c6bd3da755f382466610ed96d363e701cf044819b925684896af26b797abaa6d

Target

DiscordSetup.exe
Size

79.1MB
MD5

3d99554cc8bdd96ab58483a21d821740
SHA1

85389db7e48c563d77cbef27e2f5724cbef4a151
SHA256

c6bd3da755f382466610ed96d363e701cf044819b925684896af26b797abaa6d
SHA512

be063484581b219ae27f6f515901bde14d03fa76adfe1bd33b9174a5551c719e09946548cd5acae0b5204dd21e6e349707cb06225a6d640a542eb15ec8aae183

Score

8^/10

persistence spyware stealer

Malware Config

Signatures

Executes dropped EXE 25 IoCs

Processes:

Update.exeDiscord.exeDiscord.exeUpdate.exeDiscord.exeUpdate.exeDiscord.exeDiscord.exeUpdate.exeDiscord.exeDiscord.exeDiscord.exeUpdate.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeUpdate.exeDiscord.exeDiscord.exeDiscord.exeUpdate.exeDiscord.exeDiscord.exeDiscord.exe

pid	process
520	Update.exe
1372	Discord.exe
1800	Discord.exe
1616	Update.exe
868	Discord.exe
1972	Update.exe
1612	Discord.exe
1644	Discord.exe
1600	Update.exe
380	Discord.exe
760	Discord.exe
1700	Discord.exe
240	Update.exe
328	Discord.exe
1700	Discord.exe
1488	Discord.exe
1440	Discord.exe
1776	Update.exe
1992	Discord.exe
1160	Discord.exe
1752	Discord.exe
2028	Update.exe
752	Discord.exe
1044	Discord.exe
620	Discord.exe

Loads dropped DLL 34 IoCs

Processes:

DiscordSetup.exeUpdate.exeDiscord.exeDiscord.exeUpdate.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exeDiscord.exe

pid	process
1284	DiscordSetup.exe
520	Update.exe
520	Update.exe
520	Update.exe
1372	Discord.exe
1800	Discord.exe
1372	Discord.exe
1616	Update.exe
1616	Update.exe
868	Discord.exe
1616	Update.exe
1616	Update.exe
868	Discord.exe
868	Discord.exe
868	Discord.exe
1616	Update.exe
1616	Update.exe
1612	Discord.exe
1644	Discord.exe
1612	Discord.exe
1612	Discord.exe
1612	Discord.exe
380	Discord.exe
760	Discord.exe
1700	Discord.exe
328	Discord.exe
1700	Discord.exe
1488	Discord.exe
1992	Discord.exe
1160	Discord.exe
1752	Discord.exe
752	Discord.exe
1044	Discord.exe
620	Discord.exe

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe --processStart Discord.exe"	reg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 19 IoCs

Processes:

reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\shell\open	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\ = "URL:Discord Protocol"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\shell	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\ = "URL:Discord Protocol"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9003\\Discord.exe\",-1"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9003\\Discord.exe\" --url -- \"%1\""	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9003\\Discord.exe\",-1"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9003\\Discord.exe\" --url -- \"%1\""	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2955169046-2371869340-1800780948-1000_CLASSES\Discord\DefaultIcon	reg.exe

Modifies registry key 1 TTPs 9 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exe

pid process

1360 reg.exe
1172 reg.exe
540 reg.exe
240 reg.exe
992 reg.exe
812 reg.exe
944 reg.exe
1512 reg.exe
868 reg.exe

pid	process
1360	reg.exe
1172	reg.exe
540	reg.exe
240	reg.exe
992	reg.exe
812	reg.exe
944	reg.exe
1512	reg.exe
868	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Discord.exeDiscord.exeDiscord.exeDiscord.exetaskmgr.exe

pid	process
1372	Discord.exe
1372	Discord.exe
1372	Discord.exe
1372	Discord.exe
1612	Discord.exe
1612	Discord.exe
1612	Discord.exe
1612	Discord.exe
380	Discord.exe
380	Discord.exe
380	Discord.exe
380	Discord.exe
328	Discord.exe
328	Discord.exe
328	Discord.exe
328	Discord.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

