterDiscord.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BetterDiscord.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

Processes:

BetterDiscord.exeBetterDiscord.exeBetterDiscord.exeBoostrapper.exe

pid	process
4820	BetterDiscord.exe
4820	BetterDiscord.exe
1624	BetterDiscord.exe
1624	BetterDiscord.exe
6952	BetterDiscord.exe
6952	BetterDiscord.exe
6952	BetterDiscord.exe
6952	BetterDiscord.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe
5372	Boostrapper.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

Processes:

AUDIODG.EXEBoostrapper.exeWMIC.exe

description	pid	process
Token: 33	2364	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2364	AUDIODG.EXE
Token: SeDebugPrivilege	5372	Boostrapper.exe
Token: SeIncreaseQuotaPrivilege	3984	WMIC.exe
Token: SeSecurityPrivilege	3984	WMIC.exe
Token: SeTakeOwnershipPrivilege	3984	WMIC.exe
Token: SeLoadDriverPrivilege	3984	WMIC.exe
Token: SeSystemProfilePrivilege	3984	WMIC.exe
Token: SeSystemtimePrivilege	3984	WMIC.exe
Token: SeProfSingleProcessPrivilege	3984	WMIC.exe
Token: SeIncBasePriorityPrivilege	3984	WMIC.exe
Token: SeCreatePagefilePrivilege	3984	WMIC.exe
Token: SeBackupPrivilege	3984	WMIC.exe
Token: SeRestorePrivilege	3984	WMIC.exe
Token: SeShutdownPrivilege	3984	WMIC.exe
Token: SeDebugPrivilege	3984	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3984	WMIC.exe
Token: SeRemoteShutdownPrivilege	3984	WMIC.exe
Token: SeUndockPrivilege	3984	WMIC.exe
Token: SeManageVolumePrivilege	3984	WMIC.exe
Token: SeImpersonatePrivilege	3984	WMIC.exe
Token: 33	3984	WMIC.exe
Token: 34	3984	WMIC.exe
Token: 35	3984	WMIC.exe
Token: 36	3984	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3984	WMIC.exe
Token: SeSecurityPrivilege	3984	WMIC.exe
Token: SeTakeOwnershipPrivilege	3984	WMIC.exe
Token: SeLoadDriverPrivilege	3984	WMIC.exe
Token: SeSystemProfilePrivilege	3984	WMIC.exe
Token: SeSystemtimePrivilege	3984	WMIC.exe
Token: SeProfSingleProcessPrivilege	3984	WMIC.exe
Token: SeIncBasePriorityPrivilege	3984	WMIC.exe
Token: SeCreatePagefilePrivilege	3984	WMIC.exe
Token: SeBackupPrivilege	3984	WMIC.exe
Token: SeRestorePrivilege	3984	WMIC.exe
Token: SeShutdownPrivilege	3984	WMIC.exe
Token: SeDebugPrivilege	3984	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3984	WMIC.exe
Token: SeRemoteShutdownPrivilege	3984	WMIC.exe
Token: SeUndockPrivilege	3984	WMIC.exe
Token: SeManageVolumePrivilege	3984	WMIC.exe
Token: SeImpersonatePrivilege	3984	WMIC.exe
Token: 33	3984	WMIC.exe
Token: 34	3984	WMIC.exe
Token: 35	3984	WMIC.exe
Token: 36	3984	WMIC.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BetterDiscord-Windows.exeBetterDiscord.exeBoostrapper.exeBoostrapper.execmd.exe

description	pid	process	target process
PID 2216 wrote to memory of 4164	2216	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2216 wrote to memory of 4164	2216	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 2216 wrote to memory of 4164	2216	BetterDiscord-Windows.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 700	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 4820	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 4820	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 4820	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 1624	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 1624	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 1624	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 6952	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 6952	4164	BetterDiscord.exe	BetterDiscord.exe
PID 4164 wrote to memory of 6952	4164	BetterDiscord.exe	BetterDiscord.exe
PID 5592 wrote to memory of 5372	5592	Boostrapper.exe	Boostrapper.exe
PID 5592 wrote to memory of 5372	5592	Boostrapper.exe	Boostrapper.exe
PID 5372 wrote to memory of 4700	5372	Boostrapper.exe	cmd.exe
PID 5372 wrote to memory of 4700	5372	Boostrapper.exe	cmd.exe
PID 5372 wrote to memory of 2968	5372	Boostrapper.exe	cmd.exe
PID 5372 wrote to memory of 2968	5372	Boostrapper.exe	cmd.exe
PID 5372 wrote to memory of 3036	5372	Boostrapper.exe	cmd.exe
PID 5372 wrote to memory of 3036	5372	Boostrapper.exe	cmd.exe
PID 5372 wrote to memory of 3900	5372	Boostrapper.exe	cmd.exe
PID 5372 wrote to memory of 3900	5372	Boostrapper.exe	cmd.exe
PID 3900 wrote to memory of 3984	3900	cmd.exe	WMIC.exe

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.2.2118560116\366734623" -childID 1 -isForBrowser -prefsHandle 2724 -prefMapHandle 2748 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37785cbe-d11c-49cd-a60d-27e12b3eeb36} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 2836 20a76544758 tab
1⤵
PID:1320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.3.1336153485\392358325" -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 3432 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a3a29f1-63ea-40e6-a2e7-0e460238d408} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 3448 20a67862558 tab
1⤵
PID:4548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.4.307344677\899812908" -childID 3 -isForBrowser -prefsHandle 4156 -prefMapHandle 4152 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23f967a3-52e6-4c09-a9e3-a709942e1a54} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 4160 20a77cfae58 tab
1⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe
"C:\Users\Admin\AppData\Local\Temp\BetterDiscord-Windows.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2216

