98d44e13f455d916674d38424d39e1cb01b2a9132aacbb7b97a6f8bb7feb2544

Analysis

max time kernel
91s
max time network
84s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
10/09/2022, 11:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aaaaaaaaa.txt
Size

3B
MD5

3c3662bcb661d6de679c636744c66b62
SHA1

68bb04bd54b8f6c530695e0b77de298276a0511d
SHA256

98d44e13f455d916674d38424d39e1cb01b2a9132aacbb7b97a6f8bb7feb2544
SHA512

98923710a30301e03d25bc9ea565d4cfb738b7390dc91871cdd368bd58b959e57dac211730538be0433f85a1a3011bbab9a91b1232022694b7f66ac49109f4a1

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
4100	DiscordSetup.exe
192	Update.exe
4384	Discord.exe
2392	Discord.exe
4016	Update.exe
224	Discord.exe

Loads dropped DLL 3 IoCs

pid	Process
4384	Discord.exe
2392	Discord.exe
224	Discord.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings	firefox.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
4196	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2064	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
4384	Discord.exe
4384	Discord.exe
4384	Discord.exe
4384	Discord.exe
1496	taskmgr.exe
4384	Discord.exe
4384	Discord.exe
4384	Discord.exe
4384	Discord.exe
4384	Discord.exe
4384	Discord.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1904	firefox.exe
Token: SeDebugPrivilege	1904	firefox.exe
Token: SeDebugPrivilege	1496	taskmgr.exe
Token: SeSystemProfilePrivilege	1496	taskmgr.exe
Token: SeCreateGlobalPrivilege	1496	taskmgr.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
192	Update.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe

Suspicious use of SendNotifyMessage 41 IoCs

pid	Process
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe
1496	taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe
1904	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 1904	2672	firefox.exe	68
PID 2672 wrote to memory of 1904	2672	firefox.exe	68
PID 2672 wrote to memory of 1904	2672	firefox.exe	68
PID 2672 wrote to memory of 1904	2672	firefox.exe	68
PID 2672 wrote to memory of 1904	2672	firefox.exe	68
PID 2672 wrote to memory of 1904	2672	firefox.exe	68
PID 2672 wrote to memory of 1904	2672	firefox.exe	68
PID 2672 wrote to memory of 1904	2672	firefox.exe	68
PID 2672 wrote to memory of 1904	2672	firefox.exe	68
PID 1904 wrote to memory of 3304	1904	firefox.exe	70
PID 1904 wrote to memory of 3304	1904	firefox.exe	70
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 3048	1904	firefox.exe	72
PID 1904 wrote to memory of 4032	1904	firefox.exe	73
PID 1904 wrote to memory of 4032	1904	firefox.exe	73
PID 1904 wrote to memory of 4032	1904	firefox.exe	73
PID 1904 wrote to memory of 4032	1904	firefox.exe	73
PID 1904 wrote to memory of 4032	1904	firefox.exe	73
PID 1904 wrote to memory of 4032	1904	firefox.exe	73
PID 1904 wrote to memory of 4032	1904	firefox.exe	73
PID 1904 wrote to memory of 4032	1904	firefox.exe	73
PID 1904 wrote to memory of 4032	1904	firefox.exe	73
PID 1904 wrote to memory of 4032	1904	firefox.exe	73

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\aaaaaaaaa.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2064

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.0.1221205435\64058728" -parentBuildID 20200403170909 -prefsHandle 1512 -prefMapHandle 1484 -prefsLen 1 -prefMapSize 219938 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 1592 gpu
    3⤵
    PID:3304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.3.1891808887\1291533890" -childID 1 -isForBrowser -prefsHandle 2228 -prefMapHandle 2224 -prefsLen 122 -prefMapSize 219938 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 2236 tab
    3⤵
    PID:3048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.13.1395829157\1558099394" -childID 2 -isForBrowser -prefsHandle 3432 -prefMapHandle 3428 -prefsLen 6904 -prefMapSize 219938 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 3440 tab
    3⤵
    PID:4032