1684 taskmgr.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

taskmgr.exe

description pid process

Token: SeDebugPrivilege 1684 taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	1684	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

Update.exetaskmgr.exe

pid	process
520	Update.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe
1684	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

DiscordSetup.exeUpdate.exeDiscord.exe

description	pid	process	target process
PID 1284 wrote to memory of 520	1284	DiscordSetup.exe	Update.exe
PID 1284 wrote to memory of 520	1284	DiscordSetup.exe	Update.exe
PID 1284 wrote to memory of 520	1284	DiscordSetup.exe	Update.exe
PID 1284 wrote to memory of 520	1284	DiscordSetup.exe	Update.exe
PID 1284 wrote to memory of 520	1284	DiscordSetup.exe	Update.exe
PID 1284 wrote to memory of 520	1284	DiscordSetup.exe	Update.exe
PID 1284 wrote to memory of 520	1284	DiscordSetup.exe	Update.exe
PID 520 wrote to memory of 1372	520	Update.exe	Discord.exe
PID 520 wrote to memory of 1372	520	Update.exe	Discord.exe
PID 520 wrote to memory of 1372	520	Update.exe	Discord.exe
PID 520 wrote to memory of 1372	520	Update.exe	Discord.exe
PID 1372 wrote to memory of 1800	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 1800	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 1800	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 1800	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 1616	1372	Discord.exe	Update.exe
PID 1372 wrote to memory of 1616	1372	Discord.exe	Update.exe
PID 1372 wrote to memory of 1616	1372	Discord.exe	Update.exe
PID 1372 wrote to memory of 1616	1372	Discord.exe	Update.exe
PID 1372 wrote to memory of 1616	1372	Discord.exe	Update.exe
PID 1372 wrote to memory of 1616	1372	Discord.exe	Update.exe
PID 1372 wrote to memory of 1616	1372	Discord.exe	Update.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe
PID 1372 wrote to memory of 868	1372	Discord.exe	Discord.exe

C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1284

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:520

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --squirrel-install 1.0.9003
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1372

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9003 --annotation=prod=Electron --annotation=ver=13.4.0 --initial-client-data=0x2fc,0x300,0x304,0x2f8,0x308,0x7ba8820,0x7ba8830,0x7ba883c
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1800

C:\Users\Admin\AppData\Local\Discord\Update.exe
C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1616

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=gpu-process --field-trial-handle=1076,6179895997880536949,3657482084229777188,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1100 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:868

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "C:\Users\Admin\AppData\Local\Discord\Update.exe --processStart Discord.exe" /f
4⤵
- Adds Run key to start application
- Modifies registry key
PID:1172

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
4⤵
- Modifies registry class
- Modifies registry key
PID:812

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
4⤵
- Modifies registry class
- Modifies registry key
PID:540

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe\",-1" /f
4⤵
- Modifies registry class
- Modifies registry key
PID:944

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe\" --url -- \"%1\"" /f
4⤵
- Modifies registry class
- Modifies registry key
PID:1512

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:1972

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1612

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9003 --annotation=prod=Electron --annotation=ver=13.4.0 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f0,0x7ba8820,0x7ba8830,0x7ba883c
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1644

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
3⤵
- Modifies registry class
- Modifies registry key
PID:868

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=gpu-process --field-trial-handle=1064,7332728409201296743,6664679485550001346,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1084 /prefetch:2
3⤵
- Executes dropped EXE
PID:1440

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
3⤵
- Modifies registry class
- Modifies registry key
PID:240

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe\",-1" /f
3⤵
- Modifies registry class
- Modifies registry key
PID:992

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe\" --url -- \"%1\"" /f
3⤵
- Modifies registry class
- Modifies registry key
PID:1360

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:1600

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:380

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9003 --annotation=prod=Electron --annotation=ver=13.4.0 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f0,0x7ba8820,0x7ba8830,0x7ba883c
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:760