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4164

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1492,11355140460948339479,14648421154153288341,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1516 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:700

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,11355140460948339479,14648421154153288341,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 /prefetch:8
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4820

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=renderer --field-trial-handle=1492,11355140460948339479,14648421154153288341,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1624

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\BetterDiscord.exe" --type=gpu-process --field-trial-handle=1492,11355140460948339479,14648421154153288341,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=816 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:6952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.5.1865837675\2116555011" -childID 4 -isForBrowser -prefsHandle 4692 -prefMapHandle 4688 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a4e9c64-d539-47cb-a65f-7b83019068ac} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 4700 20a78b33358 tab
1⤵
PID:3700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.6.1051981130\1325404502" -childID 5 -isForBrowser -prefsHandle 4836 -prefMapHandle 4840 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff10b52e-a421-4fa6-9f23-f207585f733d} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 4828 20a78b34e58 tab
1⤵
PID:304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.7.36972713\1225864242" -childID 6 -isForBrowser -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29e78588-5464-48c3-9c29-66fabafca9aa} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 5016 20a78b34b58 tab
1⤵
PID:3712

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ac
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.8.248639609\799870248" -childID 7 -isForBrowser -prefsHandle 5920 -prefMapHandle 5928 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d2caf51-aff5-483c-acab-7d997cf7d635} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 5912 20a7c00be58 tab
1⤵
PID:5456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.9.908867783\1365223559" -parentBuildID 20221007134813 -prefsHandle 2624 -prefMapHandle 6028 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {157784d2-0417-492c-991d-0e2174979409} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 5912 20a7a148a58 rdd
1⤵
PID:5604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.10.771547188\1873222333" -childID 8 -isForBrowser -prefsHandle 5292 -prefMapHandle 5192 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f00cbb9d-ade2-4744-bdca-d51e3f1d2a7f} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 5272 20a7d0c1558 tab
1⤵
PID:5840

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.11.2038991490\1561886594" -childID 9 -isForBrowser -prefsHandle 10060 -prefMapHandle 10056 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eba3bb2-9766-46be-89d6-ce569eddc476} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 10068 20a7da9e858 tab
1⤵
PID:5848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.12.905379741\1483496999" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4972 -prefMapHandle 9816 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eabdb81d-6b54-439b-8b07-fb94ce5e232b} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 9888 20a7cf27158 utility
1⤵
PID:5972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.13.808851978\35069707" -childID 10 -isForBrowser -prefsHandle 9536 -prefMapHandle 9540 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99b26ae0-90e6-42db-ab91-125a7b65a2d2} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 9524 20a7dee1858 tab
1⤵
PID:2144

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.14.65445529\895181877" -childID 11 -isForBrowser -prefsHandle 9404 -prefMapHandle 9400 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e39b1f2-447a-49e7-8f67-861daa665038} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 9572 20a7e0ce658 tab
1⤵
PID:4524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.15.843000841\1647838322" -childID 12 -isForBrowser -prefsHandle 9148 -prefMapHandle 9240 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a5e379e-157c-4327-81f3-f700f09ac83a} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 9140 20a7e31c558 tab
1⤵
PID:5236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.16.479806593\1153888330" -childID 13 -isForBrowser -prefsHandle 8940 -prefMapHandle 8944 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {275e0e3b-e644-4d00-9ba8-297f868a8179} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 9240 20a7de43958 tab
1⤵
PID:6040

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.17.1609378031\191508030" -childID 14 -isForBrowser -prefsHandle 9188 -prefMapHandle 8936 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e553f677-0b39-427a-afc9-b7c0155a2f62} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 8852 20a7e417858 tab
1⤵
PID:4716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.18.903124550\2094905916" -childID 15 -isForBrowser -prefsHandle 8656 -prefMapHandle 8660 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa8e5d84-178e-4479-938d-dfa83d61db31} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 8648 20a7e417558 tab
1⤵
PID:5984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.19.1094933102\680605921" -childID 16 -isForBrowser -prefsHandle 8516 -prefMapHandle 8512 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdc32a6d-d9e4-4811-8869-1fd964cfdbd0} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 8524 20a7dee1258 tab
1⤵
PID:6004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.20.1752381756\1675068059" -childID 17 -isForBrowser -prefsHandle 8656 -prefMapHandle 8444 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d24dba12-7385-488c-bc0b-8d97a1a48d49} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 8456 20a7e713858 tab
1⤵
PID:6020

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.21.212065536\1423032335" -childID 18 -isForBrowser -prefsHandle 9284 -prefMapHandle 9412 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03e3df02-8f37-4bae-84ef-8c7339afab1c} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 9296 20a7cff8858 tab
1⤵
PID:6596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.22.1102373717\2141183309" -childID 19 -isForBrowser -prefsHandle 10184 -prefMapHandle 8160 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43c92490-23fc-449b-88cb-06aa1b134772} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 8992 20a7e314258 tab
1⤵
PID:6604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.23.2036671765\1264885624" -childID 20 -isForBrowser -prefsHandle 8020 -prefMapHandle 8016 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {298ef5d3-9fd2-4342-94e0-e591cb651005} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 8028 20a7e314b58 tab
1⤵
PID:6612