C:\Users\Admin\Downloads\DiscordSetup.exe
"C:\Users\Admin\Downloads\DiscordSetup.exe"
1⤵
- Executes dropped EXE
PID:4100
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:192
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe" --squirrel-install 1.0.9006
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4384
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe
      C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9006 --annotation=prod=Electron --annotation=ver=13.6.6 --initial-client-data=0x468,0x46c,0x470,0x464,0x474,0x75c3850,0x75c3860,0x75c386c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2392
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
      4⤵
      Executes dropped EXE
      PID:4016
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe" --type=gpu-process --field-trial-handle=1608,18303675659133119154,465852867847620690,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1616 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:224
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "C:\Users\Admin\AppData\Local\Discord\Update.exe --processStart Discord.exe" /f
      4⤵
      Modifies registry key
      PID:4196

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1496

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\Update.exe

Filesize
1.5MB

MD5
ea40498db49354e7ade5ac4d884ca901

SHA1
52cd6a1e7760e0920496ddcd93de32dfdbece0e6

SHA256
e4d819c36d1c80c660ba696908dcf43cd463a81f340eed8b05893209876353ff

SHA512
8a31109f4be9bda4b91d67fec8cb9fc42a7222ed2827658bd0a7297506315793a78cb266e0ba322da5adec2f37bbbb2b041e9456457b91a29a1712a0c4ec3047

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\D3DCompiler_47.dll

Filesize
3.5MB

MD5
cd8a3be4d5871171fd0b107132d97be8

SHA1
415258c10477a49d0c046a12123ff7abe957612e

SHA256
4a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0

SHA512
4acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe

Filesize
112.5MB

MD5
41fb1601776da84d51b49702c58ff45e

SHA1
2d6e9c7a611e4c5a43b2b948e264543014c7b55a

SHA256
1e7bd4f22e932e852f2da637800f4241e9ac7cd2888a26cf1b600dca68b872d7

SHA512
aebe8795a2f3c8bb3d8d7b782a173a1c2f3b866e00d9a4089aa2d20baa32708443cfd49f31024d292a95cf8b2e4148c1ebddfd0c7eb9c962e8c2ba984f7bd744

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe

Filesize
112.5MB

MD5
41fb1601776da84d51b49702c58ff45e

SHA1
2d6e9c7a611e4c5a43b2b948e264543014c7b55a

SHA256
1e7bd4f22e932e852f2da637800f4241e9ac7cd2888a26cf1b600dca68b872d7

SHA512
aebe8795a2f3c8bb3d8d7b782a173a1c2f3b866e00d9a4089aa2d20baa32708443cfd49f31024d292a95cf8b2e4148c1ebddfd0c7eb9c962e8c2ba984f7bd744

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe

Filesize
57.6MB

MD5
7a11c2a55c6c91369f292683bc878043

SHA1
bf0729d52d82438d3fe3dde815157895f8535734

SHA256
773ea40939b01fff147f974d3dad9bfaf1dcb6309e2edcfa3c3015d7c56e190a

SHA512
7f2ddcca1b9c6b62452463e6be5fa87119ec48202c6f7ae4cac96418fdc157e46fcf1901e98be17bc3c04df338876787f948b542e3de2cd4bfec626fa1cbbea7

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\Discord.exe

Filesize
36.2MB

MD5
af516f9c8409d8094ec93b16516422a8

SHA1
35b68976113fa8da0d410e92e3251ed0debafe33

SHA256
d6a39d04118d5a1d0e4324170b94796c9e4d3c71b3effee498f9bd8b74a6bde2

SHA512
f70ea31d06d485788704706b5dace3a2713715952089eb1d20743598666163c75e5ac1b000001a891d0594e9aecf198b498c2233ddc5e748db46a61afeb471fb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\chrome_100_percent.pak

Filesize
138KB

MD5
da26775fd7a54d4e8755fd667b5f70db

SHA1
6ff37c107fed247d3717c855287d5de3142a9531

SHA256
43b28df6f3428378a0a630492a3405e613bc816cd2a390c56e44cd6b49dbe5b4

SHA512
b16ccad1fc8c7dfc08d0d8877c05d41c494b1546836399e06bd04354b3e387c155d9d74812cf01e20dde946fdb2e547549599d8907d828ab1cebffa584d8db15

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\chrome_200_percent.pak

Filesize
202KB

MD5
d4bd33dcff9d6361b6c985d958953373

SHA1
38f866b35cd642d4acb4f7efadc6d9f899b55d30

SHA256
abb69e43745fbd63be2933204ed98c387ae703487283509c65415867e3c867ab

SHA512
78a687ffac48b7d422bb33f43bbb8b7511879b287f20484c6fd591343428cff1d2cc07521b982eb4cba5a22324ee7f4dab031fdeff05462ca43b81a528c878f7