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=gpu-process --field-trial-handle=1068,3799872652932344464,16037562661726041042,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1076 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1700

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:240

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:328

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9003 --annotation=prod=Electron --annotation=ver=13.4.0 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f0,0x7ba8820,0x7ba8830,0x7ba883c
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1700

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=gpu-process --field-trial-handle=1076,18210210691605795867,14879095627287413215,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1084 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1488

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1684

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:1776

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1992

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9003 --annotation=prod=Electron --annotation=ver=13.4.0 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2f0,0x300,0x7ba8820,0x7ba8830,0x7ba883c
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1160

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=gpu-process --field-trial-handle=1100,4073416200113348252,16337847923586669473,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1108 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1752

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:2028

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:752

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9003 --annotation=prod=Electron --annotation=ver=13.4.0 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f0,0x7ba8820,0x7ba8830,0x7ba883c
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1044

C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=gpu-process --field-trial-handle=1056,4584856875521494839,2463166772312943953,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1068 /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:620

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\SquirrelSetup.log
MD5
f4e9057c528b4971157b0278e267c7b9

SHA1
6841f5d1d2ffe7f4565ccdf9383b32da48061704

SHA256
a91bfd099b89a58c240df17272a24e8d0d2dc44a1fd89e98aa86d32fc3cc35f2

SHA512
d767b2245e960032dd11547f65ba1e745902b162f730a075cbcd3c51f1efcd97d32353d4a4519b87fca2d598f281bc97b74b01909a78c0f5930f52825126b43d

Download Submit
C:\Users\Admin\AppData\Local\Discord\SquirrelSetup.log
MD5
f541c6cfb43fce776bedca1e431f835b

SHA1
cf30ccb9f7d3326be238ac5e6c3cdfeeb37d08ec

SHA256
fb1dc50b97e7ce342f7c2eb107b454b9d2fd178c0400cb63b0db74f60ea5b7fa

SHA512
6e6e198f9b52ba0cf04b3373bb29ddf72d5efcd9b8bc697eecb735ffff51334c6673816d17b13cf94e60fac9e4706730666b2bca4e01a4e89537be2c5b1dc88e

Download Submit
C:\Users\Admin\AppData\Local\Discord\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
C:\Users\Admin\AppData\Local\Discord\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
C:\Users\Admin\AppData\Local\Discord\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\D3DCompiler_47.dll
MD5
cd8a3be4d5871171fd0b107132d97be8

SHA1
415258c10477a49d0c046a12123ff7abe957612e

SHA256
4a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0

SHA512
4acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\app.ico
MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\chrome_100_percent.pak
MD5
da26775fd7a54d4e8755fd667b5f70db

SHA1
6ff37c107fed247d3717c855287d5de3142a9531

SHA256
43b28df6f3428378a0a630492a3405e613bc816cd2a390c56e44cd6b49dbe5b4

SHA512
b16ccad1fc8c7dfc08d0d8877c05d41c494b1546836399e06bd04354b3e387c155d9d74812cf01e20dde946fdb2e547549599d8907d828ab1cebffa584d8db15

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\chrome_200_percent.pak
MD5
d4bd33dcff9d6361b6c985d958953373

SHA1
38f866b35cd642d4acb4f7efadc6d9f899b55d30

SHA256
abb69e43745fbd63be2933204ed98c387ae703487283509c65415867e3c867ab

SHA512
78a687ffac48b7d422bb33f43bbb8b7511879b287f20484c6fd591343428cff1d2cc07521b982eb4cba5a22324ee7f4dab031fdeff05462ca43b81a528c878f7

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dll
MD5
407ba824c9b7d2b78fcae3ec432edc95

SHA1
3de02857254717947d8eef639eab977ee3f68106

SHA256
70b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37

SHA512
bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\icudtl.dat
MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\installer.db
MD5
07cdc0b21b7cdf66368b835ab883a294