C:\Users\Admin\Downloads\Boostrapper.exe
"C:\Users\Admin\Downloads\Boostrapper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5592

C:\Users\Admin\Downloads\Boostrapper.exe
"C:\Users\Admin\Downloads\Boostrapper.exe"
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5372

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
3⤵
PID:4700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\bound.exe'"
3⤵
PID:2968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "start bound.exe"
3⤵
PID:3036

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
3⤵
- Suspicious use of WriteProcessMemory
PID:3900

C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\ffmpeg.dll

Filesize
2.5MB

MD5
d2cc6fc3a7b6c5bcca5fae428fe799e0

SHA1
89cba6e9195cf95a7aa993d7aaadb331392b3bda

SHA256
0d4ebdd32f016c6eb203aef4c70ad2f93fa68e5b9e92087a862b21f8133c7319

SHA512
34f7e6c49ff2a230abc7c5aeeebc5ec628f07170c4638b3bfc5897a645fa5f167c54230373a39021548e0aceba50c35ef730e4ecb454bb4d882df2d699c86736

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libegl.dll

Filesize
346KB

MD5
dccd99cb80c5022d4ed21c068d4e4ae5

SHA1
4fcdc6be313d0e3baa5168a7556df992e3364da4

SHA256
2166f8830bfbf3d574d7654bd927fe6e05fb74fb05d8e57af59c93090f6bc2a6

SHA512
02f18a691d85545a0452631b1c1e218aa5853d71937f7ae1d4f3639142399017139c1d9cb81f769754303635ce689605a7fd65765a3d8b4873603ced57925faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\libglesv2.dll

Filesize
6.6MB

MD5
d36a30ef5726be3e3b3ed3f886a781a8

SHA1
0a47ed6013866aef030683e0398937013ce7fdf0

SHA256
3672e62c20b1d253ad642e155ae32ba5c1ca1f2cce37565c71a7d8aad21515dd

SHA512
8ac4adc7879cc7b0661809394e118220a350c9b8063aadf44fcecd115411fcc040ea73cb1fb2896931c34ec04b6146e5b5f7cda531249698dceb09aa1f9b4078

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources.pak

Filesize
4.9MB

MD5
91f8a4b158df6967163ccbbe765e095a

SHA1
95db67f0a2352fd898f4a4cfdfc860f6a9c58c87

SHA256
a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182

SHA512
6450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\app.asar

Filesize
1.1MB

MD5
f64750a616dcdafc38fa3fdaa966fbc5

SHA1
358b77012f4a1a9c96f6370d4f7b96ab55e302fa

SHA256
eaddb78f5f24d73c75e3f016457e79f0c1685d5add4ec5647efdcb3e5841b7b5

SHA512
46221e0b9c11674847b9de39a23effa339ece2fb15ca6036e1bc4444f0dbe1ad6ded144ed2ae511525034210842614d295f001dab64b360c97fb9e2cf3f9e984

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\images\background.png

Filesize
297B

MD5
32338b60ff8368fd431b32109eae89d2

SHA1
7a3a844f2e6371c8f3a08a142e2e792a6e77105a

SHA256
1d370406c3b0c6bfe109feb76229fd4a0fe1d4171ae2a77655a0fd3264558d2f

SHA512
be71b3dcc24cea203d59e08d8a4082dcf253eb02a971e67034f8cc0930f6af72830b1e35430cc861c08341082156585adcedcbfc788a83ec35fbd78107e20f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\resources\assets\license.txt

Filesize
2KB

MD5
f31549cdc3abfa48981759862a07519e

SHA1
1168fdb04883a65057168eaccb75e153aa3fe438

SHA256
267c8e6f5387fa5d54290044d30a5da427be3597fa7815c32689a533eaee8886

SHA512
f084f518eafc6a58c377c3f80d8a186d9a1d55473afc931bb913adb1fa6fd0bbbc2ba09a30ea39283cd5327079278ae7babea6a74b93a7f2d7cb48bfbba95795

Download Submit
C:\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\v8_context_snapshot.bin

Filesize
161KB

MD5
d88d23551a4d7230f98fe0cbd363695b

SHA1
8e28eb4153e00aa5345bdb539b925a777588a26b

SHA256
72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

SHA512
ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\VCRUNTIME140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_asyncio.pyd

Filesize
34KB

MD5
936e44a303a5957709434a0c6bf4532e

SHA1
e35f0b78f61797d9277741a1ee577b5fe7af3d62

SHA256
11f1062fafb4fbca92e3b2cef97ab66ec011142f5b0312e74815decd93be458b

SHA512
cebe905b718825c1841e9c0e83dfdac95d0ff50b116ab3b91b05ca21f86f1482f5b1e13988c969244c644d17bd378792ac4967caa721f0b0e858cd92859af154

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_cffi_backend.cp311-win_amd64.pyd

Filesize
70KB

MD5
85ea029283f963773fd11fc6db68e58d

SHA1
1e155b263df08417265d0be063ec8ff5c2b7e26c

SHA256
a92281031d1373d3c71c36689b6499c144f0667c7fc56b14bb8abd107942a0c2

SHA512
04e8420f0372ba5972a4508ef2f4fec18d8403b3267d41f0d8b56e3bf5a45559f87b883c455255147f55160f9a6cb26ac902e599818bdfa8d4a02959b0a72c67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_ctypes.pyd