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\ffmpeg.dll

Filesize
2.5MB

MD5
734423195bbc6da0080993cb09a8df34

SHA1
068ead5b628b2a01b0d70262584fbc775667d2a5

SHA256
1026bb0eac264ba50c63674e59e8f02dbbd3df0fc352836e742732d38469bf8c

SHA512
30b86c70a3552092aa9c4dc8b188291d2f8b0b1fc55fa70832327107c4fdc344225bed79bc0afec5363940567394bdea2e7c2a5172eb14ce79c83cfc88caf088

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\resources.pak

Filesize
4.9MB

MD5
67f916ca62254aea146598b68c5c7430

SHA1
0287c09199a0d161aa7969b5358b72505ad75fb7

SHA256
735d351b7a7bf0dbd5fdaee9a68a431b3c1db383403ca3c60fb3d4977ed94993

SHA512
ea8cbec8be6b1dd622189cf5d905c3d5dec5f4b85db0f17fdda4f3e7fe67f35de0e79d30a1d2e1f64d2de212d8391e52c54dceaad736e141a6b3f7261b275819

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\resources\app.asar

Filesize
8.7MB

MD5
e266461d8e76cc8114d1f361d0be08f0

SHA1
76d59c133cdc6817997dc4448a3ffdef9a9f65bc

SHA256
4bb6da4ee8ef4fff6aad93ea60afad58d5e339791ca0b54d21a00b45536db0fe

SHA512
1efc14fc68e290303add03d7111914647dff0a8b0c6be0444436ae663e9a4da0721856f61a98f9a89ccc4564ecc2107ba4021623d5675a9a199b9ea391784c43

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\resources\build_info.json

Filesize
85B

MD5
957c7aadfed8c96fe3b05cfa73253981

SHA1
d291942f0270c076a1065dcb89b757ec1f50a956

SHA256
853c396ec96ad7f57bc2475196aeadaa317515332a8603c9a9c959907f9a77bc

SHA512
5168968c980f7143fe032d574ffe02695545c2cf686a2ae9d382448d5839558f5f548407a83ff427274f1bb21fb1e3fa15b33ade5a2aa57bd16f163e01270a96

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\swiftshader\libegl.dll

Filesize
384KB

MD5
208ed640e7006f54d6117297d9f8c8d5

SHA1
a7489be0fa434c7b05ab9ce8ef022011022b9b46

SHA256
0c23ae30a3959cf21b9346ce86b9661059710f132a2922f1f89e846b06ba6175

SHA512
30aa53ab521448f0db9e466be5b4d2267a84c780f30de0255875c3d93151bd2e870ef43c3370166e182507f5871559666296fc26ab43c2a40767744ab0a91d66

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\swiftshader\libglesv2.dll

Filesize
2.7MB

MD5
09c96e8861f65ce00c62bbf757538bc7

SHA1
dbe9e6b0d1f78729acb8b8c710c1ff8208e2c295

SHA256
d1c25d5ef0e35caaf0a5824f65273655363fb119b8daff406e97e6b1b54c5cd8

SHA512
98f8590a2cd7c9a51c9d0c7909b59642717bfc02b82272da2ad322ce1d8bc8c07323d4364b4f31e890b899fc548cc4b52921787d4218e472538c094728c3c58f

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9006\v8_context_snapshot.bin

Filesize
161KB

MD5
d88d23551a4d7230f98fe0cbd363695b

SHA1
8e28eb4153e00aa5345bdb539b925a777588a26b

SHA256
72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

SHA512
ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

Download Submit
C:\Users\Admin\AppData\Local\Discord\packages\Discord-1.0.9006-full.nupkg

Filesize
33.9MB

MD5
bc301ac018d7bfbe095c8cc62dfedd03

SHA1
13b5f54924e7b18d7f3a7f8e0e6fef328a735e6b

SHA256
22ab405433e3fe048e637e0e9fdc2fe3345efbe08b5e8acd737d363d03edfb1f

SHA512
24595a1c403b196848f030264b25d3e42a3519e9e6431689e44bd8ee1aa7edfbbe28166480870dfb82c6bb2c20d390c5c599b07c3c3a3e270b0c441776e30b05