SHA1
23c0b1a607c183e99ecb98978ab75ebeddb8e4b5

SHA256
574316b78ddacc5b38123b3a9bee9bd9cdfde2854e1e8850f633eefb44528463

SHA512
88d3d98de0ec3a95eb54b8e7d71239cdba9d15b9115b896c42dbfbedb887dc0e2b19f947162f914213f3696585ef6ef00879fcccb62718207a09ca13665ac08f

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\libegl.dll
MD5
6a1ee65d57149d9271dece2cc2302af7

SHA1
d25c42991ebca4e976048298d9e627673e0cb961

SHA256
bfa132de083e03493329af222c47b58fed25186b14557467c0c7a763c341c2ce

SHA512
969021ba3650101477d5a2a104531acd2b61c5e21e74f6bbbaa3e78f59ba44381009f9f5b47d6d52ff20aa6fd8247c9e6d4eba79e4b9eb20bdfcfafa32488adf

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\libglesv2.dll
MD5
1c17588aec6b6c31763d6df0dee5ae29

SHA1
9ccf1e5f8e2b3befe2e121f862106a76e3781032

SHA256
69baef5457e7857bd0c7565e62e3f5d6d2380f5981debb377e3e4c813bee66a3

SHA512
cb30fc986f80fb78226503f5adf445d840f86896514733f72b49427bb40e149280ec713507fadf07afb07230ed85342916039034c5bebd80292d1c4ef7141049

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\locales\en-US.pak
MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\resources.pak
MD5
272ebe38583668306068b8279ad20419

SHA1
e098918867c2aa0020bc7bf70466c2a1ac69b650

SHA256
987d662cf3c669c89c2e88216478cf317ab0ea99c1074ad711ba7d94f87439c6

SHA512
acc901974fa6b253ec5da72e46fe316194c64e0a5f20fdda3321b88af7de1b4fe07d3322306d1bf06422f247c7175db8752b7a6330a959f3a1198063dd0aca87

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\resources\app.asar
MD5
a6ef068d647227ef5ed00cedd647ac65

SHA1
a49f14b97341e10419ff8fde777a55bb4fc6701e

SHA256
24f9c1efd70c682715b61a6876911dbac70c1def99933ed8854285481fac7605

SHA512
36f222b8a5417482ff74e216591ff95b4838d34ca2607e0d7006c2d29390f05cb4d961b344ed36b910d6cc7dce2b810a5d83c69c9c7dccb8be9af0c2b4172c61

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\resources\build_info.json
MD5
e2bc5394ef2535b89f0a843bde4f386a

SHA1
33957d4aad2ae5fa3df8939c8aaeab791d86022b

SHA256
3455a01355c9ed76dcc6ba193943147b508c1463520c0ef71992d78c9d447ae7

SHA512
1ccb4bb5103fa551638e7f51ddf5a38818d09f8673575897544bf0ab6ebc80d8e65628caf187edbad8afbd83ab053084c2db051ecb072464596c91e2ad85a95b

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\updater.node
MD5
840328c4430f4594df456f3d635265b8

SHA1
d8033a713be2f9df79e4ff01116c2220aa807cc6

SHA256
db9427191fd986ea05c9a11cf0afb6033deb1a034493f30861754406fe3c5038

SHA512
026b05c06eb0c33a70ef498282375b9de1fded1735811df9d21848836b6d68f33cb4c06a7e981e0300cc25971483b114be697cb2f0387bad69f1f5e108b3eb6e

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\v8_context_snapshot.bin
MD5
55996dd167b35c9c8348478ab602d4ba

SHA1
3a1f119ef7f65c7525f556599e1011c4a24c3cdb

SHA256
59a39e3608b76475950ccd44e8b6fa554e315b8844b650b66ca2f454b939a1ac

SHA512
05233744549f6a9a67ddccc6b522f11c7ffbe7ef98cf9de1818709b506b0f186f5c53178c9db47c44b2b9b22ba5e91396e1780d37d492c3fdac7d7ede495be34