Filesize
57KB

MD5
2346cf6a1ad336f3ee23c4ec3ff7871c

SHA1
e36b759c0b78d2def431aa11bcbb7d7cf02f1eea

SHA256
490a11d03dd3aeb05a410eb0d285e3da788e73b643ea9914fffd5a2c102dc1df

SHA512
7a92de4937b23952e2a31bb09a58b2ad81c06da23704e4b4f964eb42948adad1a1e57920c021283da1b7154e7ac19e46031ffee6b69a73acbc85d95ef45bf8ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_decimal.pyd

Filesize
104KB

MD5
9b801838394e97e30c99dcf5f9fcc8fa

SHA1
33fb049b2f98bcb2f2cb9508be2408a6698243be

SHA256
15668e03f9c55f07184ec9c048a8569f7d7ebd9ea6dbef145f1f3b581f8623f3

SHA512
5f074c82f344ca43a07a59132fab59e3504e314a2f7673bfec906782b947daf8fe45a1b956f72502eae72f01369a3bb1fbb73b10dc605d43b889a6700bd98a28

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_hashlib.pyd

Filesize
33KB

MD5
7fd141630dfa2500f5bf4c61e2c2d034

SHA1
0f8d1dfae2cbce1ad714c93216f01bf7001aabda

SHA256
689f0ac1d44481688cd4ae90b6f801176a52ff4bb4170c62575ea58f44452e15

SHA512
c6b7b1aefb7280f38d63f4ab84a349ebb696ca7300b7a451e7a994baff7e0a83fb4488c43ed3160b94dec74e0d27417d68913056b3006c8c6da11e39681f512e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_multiprocessing.pyd

Filesize
25KB

MD5
241a977372d63b46b6ae4f7227579cc3

SHA1
21c8fa02217ec69c5cc9a1cc9edaa5de6f8d9f91

SHA256
04e56f1c6919f2987f205e9e3afa16d945eeaffa415c746104ccb7763c067f9c

SHA512
7aeaa94a5cd46d604370e430c72724b683e149af7e032c85708e33bfb94fb6a9ccc52c70bc701dfb94b4ae55d4e8acd8e394efb6cd81466fd9fa1a6addaa4ecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_overlapped.pyd

Filesize
30KB

MD5
ef52dc3e7d12795745e23487026a5b5e

SHA1
6c9f488a9eaabdc6db11ed2c32231d518a8b8f42

SHA256
b1b56328df4b19cf04586303f693979536253078fc7017b4ac4ae6d730296b1f

SHA512
8b3c311bf4a54eaa21fa1db058037b274bd3b9e838e844537269f8e0102ad47ca7181e73bbb4f5269100cfe82499bb0787bc04943b02e36ea0ab26bfa8e65326

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_queue.pyd

Filesize
24KB

MD5
71955beaf83aca364ed64285021781ca

SHA1
cac93d08f9085079fb32e6fc6d8e4fc8cd9115e6

SHA256
3df280391d7275e73aef70af228bb21c03434147ae9fe31e8c620ea151e08b30

SHA512
9b055a0273ace0f9b673e015a20c8867689090608fffaf85c54636f061cf595de1e6c9bfc2d8ea75fa4dd247b4af0493022f24d6a931b53e7f60009a85b45601

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_socket.pyd

Filesize
41KB

MD5
53dc1aa457a1e3b4f6c8baed19a6ca0a

SHA1
290a572e981cc5ce896dc52a53f112d9eaaefc39

SHA256
26200892f616f859e82c167701ab866b8291eabbe808dd18c434cc80ebeedf19

SHA512
460de92115288e0e95fd03837df775e5f34425784c18ab7e9ad0885511166371647a6f06d95ffa6c3437de69895d46cd4cddcda2841ccdb5ef268b1a857837e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_sqlite3.pyd

Filesize
54KB

MD5
1c5e0718dce15682d32185f1e1f8df7d

SHA1
f59662db717663ed1589328c5749bb8b44a0d053

SHA256
56f74ec6490b916c513b618635edaa22cb2374a92e5f79549c1e2b7c5c37f31d

SHA512
702f8348d2fe08ec10e0120129e64c12368c971ea52852cd0c7d26fd159f5b34bc808b9b318168aaa81366ed4944909e305d4e9727f0374d921eddb54ea22cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\_ssl.pyd

Filesize
60KB

MD5
df5a6f6c547300a7c87005eb0fafcfa0

SHA1
c792342e964a1c8a776e5203f3eee7908e6cad09

SHA256
dea09b9750c26813130ca32db0b4455796e12a3d61bb52066d5a53302bcce0ce

SHA512
018a79871faa2cf6a1644e96f10750ddccccd56436720faf760808b1997940f9bcd2866a4533b903058ab608629ff8ed46fadb788e4a6714b19775d557dd69b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\base_library.zip

Filesize
1.4MB

MD5
ccb6351e5ba35fde70f9526948be531d

SHA1
991354b702d8394c471cafa42c75a8962acdb13b

SHA256
9bc15f8e3dd29eac77f1234f4a66e371b9ceedf44099d70100ce04e4cff36f5a

SHA512
ab7abd00aefeaf9ba550a453962786bf9b4485d1d2aaf16d2ff8c801a18a23665f3ed264bf686946434f98b5d63650d18a3755f39307fb902a8096e9e71aa63c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\bound.luna