Download Submit
C:\Users\Admin\AppData\Local\Discord\packages\RELEASES

Filesize
80B

MD5
2d3608933b5d865b4799e3af182236ac

SHA1
58de01c2ee7bd258789cef995e21e433e39bf39e

SHA256
d109be8ae4fcb48a282d930048c2601fab2cd0f73fd281991ef526d2db6f0aec

SHA512
a86dece33c4e661e3f34ad104b0d421cb08478dabcebb6dd4993e5a95849fe44928f586179dd17ab00066951ec000e306d1c33c1e07e8ea533efd4fea7a3e42e

Download Submit
C:\Users\Admin\AppData\Local\Discord\update.exe

Filesize
1.5MB

MD5
ea40498db49354e7ade5ac4d884ca901

SHA1
52cd6a1e7760e0920496ddcd93de32dfdbece0e6

SHA256
e4d819c36d1c80c660ba696908dcf43cd463a81f340eed8b05893209876353ff

SHA512
8a31109f4be9bda4b91d67fec8cb9fc42a7222ed2827658bd0a7297506315793a78cb266e0ba322da5adec2f37bbbb2b041e9456457b91a29a1712a0c4ec3047

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9006-full.nupkg

Filesize
78.4MB

MD5
23fe2955f52b7d3225aad063ef707d3c

SHA1
53c53411b9ef1eedceecad3415fa0b927f9004e7

SHA256
dec2603d14cde8184fef536a8486b85374f5205df2f3be666deb1962024e4517

SHA512
41bdfcfae2e2fa81ad0cc968bea507074348211300e898255fe030568373e1a27e0760f39917254b9c04a320a01944860d35afd7c44553a68fd1e72682b1d308

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
2d3608933b5d865b4799e3af182236ac

SHA1
58de01c2ee7bd258789cef995e21e433e39bf39e

SHA256
d109be8ae4fcb48a282d930048c2601fab2cd0f73fd281991ef526d2db6f0aec

SHA512
a86dece33c4e661e3f34ad104b0d421cb08478dabcebb6dd4993e5a95849fe44928f586179dd17ab00066951ec000e306d1c33c1e07e8ea533efd4fea7a3e42e

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
ea40498db49354e7ade5ac4d884ca901

SHA1
52cd6a1e7760e0920496ddcd93de32dfdbece0e6

SHA256
e4d819c36d1c80c660ba696908dcf43cd463a81f340eed8b05893209876353ff

SHA512
8a31109f4be9bda4b91d67fec8cb9fc42a7222ed2827658bd0a7297506315793a78cb266e0ba322da5adec2f37bbbb2b041e9456457b91a29a1712a0c4ec3047

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
ea40498db49354e7ade5ac4d884ca901

SHA1
52cd6a1e7760e0920496ddcd93de32dfdbece0e6

SHA256
e4d819c36d1c80c660ba696908dcf43cd463a81f340eed8b05893209876353ff

SHA512
8a31109f4be9bda4b91d67fec8cb9fc42a7222ed2827658bd0a7297506315793a78cb266e0ba322da5adec2f37bbbb2b041e9456457b91a29a1712a0c4ec3047

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.dat

Filesize
40B

MD5
a403ea555adbd9cc5ae29cf746fa6aa4

SHA1
c006dcbab82a3d9584e05b22a630537a57e40ab9

SHA256
b6c0ca22897055ac33f59459b3c690b708a36c04b95c2ea12d916dad6e911394

SHA512
23878022b88458692eb87366b76359deee192a60c384d401dff39f98c623fef81ff407bdba415eaa0a49baeac450152eff86eaef1d009a9fbb871abdfb990b7d

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.exe

Filesize
79.3MB

MD5
d2b7dc955ef2c5c0dfeac6b33e322f7f

SHA1
02b8ecb01763420497be37e2a1da7ba06932a3cc

SHA256
99f427a688d6f00735c209c0de1aaa615aa630f4fbe9108f36212df9464cc869

SHA512
ec78ec449a9c906b71be76031c7001ea8e17c4663b9eb3ad13f21d2eb6955308f1ae822740ae71f575efd6789ae0560fda2e3408d7312e46ca88f3cc8375cc00

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.exe

Filesize
79.3MB

MD5
d2b7dc955ef2c5c0dfeac6b33e322f7f

SHA1
02b8ecb01763420497be37e2a1da7ba06932a3cc

SHA256
99f427a688d6f00735c209c0de1aaa615aa630f4fbe9108f36212df9464cc869

SHA512
ec78ec449a9c906b71be76031c7001ea8e17c4663b9eb3ad13f21d2eb6955308f1ae822740ae71f575efd6789ae0560fda2e3408d7312e46ca88f3cc8375cc00