Download Submit
C:\Users\Admin\AppData\Local\Discord\app.ico
MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\packages\Discord-1.0.9003-full.nupkg
MD5
24e50576eff5f4e60fe8c8ebab1796c8

SHA1
3a92638a0471f7dc9c12298d3b3fc71c84b6f4d9

SHA256
b5eb40bfdc4fcbac224e5acad0e46f188a71061edf36ea65e4e7e3817a3d8724

SHA512
2bb6dd433d2b093b7f751d0ffb3c0f6ed3f0d38bb5ede62987d300aa9f458f85124ca6677054fce93a616d646b03ca98413ad0e60e883fb447d5c07ce0e9862e

Download Submit
C:\Users\Admin\AppData\Local\Discord\packages\RELEASES
MD5
867e283b0f115cf51f1e3f917820a060

SHA1
bef3948d11f745dbbff3881636178a95cda9c65a

SHA256
fb83cde18197b12c25b69334903ec4b9ba5a2b64ad5a74f33fb6abe61bd7c58b

SHA512
75a0a64ce15f26b7d2ca61a00c885f3c54168525b6c5be4f4a4369a367f8d93f61aebc7d14f64aa65edd26b73b424e7c6f483ed85e4cbc7f5fe588a07aca71b9

Download Submit
C:\Users\Admin\AppData\Local\Discord\update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9003-full.nupkg
MD5
24e50576eff5f4e60fe8c8ebab1796c8

SHA1
3a92638a0471f7dc9c12298d3b3fc71c84b6f4d9

SHA256
b5eb40bfdc4fcbac224e5acad0e46f188a71061edf36ea65e4e7e3817a3d8724

SHA512
2bb6dd433d2b093b7f751d0ffb3c0f6ed3f0d38bb5ede62987d300aa9f458f85124ca6677054fce93a616d646b03ca98413ad0e60e883fb447d5c07ce0e9862e

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
MD5
867e283b0f115cf51f1e3f917820a060

SHA1
bef3948d11f745dbbff3881636178a95cda9c65a

SHA256
fb83cde18197b12c25b69334903ec4b9ba5a2b64ad5a74f33fb6abe61bd7c58b

SHA512
75a0a64ce15f26b7d2ca61a00c885f3c54168525b6c5be4f4a4369a367f8d93f61aebc7d14f64aa65edd26b73b424e7c6f483ed85e4cbc7f5fe588a07aca71b9

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk
MD5
00c602e840f175231ac4480bb52a72e3

SHA1
ab078dc830b7aedd35df6404f916810d9c495c72

SHA256
bbc556179877470613cf77cf8bd704eb7a7ad43f78a820d17f44925cfa41a67e

SHA512
0306a76d13f4be86f2750cf0611b6756a91e27ac2f08b0f0c015950aeb97eeea6e323aece97f8c2e41044fbc75f1e88dc27c81ed97c619d2a0613b7f33bd15a5

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.dat
MD5
f4950a79e67abc76607f12916461a4a8

SHA1
092b9d74b30a73dfa433b00433cebe7c364da13a

SHA256
5f8f5adcbdf56016a5e5aa78cf065b8107805f9e2bef68ddfda9f4710325bc16

SHA512
6f2dcc9d98ec736470529cdc5d1e866483b695d6b5e5c8dc2fa45f90cb9c8b10cf9cdb86e754003893e065484adfefae1af35ead5d92a5e6f289492ea8041c80

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.dat
MD5
f4950a79e67abc76607f12916461a4a8

SHA1
092b9d74b30a73dfa433b00433cebe7c364da13a

SHA256
5f8f5adcbdf56016a5e5aa78cf065b8107805f9e2bef68ddfda9f4710325bc16

SHA512
6f2dcc9d98ec736470529cdc5d1e866483b695d6b5e5c8dc2fa45f90cb9c8b10cf9cdb86e754003893e065484adfefae1af35ead5d92a5e6f289492ea8041c80

Download Submit
C:\Users\Admin\Desktop\Discord.lnk
MD5
b9890387a9c942dea5894f88c81f20d8