Filesize
10.7MB

MD5
98075b4c010ae26148121e929c14b586

SHA1
7ec9e1bc790b5c302174fccba6dcd9b650f7a831

SHA256
31d172816b4a9f3281a46ee3c12bb0227ff9f5af7507434cf8369bb73ff0fd26

SHA512
b4dfb437cb126f71e4c1b96535c09feed310db87f91643c7631c8fc5e9e0df7adbd84e8bbfd91b0843c515c0618c07b2d6b16b6af980444cb1aea15da5b9a36a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\libcrypto-1_1.dll

Filesize
1.1MB

MD5
571796599d616a0d12aa34be09242c22

SHA1
0e0004ab828966f0c8a67b2f10311bb89b6b74ac

SHA256
6242d2e13aef871c4b8cfd75fc0f8530e8dccfeaba8f1b66280e9345f52b833b

SHA512
7362a6c887600fafc1a45413823f006589bb95a76ac052b6c7022356a7a9a6e8cd3e76f59cecf152e189323791d9626a6fdb7a98bf3a5250d517b746c3e84e84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\libssl-1_1.dll

Filesize
203KB

MD5
aabafc5d0e409123ae5e4523d9b3dee2

SHA1
4d0a1834ed4e4ceecb04206e203d916eb22e981b

SHA256
84e4c37fb28b6cf79e2386163fe6bb094a50c1e8825a4bcdb4cb216f4236d831

SHA512
163f29ad05e830367af3f2107e460a587f4710b8d9d909a01e04cd8cfee115d8f453515e089a727a6466ce0e2248a56f14815588f7df6d42fe1580e1b25369cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\luna.aes

Filesize
5.5MB

MD5
b90c295f55ee01ba34c87cfdeb270b79

SHA1
c2ad8c0f0c10f18681f3e5f08adb191fef70dcb8

SHA256
fd21564fe72052d913195b081eef6976710a593cf6f0f8e7cf2b216ccbfe9f3d

SHA512
afed13bd8bcfc6b1a86cce2c9c0e9bbdf90c1d6f8be3af2430c97debd182313d91720ce9e906f3860fd432aa639bbbc4f388a26ec84abaa97f23486ac673b738

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\pyexpat.pyd

Filesize
86KB

MD5
c498ed10d7245560412f9df527508b5c

SHA1
b84b57a54a1a9c5631f4d0b8ac31694786cc822b

SHA256
297ec9e654500400ba5731101b65d29c14d0305ae9f6c05b9763f57ab150b07d

SHA512
ab8bcf6e4a395944316e19aa7aa598e8bfeaa038f4ae086fcede6d01747b670896d640dbf4992630fcbd737d2be3ab627b7be8ad36437629671387f4aaf85957

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\python3.DLL

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\python311.dll

Filesize
1.6MB

MD5
4fcf14c7837f8b127156b8a558db0bb2

SHA1
8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f

SHA256
a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc

SHA512
7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\select.pyd

Filesize
24KB

MD5
0dc8f694b3e6a3682b3ff098bd2468f6

SHA1
737252620116c6ac5c527f99d3914e608a0e5a74

SHA256
818120c08358b6b4d1234b7456c7b5c777af8473e26314a6a6c0f37237d53208

SHA512
d0e704d52b0c5e24c07447a60d71ccec490ec15ecb6b4532b2e93ac07036bda7f27051f80dac1ef3705b0186f35f9d6dfc05415412e483b68fd79f1098411123

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\sqlite3.dll

Filesize
608KB

MD5
605b722497acc50ffb33ebdb6afaf1f0

SHA1
e24c55472c827d4b519e5b6f0a3cfc49e10d1fa9

SHA256
a61016520a3f228285e32e40d878fe449450136c55aa9d4d7b54006a8dc7f339

SHA512
9611afc66cd1236cea1fce94e8ecf8e4d2168db3b51d8d9a799b574e8523ca0aea48da6b6c15fc863dd737b9c394ac6e56d2f3fa45e29792b630da389cb21dc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI55922\unicodedata.pyd

Filesize
293KB

MD5
2b1809546e4bc9d67ea69d24f75edce0

SHA1
9d076445dfa2f58964a6a1fd1844f6fe82645952

SHA256
89cbb2814a75a5bd53acbfb1fe090ca8395c4a7f559acd4fe0187758c172623a

SHA512
5ae015add4697e8290eb881fa770bca2fa22ba8376b86b26f7880d4f92ad362e741042926a4c47cc3413c83f445e372ffda915bcf8567673d807bd2dac28fbbd

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\Network Persistent State

Filesize
175B

MD5
2b7e4377653e6e07536efe7fc1bd78a7

SHA1
cdd9c03b91e368bc14c4ac0ff7204ee698fa285d

SHA256
bd367325bb3c469e1aa6dcff50b6296b9b8d5bf5bed538f01f36c29b0603511a

SHA512
5dae5ba1af5ae6e52a39092bc5b4ebb454906c919735ab5b7f7a4c84a487e26376f68aee9c86265142e03c0f163cc0623094fa4f2936bff17504c2059ba112dc

Download Submit
C:\Users\Admin\AppData\Roaming\BetterDiscord Installer\Network Persistent State~RFe589390.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
\Users\Admin\AppData\Local\Temp\2PqhVVPE5kPb0ewa547FygNUcPX\d3dcompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI55922\_bz2.pyd

Filesize
46KB

MD5
af3d45698d379c97a90cca9625bc5926

SHA1
0783866af330c1029253859574c369901969208e

SHA256
47af0730824f96865b5e20f8bba34b0d5f3a330087411adba71269312bf7ccec

SHA512
117e95d2ba0432f5ece882ad67a3fbf2e2cd251b4327a0d66b3fffd444e2d1813ddb568321bde1636b4180d19607db6103df145153e4ff84e9be601fd2dd5691