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9006\d3dcompiler_47.dll

Filesize
3.5MB

MD5
cd8a3be4d5871171fd0b107132d97be8

SHA1
415258c10477a49d0c046a12123ff7abe957612e

SHA256
4a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0

SHA512
4acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9006\ffmpeg.dll

Filesize
2.5MB

MD5
734423195bbc6da0080993cb09a8df34

SHA1
068ead5b628b2a01b0d70262584fbc775667d2a5

SHA256
1026bb0eac264ba50c63674e59e8f02dbbd3df0fc352836e742732d38469bf8c

SHA512
30b86c70a3552092aa9c4dc8b188291d2f8b0b1fc55fa70832327107c4fdc344225bed79bc0afec5363940567394bdea2e7c2a5172eb14ce79c83cfc88caf088

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9006\ffmpeg.dll

Filesize
2.5MB

MD5
734423195bbc6da0080993cb09a8df34

SHA1
068ead5b628b2a01b0d70262584fbc775667d2a5

SHA256
1026bb0eac264ba50c63674e59e8f02dbbd3df0fc352836e742732d38469bf8c

SHA512
30b86c70a3552092aa9c4dc8b188291d2f8b0b1fc55fa70832327107c4fdc344225bed79bc0afec5363940567394bdea2e7c2a5172eb14ce79c83cfc88caf088

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9006\ffmpeg.dll

Filesize
2.5MB

MD5
734423195bbc6da0080993cb09a8df34

SHA1
068ead5b628b2a01b0d70262584fbc775667d2a5

SHA256
1026bb0eac264ba50c63674e59e8f02dbbd3df0fc352836e742732d38469bf8c

SHA512
30b86c70a3552092aa9c4dc8b188291d2f8b0b1fc55fa70832327107c4fdc344225bed79bc0afec5363940567394bdea2e7c2a5172eb14ce79c83cfc88caf088

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9006\swiftshader\libEGL.dll

Filesize
384KB

MD5
208ed640e7006f54d6117297d9f8c8d5

SHA1
a7489be0fa434c7b05ab9ce8ef022011022b9b46

SHA256
0c23ae30a3959cf21b9346ce86b9661059710f132a2922f1f89e846b06ba6175

SHA512
30aa53ab521448f0db9e466be5b4d2267a84c780f30de0255875c3d93151bd2e870ef43c3370166e182507f5871559666296fc26ab43c2a40767744ab0a91d66

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9006\swiftshader\libGLESv2.dll

Filesize
2.2MB

MD5
a9aa0c3bee97045e84b7a1bfbfeb96bb

SHA1
7f401d3bc8b9393022bc41e415cf052de7ca6414

SHA256
33fe8cc59fe0c36da93c089732593ccc4066f0b1330893ede9a9d11ac31c24ff

SHA512
820449893276ff9320d148006e392e46dad47682ae40f25c263e88bd5a1d4a6e71ca06720d0b06d7ccfebc45cb5f41af1f6d5b57aa66f9f14ce73bed359aadc8

Download Submit
memory/192-174-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-240-0x0000000007920000-0x0000000007958000-memory.dmp

Filesize
224KB

Download
memory/192-238-0x00000000078A0000-0x00000000078A8000-memory.dmp

Filesize
32KB

Download
memory/192-197-0x0000000000B90000-0x0000000000D06000-memory.dmp

Filesize
1.5MB

Download
memory/192-160-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-161-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-162-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-163-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-164-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-165-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-166-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-188-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-167-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-169-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-170-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-172-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-171-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-173-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-187-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-175-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-176-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-177-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-178-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-179-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-180-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-181-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-183-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-182-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-185-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-186-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/192-184-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4016-507-0x0000000005570000-0x0000000005590000-memory.dmp

Filesize
128KB

Download
memory/4100-139-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-137-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-156-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-150-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-121-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-149-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-148-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-147-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-146-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-136-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-144-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-143-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-142-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-151-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-141-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-140-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-153-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-152-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-157-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-138-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-145-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-135-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-134-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-133-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-155-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-132-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-131-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-130-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-129-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-154-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-122-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-128-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-126-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-125-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-124-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download
memory/4100-123-0x0000000077840000-0x00000000779CE000-memory.dmp

Filesize
1.6MB

Download