SHA1
b5a0a9cc71b6746eb78e4935428aa0075ffd852d

SHA256
00e9bd0456144fcb119e6cca367709bc9bc098ac8d9f7a87b80a65554971a5ea

SHA512
91678ad5013e92835b1cc99a6dc6a62ff5e5abe1a558250e5a8bdf0cb03da73ec049c66395d4787816fa04cea55ad9ccbf7db46e3e10075d430e2dd4ed5d6444

Download Submit
\??\pipe\crashpad_1372_UOLJPFWTKNCSPYPC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Discord\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
\Users\Admin\AppData\Local\Discord\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
\Users\Admin\AppData\Local\Discord\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
\Users\Admin\AppData\Local\Discord\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
\Users\Admin\AppData\Local\Discord\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
\Users\Admin\AppData\Local\Discord\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
\Users\Admin\AppData\Local\Discord\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe
MD5
1c13935aeff94d2473978482644cc599

SHA1
cbc38180cd5c659b0e48d95676b730b70f3de77f

SHA256
688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db

SHA512
17b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\d3dcompiler_47.dll
MD5
cd8a3be4d5871171fd0b107132d97be8

SHA1
415258c10477a49d0c046a12123ff7abe957612e

SHA256
4a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0

SHA512
4acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dll
MD5
407ba824c9b7d2b78fcae3ec432edc95

SHA1
3de02857254717947d8eef639eab977ee3f68106

SHA256
70b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37

SHA512
bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dll
MD5
407ba824c9b7d2b78fcae3ec432edc95

SHA1
3de02857254717947d8eef639eab977ee3f68106

SHA256
70b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37

SHA512
bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dll
MD5
407ba824c9b7d2b78fcae3ec432edc95

SHA1
3de02857254717947d8eef639eab977ee3f68106

SHA256
70b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37

SHA512
bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dll
MD5
407ba824c9b7d2b78fcae3ec432edc95

SHA1
3de02857254717947d8eef639eab977ee3f68106

SHA256
70b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37

SHA512
bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dll
MD5
407ba824c9b7d2b78fcae3ec432edc95

SHA1
3de02857254717947d8eef639eab977ee3f68106

SHA256
70b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37

SHA512
bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dll
MD5
407ba824c9b7d2b78fcae3ec432edc95

SHA1
3de02857254717947d8eef639eab977ee3f68106

SHA256
70b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37

SHA512
bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\libEGL.dll
MD5
6a1ee65d57149d9271dece2cc2302af7

SHA1
d25c42991ebca4e976048298d9e627673e0cb961

SHA256
bfa132de083e03493329af222c47b58fed25186b14557467c0c7a763c341c2ce

SHA512
969021ba3650101477d5a2a104531acd2b61c5e21e74f6bbbaa3e78f59ba44381009f9f5b47d6d52ff20aa6fd8247c9e6d4eba79e4b9eb20bdfcfafa32488adf

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\libGLESv2.dll
MD5
1c17588aec6b6c31763d6df0dee5ae29

SHA1
9ccf1e5f8e2b3befe2e121f862106a76e3781032

SHA256
69baef5457e7857bd0c7565e62e3f5d6d2380f5981debb377e3e4c813bee66a3

SHA512
cb30fc986f80fb78226503f5adf445d840f86896514733f72b49427bb40e149280ec713507fadf07afb07230ed85342916039034c5bebd80292d1c4ef7141049

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9003\updater.node
MD5
840328c4430f4594df456f3d635265b8

SHA1
d8033a713be2f9df79e4ff01116c2220aa807cc6

SHA256
db9427191fd986ea05c9a11cf0afb6033deb1a034493f30861754406fe3c5038

SHA512
026b05c06eb0c33a70ef498282375b9de1fded1735811df9d21848836b6d68f33cb4c06a7e981e0300cc25971483b114be697cb2f0387bad69f1f5e108b3eb6e

Download Submit
\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
MD5
e039f56dc6315942bc3e3d9ad4d586e7