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI55922\_lzma.pyd

Filesize
84KB

MD5
ab6a735ad62592c7c8ea0b06cb57317a

SHA1
e27a0506800b5bbc2b350e39899d260164af2cd1

SHA256
0ebdf15c1c6d59e49716dfb4601f0abe6383449c70db1a349c6ad486742144a8

SHA512
9a285593cd8cc29844688723d8907e55a9f8a3109f9538cc4140912cc973f495de32779a4cd4a48dc62d680fdf81a5797e4e9c33f236a803082dfc3c00d02060

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI55922\libffi-8.dll

Filesize
24KB

MD5
24ea21ebcc3bef497d2bd208e7986f88

SHA1
d936f79431517b9687ee54d837e9e4be7afc082d

SHA256
18c097ef19f3e502a025c1d63cfec73a4fa30c5482286f4000d40d4784a0070a

SHA512
1bdbeddd812ecc2cdfbbf3498b0a8ef551cc18ce73fc30eb40b415fab0cdd20b80057a25a33ca2f9247b08978838df3587a3caf6e1a8e108c5a9a4f67dd75a94

Download Submit
\Users\Admin\AppData\Local\Temp\nsr707E.tmp\BgImage.dll

Filesize
7KB

MD5
487368e6fce9ab9c5ea053af0990c5ef

SHA1
b538e37c87d4b9a7645dcbbd9e93025a31849702

SHA256
e27efa5dfde875bd6b826fafb4c7698db6b6e30e68715a1c03eb018e3170fc04

SHA512
bb3ed4c0d17a11365b72653112b48c8c63ab10590dda3dfd90aa453f0d64203000e4571c73998063352240e1671d14da5ee394439899aaa31054fa2e9b722ea7

Download Submit
\Users\Admin\AppData\Local\Temp\nsr707E.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsr707E.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
memory/5372-968-0x00007FF83F510000-0x00007FF83F53E000-memory.dmp

Filesize
184KB

Download
memory/5372-981-0x00007FF83E380000-0x00007FF83E38C000-memory.dmp

Filesize
48KB

Download
memory/5372-944-0x00007FF82FB50000-0x00007FF830138000-memory.dmp

Filesize
5.9MB

Download
memory/5372-945-0x00007FF845C90000-0x00007FF845CB4000-memory.dmp

Filesize
144KB

Download
memory/5372-947-0x00007FF83F6C0000-0x00007FF83F6EB000-memory.dmp

Filesize
172KB

Download
memory/5372-946-0x00007FF83EEF0000-0x00007FF83EFAC000-memory.dmp

Filesize
752KB

Download
memory/5372-943-0x00007FF83F980000-0x00007FF83F9AE000-memory.dmp

Filesize
184KB

Download
memory/5372-940-0x00007FF845C10000-0x00007FF845C29000-memory.dmp

Filesize
100KB

Download
memory/5372-942-0x00007FF843A80000-0x00007FF843A8D000-memory.dmp

Filesize
52KB

Download
memory/5372-918-0x00007FF845C30000-0x00007FF845C5D000-memory.dmp

Filesize
180KB

Download
memory/5372-941-0x00007FF844A80000-0x00007FF844A8D000-memory.dmp

Filesize
52KB

Download
memory/5372-948-0x00007FF82FA30000-0x00007FF82FB4C000-memory.dmp

Filesize
1.1MB

Download
memory/5372-911-0x00007FF845C90000-0x00007FF845CB4000-memory.dmp

Filesize
144KB

Download
memory/5372-915-0x00007FF845C60000-0x00007FF845C79000-memory.dmp

Filesize
100KB

Download
memory/5372-912-0x00007FF845C80000-0x00007FF845C8F000-memory.dmp

Filesize
60KB

Download
memory/5372-949-0x00007FF845C60000-0x00007FF845C79000-memory.dmp

Filesize
100KB

Download
memory/5372-953-0x0000020BE7950000-0x0000020BE7CC5000-memory.dmp

Filesize
3.5MB

Download
memory/5372-952-0x00007FF83E3D0000-0x00007FF83E488000-memory.dmp

Filesize
736KB

Download
memory/5372-954-0x00007FF82F6B0000-0x00007FF82FA25000-memory.dmp

Filesize
3.5MB

Download
memory/5372-951-0x00007FF845C30000-0x00007FF845C5D000-memory.dmp

Filesize
180KB

Download
memory/5372-950-0x00007FF83F510000-0x00007FF83F53E000-memory.dmp

Filesize
184KB

Download
memory/5372-958-0x00007FF844A80000-0x00007FF844A8D000-memory.dmp

Filesize
52KB

Download
memory/5372-957-0x00007FF83FB20000-0x00007FF83FB34000-memory.dmp

Filesize
80KB

Download
memory/5372-956-0x00007FF83C830000-0x00007FF83C8B7000-memory.dmp

Filesize
540KB

Download
memory/5372-959-0x00007FF83F500000-0x00007FF83F50B000-memory.dmp

Filesize
44KB

Download
memory/5372-955-0x00007FF845C10000-0x00007FF845C29000-memory.dmp

Filesize
100KB

Download
memory/5372-960-0x00007FF83F4D0000-0x00007FF83F4F6000-memory.dmp

Filesize
152KB

Download
memory/5372-962-0x00007FF83F1E0000-0x00007FF83F1EA000-memory.dmp

Filesize
40KB

Download
memory/5372-961-0x00007FF83EEF0000-0x00007FF83EFAC000-memory.dmp

Filesize
752KB

Download
memory/5372-963-0x00007FF83F6C0000-0x00007FF83F6EB000-memory.dmp

Filesize
172KB

Download
memory/5372-964-0x00007FF83F1C0000-0x00007FF83F1D8000-memory.dmp

Filesize
96KB

Download
memory/5372-902-0x00007FF82FB50000-0x00007FF830138000-memory.dmp

Filesize
5.9MB

Download
memory/5372-967-0x00007FF82F530000-0x00007FF82F6A3000-memory.dmp

Filesize
1.4MB

Download
memory/5372-966-0x00007FF83E3A0000-0x00007FF83E3C3000-memory.dmp

Filesize
140KB

Download
memory/5372-965-0x00007FF82FA30000-0x00007FF82FB4C000-memory.dmp

Filesize
1.1MB

Download
memory/5372-971-0x00007FF83E310000-0x00007FF83E346000-memory.dmp

Filesize
216KB

Download
memory/5372-979-0x00007FF83E940000-0x00007FF83E94B000-memory.dmp

Filesize
44KB

Download
memory/5372-978-0x00007FF83FB20000-0x00007FF83FB34000-memory.dmp

Filesize
80KB

Download
memory/5372-988-0x00007FF83F1E0000-0x00007FF83F1EA000-memory.dmp

Filesize
40KB

Download
memory/5372-998-0x00007FF83A7D0000-0x00007FF83A7EC000-memory.dmp

Filesize
112KB

Download
memory/5372-997-0x00007FF83D9E0000-0x00007FF83D9EB000-memory.dmp

Filesize
44KB

Download
memory/5372-996-0x00007FF83E310000-0x00007FF83E346000-memory.dmp

Filesize
216KB

Download
memory/5372-995-0x00007FF83D9F0000-0x00007FF83D9FC000-memory.dmp

Filesize
48KB

Download
memory/5372-994-0x00007FF83CA30000-0x00007FF83CA59000-memory.dmp

Filesize
164KB

Download
memory/5372-993-0x00007FF83DA00000-0x00007FF83DA12000-memory.dmp

Filesize
72KB

Download
memory/5372-992-0x00007FF82F530000-0x00007FF82F6A3000-memory.dmp

Filesize
1.4MB

Download
memory/5372-991-0x00007FF83E3A0000-0x00007FF83E3C3000-memory.dmp

Filesize
140KB

Download
memory/5372-990-0x00007FF83DA20000-0x00007FF83DA2D000-memory.dmp

Filesize
52KB

Download
memory/5372-989-0x00007FF83F1C0000-0x00007FF83F1D8000-memory.dmp

Filesize
96KB

Download
memory/5372-987-0x00007FF83DA30000-0x00007FF83DA3C000-memory.dmp

Filesize
48KB

Download
memory/5372-986-0x00007FF83DA40000-0x00007FF83DA4C000-memory.dmp

Filesize
48KB

Download
memory/5372-985-0x00007FF83E1E0000-0x00007FF83E1EB000-memory.dmp

Filesize
44KB

Download
memory/5372-984-0x00007FF83E1D0000-0x00007FF83E1DB000-memory.dmp

Filesize
44KB

Download
memory/5372-983-0x00007FF83E1F0000-0x00007FF83E1FC000-memory.dmp

Filesize
48KB

Download
memory/5372-982-0x00007FF83E300000-0x00007FF83E30E000-memory.dmp

Filesize
56KB

Download
memory/5372-939-0x00007FF844A90000-0x00007FF844AC5000-memory.dmp

Filesize
212KB

Download
memory/5372-980-0x00007FF83E390000-0x00007FF83E39C000-memory.dmp

Filesize
48KB

Download
memory/5372-977-0x00007FF83F1A0000-0x00007FF83F1AB000-memory.dmp

Filesize
44KB

Download
memory/5372-976-0x00007FF83E950000-0x00007FF83E95C000-memory.dmp

Filesize
48KB

Download
memory/5372-975-0x00007FF83EDF0000-0x00007FF83EDFB000-memory.dmp

Filesize
44KB

Download
memory/5372-974-0x00007FF83F150000-0x00007FF83F15C000-memory.dmp

Filesize
48KB

Download
memory/5372-973-0x00007FF83F1B0000-0x00007FF83F1BB000-memory.dmp

Filesize
44KB

Download
memory/5372-972-0x00007FF82F6B0000-0x00007FF82FA25000-memory.dmp

Filesize
3.5MB

Download
memory/5372-970-0x0000020BE7950000-0x0000020BE7CC5000-memory.dmp

Filesize
3.5MB

Download
memory/5372-969-0x00007FF83E3D0000-0x00007FF83E488000-memory.dmp

Filesize
736KB

Download
memory/5372-1001-0x00007FF82FB50000-0x00007FF830138000-memory.dmp

Filesize
5.9MB

Download
memory/5372-1024-0x00007FF82F530000-0x00007FF82F6A3000-memory.dmp

Filesize
1.4MB

Download
memory/5372-1043-0x00007FF83E300000-0x00007FF83E30E000-memory.dmp

Filesize
56KB

Download
memory/5372-1052-0x00007FF83E310000-0x00007FF83E346000-memory.dmp

Filesize
216KB

Download
memory/5372-1051-0x00007FF83D9E0000-0x00007FF83D9EB000-memory.dmp

Filesize
44KB

Download
memory/5372-1050-0x00007FF83CA30000-0x00007FF83CA59000-memory.dmp

Filesize
164KB

Download
memory/5372-1049-0x00007FF83DA00000-0x00007FF83DA12000-memory.dmp

Filesize
72KB

Download
memory/5372-1048-0x00007FF83DA20000-0x00007FF83DA2D000-memory.dmp

Filesize
52KB

Download
memory/5372-1047-0x00007FF83E1E0000-0x00007FF83E1EB000-memory.dmp

Filesize
44KB

Download
memory/5372-1046-0x00007FF83D9F0000-0x00007FF83D9FC000-memory.dmp

Filesize
48KB

Download
memory/5372-1045-0x00007FF83E1D0000-0x00007FF83E1DB000-memory.dmp

Filesize
44KB

Download
memory/5372-1044-0x00007FF83E1F0000-0x00007FF83E1FC000-memory.dmp

Filesize
48KB

Download
memory/5372-1042-0x00007FF83E380000-0x00007FF83E38C000-memory.dmp

Filesize
48KB

Download
memory/5372-1041-0x00007FF83E390000-0x00007FF83E39C000-memory.dmp

Filesize
48KB

Download
memory/5372-1040-0x00007FF83E950000-0x00007FF83E95C000-memory.dmp

Filesize
48KB

Download
memory/5372-1039-0x00007FF83EDF0000-0x00007FF83EDFB000-memory.dmp

Filesize
44KB

Download
memory/5372-1038-0x00007FF83F150000-0x00007FF83F15C000-memory.dmp

Filesize
48KB

Download
memory/5372-1037-0x00007FF83F1B0000-0x00007FF83F1BB000-memory.dmp

Filesize
44KB

Download
memory/5372-1036-0x00007FF83A7D0000-0x00007FF83A7EC000-memory.dmp

Filesize
112KB

Download
memory/5372-1035-0x00007FF83E3A0000-0x00007FF83E3C3000-memory.dmp

Filesize
140KB

Download
memory/5372-1034-0x00007FF83F1C0000-0x00007FF83F1D8000-memory.dmp

Filesize
96KB

Download
memory/5372-1033-0x00007FF83F1E0000-0x00007FF83F1EA000-memory.dmp

Filesize
40KB

Download
memory/5372-1032-0x00007FF83F4D0000-0x00007FF83F4F6000-memory.dmp

Filesize
152KB

Download
memory/5372-1031-0x00007FF83DA40000-0x00007FF83DA4C000-memory.dmp

Filesize
48KB

Download
memory/5372-1030-0x00007FF83FB20000-0x00007FF83FB34000-memory.dmp

Filesize
80KB

Download
memory/5372-1029-0x00007FF83E940000-0x00007FF83E94B000-memory.dmp

Filesize
44KB

Download
memory/5372-1028-0x00007FF83E3D0000-0x00007FF83E488000-memory.dmp

Filesize
736KB

Download
memory/5372-1027-0x00007FF83F510000-0x00007FF83F53E000-memory.dmp

Filesize
184KB

Download
memory/5372-1026-0x00007FF83DA30000-0x00007FF83DA3C000-memory.dmp

Filesize
48KB

Download
memory/5372-1025-0x00007FF83F1A0000-0x00007FF83F1AB000-memory.dmp

Filesize
44KB

Download
memory/5372-1019-0x00007FF83F500000-0x00007FF83F50B000-memory.dmp

Filesize
44KB

Download
memory/5372-1017-0x00007FF83C830000-0x00007FF83C8B7000-memory.dmp

Filesize
540KB

Download
memory/5372-1016-0x00007FF82F6B0000-0x00007FF82FA25000-memory.dmp

Filesize
3.5MB

Download
memory/5372-1012-0x00007FF83F6C0000-0x00007FF83F6EB000-memory.dmp

Filesize
172KB

Download
memory/5372-1011-0x00007FF83EEF0000-0x00007FF83EFAC000-memory.dmp

Filesize
752KB

Download
memory/5372-1010-0x00007FF83F980000-0x00007FF83F9AE000-memory.dmp

Filesize
184KB

Download
memory/5372-1009-0x00007FF843A80000-0x00007FF843A8D000-memory.dmp

Filesize
52KB

Download
memory/5372-1008-0x00007FF844A80000-0x00007FF844A8D000-memory.dmp

Filesize
52KB

Download
memory/5372-1007-0x00007FF845C10000-0x00007FF845C29000-memory.dmp

Filesize
100KB

Download
memory/5372-1006-0x00007FF844A90000-0x00007FF844AC5000-memory.dmp

Filesize
212KB

Download
memory/5372-1005-0x00007FF845C30000-0x00007FF845C5D000-memory.dmp

Filesize
180KB

Download
memory/5372-1004-0x00007FF845C60000-0x00007FF845C79000-memory.dmp

Filesize
100KB

Download
memory/5372-1003-0x00007FF845C80000-0x00007FF845C8F000-memory.dmp

Filesize
60KB

Download
memory/5372-1002-0x00007FF845C90000-0x00007FF845CB4000-memory.dmp

Filesize
144KB

Download
memory/5372-1013-0x00007FF82FA30000-0x00007FF82FB4C000-memory.dmp

Filesize
1.1MB

Download