SHA1
5158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50

SHA256
e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1

SHA512
2b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60

Download Submit
memory/240-204-0x00000000009A0000-0x00000000009A1000-memory.dmp

Filesize
4KB

Download
memory/240-167-0x0000000000000000-mapping.dmp

Download
memory/328-205-0x0000000000000000-mapping.dmp

Download
memory/380-174-0x0000000000000000-mapping.dmp

Download
memory/520-62-0x0000000000A10000-0x0000000000A11000-memory.dmp

Filesize
4KB

Download
memory/520-57-0x0000000000000000-mapping.dmp

Download
memory/520-60-0x0000000000E60000-0x0000000000E61000-memory.dmp

Filesize
4KB

Download
memory/540-133-0x0000000000000000-mapping.dmp

Download
memory/620-282-0x0000000000000000-mapping.dmp

Download
memory/752-260-0x0000000000000000-mapping.dmp

Download
memory/760-179-0x0000000000000000-mapping.dmp

Download
memory/812-132-0x0000000000000000-mapping.dmp

Download
memory/868-103-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-99-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-114-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-112-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-117-0x0000000000000000-mapping.dmp

Download
memory/868-111-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-110-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-119-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/868-109-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-116-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-106-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-107-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-108-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-104-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-161-0x0000000000000000-mapping.dmp

Download
memory/868-101-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-100-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-115-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/868-96-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/944-134-0x0000000000000000-mapping.dmp

Download
memory/992-168-0x0000000000000000-mapping.dmp

Download
memory/1044-262-0x0000000000000000-mapping.dmp

Download
memory/1160-236-0x0000000000000000-mapping.dmp

Download
memory/1172-131-0x0000000000000000-mapping.dmp

Download
memory/1284-55-0x0000000075191000-0x0000000075193000-memory.dmp

Filesize
8KB

Download
memory/1360-169-0x0000000000000000-mapping.dmp

Download
memory/1372-68-0x0000000000000000-mapping.dmp

Download
memory/1440-163-0x0000000000CC9000-0x0000000000CCA000-memory.dmp

Filesize
4KB

Download
memory/1440-165-0x0000000000CC9000-0x0000000000CCA000-memory.dmp

Filesize
4KB

Download
memory/1440-164-0x0000000000CC9000-0x0000000000CCA000-memory.dmp

Filesize
4KB

Download
memory/1488-227-0x0000000000000000-mapping.dmp

Download
memory/1512-135-0x0000000000000000-mapping.dmp

Download
memory/1600-171-0x00000000012E0000-0x00000000012E1000-memory.dmp

Filesize
4KB

Download
memory/1600-178-0x0000000001210000-0x0000000001211000-memory.dmp

Filesize
4KB

Download
memory/1612-166-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1612-142-0x0000000000000000-mapping.dmp

Download
memory/1616-87-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/1616-85-0x0000000000000000-mapping.dmp

Download
memory/1616-95-0x0000000004DA0000-0x0000000004DA1000-memory.dmp

Filesize
4KB

Download
memory/1644-146-0x0000000000000000-mapping.dmp

Download
memory/1684-230-0x0000000001BB0000-0x0000000001BBB000-memory.dmp

Filesize
44KB

Download
memory/1700-200-0x0000000000000000-mapping.dmp

Download
memory/1700-185-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-192-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-193-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-194-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-195-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-196-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-197-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-198-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-199-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-186-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-191-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-187-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-207-0x0000000000000000-mapping.dmp

Download
memory/1700-190-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-189-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1700-188-0x0000000000122000-0x0000000000123000-memory.dmp

Filesize
4KB

Download
memory/1752-256-0x0000000000000000-mapping.dmp

Download
memory/1776-234-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/1800-78-0x0000000000000000-mapping.dmp

Download
memory/1972-148-0x0000000005040000-0x0000000005041000-memory.dmp

Filesize
4KB

Download
memory/1972-139-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

Filesize
4KB

Download
memory/1992-233-0x0000000000000000-mapping.dmp

Download
memory/2028-284-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads