b3798b6c71f793145bbc6f3dbbb9bc6d8c800deab8a2c5917029c7aa0270089c

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2022, 17:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

DiscordPTBSetup.exe
Size

79.3MB
MD5

ff5cc8b57b09bbdecaa766a20adf86f1
SHA1

c7255e6cd95bd6b8e7d403c0b9aba9780d47cd0e
SHA256

b3798b6c71f793145bbc6f3dbbb9bc6d8c800deab8a2c5917029c7aa0270089c
SHA512

3c650587b6261609bc2fcbdfc22c2f24b7016c83c049740a195aa68f4b81a12eb12011642efed301e71267fbb5cca3aceccf599de8d23cdc800e402904f90baf
SSDEEP

1572864:jYfgG4iQq2KdjLo/8tja6HxbDImFy6jIBk/6gHOeIdFm+lSN3rsu+actk+oBEVVG:Uf9QDKZm8JNxbDIm10K6qOewFfSN3rVx

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
4164	Update.exe
3384	DiscordPTB.exe
1624	DiscordPTB.exe
1972	Update.exe
2752	DiscordPTB.exe
800	DiscordPTB.exe

Loads dropped DLL 7 IoCs

pid	Process
3384	DiscordPTB.exe
1624	DiscordPTB.exe
2752	DiscordPTB.exe
2752	DiscordPTB.exe
2752	DiscordPTB.exe
2752	DiscordPTB.exe
800	DiscordPTB.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DiscordPTB = "C:\\Users\\Admin\\AppData\\Local\\DiscordPTB\\Update.exe --processStart DiscordPTB.exe"	reg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 11 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\DiscordPTB\\app-1.0.1018\\DiscordPTB.exe\",-1"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Discord\shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Discord\shell\open	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Discord\DefaultIcon	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\DiscordPTB\\app-1.0.1018\\DiscordPTB.exe\" --url -- \"%1\""	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Discord	reg.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry

T1112

pid	Process
4228	reg.exe
4952	reg.exe
4704	reg.exe
1640	reg.exe
3356	reg.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3384	DiscordPTB.exe
3384	DiscordPTB.exe
3384	DiscordPTB.exe
3384	DiscordPTB.exe
3384	DiscordPTB.exe
3384	DiscordPTB.exe
3384	DiscordPTB.exe
3384	DiscordPTB.exe
3384	DiscordPTB.exe
3384	DiscordPTB.exe
800	DiscordPTB.exe
800	DiscordPTB.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4164	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 4164	4584	DiscordPTBSetup.exe	80
PID 4584 wrote to memory of 4164	4584	DiscordPTBSetup.exe	80
PID 4584 wrote to memory of 4164	4584	DiscordPTBSetup.exe	80
PID 4164 wrote to memory of 3384	4164	Update.exe	87
PID 4164 wrote to memory of 3384	4164	Update.exe	87
PID 4164 wrote to memory of 3384	4164	Update.exe	87
PID 3384 wrote to memory of 1624	3384	DiscordPTB.exe	90
PID 3384 wrote to memory of 1624	3384	DiscordPTB.exe	90
PID 3384 wrote to memory of 1624	3384	DiscordPTB.exe	90
PID 3384 wrote to memory of 1972	3384	DiscordPTB.exe	91
PID 3384 wrote to memory of 1972	3384	DiscordPTB.exe	91
PID 3384 wrote to memory of 1972	3384	DiscordPTB.exe	91
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 2752	3384	DiscordPTB.exe	92
PID 3384 wrote to memory of 800	3384	DiscordPTB.exe	105
PID 3384 wrote to memory of 800	3384	DiscordPTB.exe	105
PID 3384 wrote to memory of 800	3384	DiscordPTB.exe	105
PID 3384 wrote to memory of 4228	3384	DiscordPTB.exe	100
PID 3384 wrote to memory of 4228	3384	DiscordPTB.exe	100
PID 3384 wrote to memory of 4228	3384	DiscordPTB.exe	100
PID 3384 wrote to memory of 4704	3384	DiscordPTB.exe	96
PID 3384 wrote to memory of 4704	3384	DiscordPTB.exe	96
PID 3384 wrote to memory of 4704	3384	DiscordPTB.exe	96
PID 3384 wrote to memory of 3356	3384	DiscordPTB.exe	99
PID 3384 wrote to memory of 3356	3384	DiscordPTB.exe	99

C:\Users\Admin\AppData\Local\Temp\DiscordPTBSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordPTBSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4164
- - C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe
    "C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe" --squirrel-install 1.0.1018
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3384
  - - C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe
      C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discordptb /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discordptb\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=1a27a96457b24ff286a000266c573919 "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.1018 --annotation=prod=Electron --annotation=ver=13.6.6 --initial-client-data=0x470,0x474,0x478,0x46c,0x47c,0x7473850,0x7473860,0x747386c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1624
  - - C:\Users\Admin\AppData\Local\DiscordPTB\Update.exe
      C:\Users\Admin\AppData\Local\DiscordPTB\Update.exe --createShortcut DiscordPTB.exe --setupIcon C:\Users\Admin\AppData\Local\DiscordPTB\app.ico
      4⤵
      Executes dropped EXE
      PID:1972
  - - C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe
      "C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe" --type=gpu-process --field-trial-handle=1764,11434433532841885165,6517609603022083002,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1776 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2752
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4704
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe\",-1" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:1640
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:3356
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v DiscordPTB /d "C:\Users\Admin\AppData\Local\DiscordPTB\Update.exe --processStart DiscordPTB.exe" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:4228
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe\" --url -- \"%1\"" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4952
  - - C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe
      "C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1764,11434433532841885165,6517609603022083002,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1816

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\DiscordPTB\Update.exe

Filesize
1.5MB

MD5
c2a2aca4bb0320ef209161a09f552365

SHA1
9144d31f8e793ca68cb252b3a703d5d3a3cd26df

SHA256
e1afb35f2e8d02f31ab07bc9493c2cb256eca1b074759fb53cc026ca3262290e

SHA512
e0be2dca260b1542b3c60d1c25167dd0c78269a124c4b92a339dd0c69d1e744a25367da485a671fdf5b4f59cc0dbb3ff40e3e4d260af8090ffae189c6d004f8d

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\D3DCompiler_47.dll

Filesize
3.5MB

MD5
cd8a3be4d5871171fd0b107132d97be8

SHA1
415258c10477a49d0c046a12123ff7abe957612e

SHA256
4a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0

SHA512
4acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe

Filesize
112.5MB

MD5
422cfe87137258e994ec3cce57e039e7

SHA1
4f5e294a5ca1f043657157f2d3cafd50df19f9dc

SHA256
e1eb4c7606f44e3dee9f5b919c2350be0ae101bf3d593559187a92e0681b2a0b

SHA512
af337a3a275b2fed0783efae7ef36331946b2700b36fa201aba02cdcc57c7fc25c195457b6896722132d209450675cdb0d83cb9911aacf2ae88e18d0f474c875

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe

Filesize
112.5MB

MD5
422cfe87137258e994ec3cce57e039e7

SHA1
4f5e294a5ca1f043657157f2d3cafd50df19f9dc

SHA256
e1eb4c7606f44e3dee9f5b919c2350be0ae101bf3d593559187a92e0681b2a0b

SHA512
af337a3a275b2fed0783efae7ef36331946b2700b36fa201aba02cdcc57c7fc25c195457b6896722132d209450675cdb0d83cb9911aacf2ae88e18d0f474c875

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe

Filesize
112.5MB

MD5
422cfe87137258e994ec3cce57e039e7

SHA1
4f5e294a5ca1f043657157f2d3cafd50df19f9dc

SHA256
e1eb4c7606f44e3dee9f5b919c2350be0ae101bf3d593559187a92e0681b2a0b

SHA512
af337a3a275b2fed0783efae7ef36331946b2700b36fa201aba02cdcc57c7fc25c195457b6896722132d209450675cdb0d83cb9911aacf2ae88e18d0f474c875

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe

Filesize
112.5MB

MD5
422cfe87137258e994ec3cce57e039e7

SHA1
4f5e294a5ca1f043657157f2d3cafd50df19f9dc

SHA256
e1eb4c7606f44e3dee9f5b919c2350be0ae101bf3d593559187a92e0681b2a0b

SHA512
af337a3a275b2fed0783efae7ef36331946b2700b36fa201aba02cdcc57c7fc25c195457b6896722132d209450675cdb0d83cb9911aacf2ae88e18d0f474c875

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\DiscordPTB.exe

Filesize
112.5MB

MD5
422cfe87137258e994ec3cce57e039e7

SHA1
4f5e294a5ca1f043657157f2d3cafd50df19f9dc

SHA256
e1eb4c7606f44e3dee9f5b919c2350be0ae101bf3d593559187a92e0681b2a0b

SHA512
af337a3a275b2fed0783efae7ef36331946b2700b36fa201aba02cdcc57c7fc25c195457b6896722132d209450675cdb0d83cb9911aacf2ae88e18d0f474c875

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\chrome_100_percent.pak

Filesize
138KB

MD5
da26775fd7a54d4e8755fd667b5f70db

SHA1
6ff37c107fed247d3717c855287d5de3142a9531

SHA256
43b28df6f3428378a0a630492a3405e613bc816cd2a390c56e44cd6b49dbe5b4

SHA512
b16ccad1fc8c7dfc08d0d8877c05d41c494b1546836399e06bd04354b3e387c155d9d74812cf01e20dde946fdb2e547549599d8907d828ab1cebffa584d8db15

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\chrome_200_percent.pak

Filesize
202KB

MD5
d4bd33dcff9d6361b6c985d958953373

SHA1
38f866b35cd642d4acb4f7efadc6d9f899b55d30

SHA256
abb69e43745fbd63be2933204ed98c387ae703487283509c65415867e3c867ab

SHA512
78a687ffac48b7d422bb33f43bbb8b7511879b287f20484c6fd591343428cff1d2cc07521b982eb4cba5a22324ee7f4dab031fdeff05462ca43b81a528c878f7

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\d3dcompiler_47.dll

Filesize
3.5MB

MD5
cd8a3be4d5871171fd0b107132d97be8

SHA1
415258c10477a49d0c046a12123ff7abe957612e

SHA256
4a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0

SHA512
4acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\ffmpeg.dll

Filesize
2.5MB

MD5
aefb234b98f3305914da739d95f7a304

SHA1
b89b908bfb45a016c7a3c637d06e57fb6b4418d8

SHA256
c9f44aaa674b1bc5973038818218c36be206173641e0c9a96f12f5db72a24e62

SHA512
6e1fe5323a62a46e8edd29483dac40af197b0fc5ec79f315b9b0b209066be6be7030fdf50dc015691cfad8f9894065498c3057a3c2b94fc2b15de73e38721957

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\ffmpeg.dll

Filesize
2.5MB

MD5
aefb234b98f3305914da739d95f7a304

SHA1
b89b908bfb45a016c7a3c637d06e57fb6b4418d8

SHA256
c9f44aaa674b1bc5973038818218c36be206173641e0c9a96f12f5db72a24e62

SHA512
6e1fe5323a62a46e8edd29483dac40af197b0fc5ec79f315b9b0b209066be6be7030fdf50dc015691cfad8f9894065498c3057a3c2b94fc2b15de73e38721957

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\ffmpeg.dll

Filesize
2.5MB

MD5
aefb234b98f3305914da739d95f7a304

SHA1
b89b908bfb45a016c7a3c637d06e57fb6b4418d8

SHA256
c9f44aaa674b1bc5973038818218c36be206173641e0c9a96f12f5db72a24e62

SHA512
6e1fe5323a62a46e8edd29483dac40af197b0fc5ec79f315b9b0b209066be6be7030fdf50dc015691cfad8f9894065498c3057a3c2b94fc2b15de73e38721957

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\ffmpeg.dll

Filesize
2.5MB

MD5
aefb234b98f3305914da739d95f7a304

SHA1
b89b908bfb45a016c7a3c637d06e57fb6b4418d8

SHA256
c9f44aaa674b1bc5973038818218c36be206173641e0c9a96f12f5db72a24e62

SHA512
6e1fe5323a62a46e8edd29483dac40af197b0fc5ec79f315b9b0b209066be6be7030fdf50dc015691cfad8f9894065498c3057a3c2b94fc2b15de73e38721957

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\ffmpeg.dll

Filesize
2.5MB

MD5
aefb234b98f3305914da739d95f7a304

SHA1
b89b908bfb45a016c7a3c637d06e57fb6b4418d8

SHA256
c9f44aaa674b1bc5973038818218c36be206173641e0c9a96f12f5db72a24e62

SHA512
6e1fe5323a62a46e8edd29483dac40af197b0fc5ec79f315b9b0b209066be6be7030fdf50dc015691cfad8f9894065498c3057a3c2b94fc2b15de73e38721957

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\resources.pak

Filesize
4.9MB

MD5
67f916ca62254aea146598b68c5c7430

SHA1
0287c09199a0d161aa7969b5358b72505ad75fb7

SHA256
735d351b7a7bf0dbd5fdaee9a68a431b3c1db383403ca3c60fb3d4977ed94993

SHA512
ea8cbec8be6b1dd622189cf5d905c3d5dec5f4b85db0f17fdda4f3e7fe67f35de0e79d30a1d2e1f64d2de212d8391e52c54dceaad736e141a6b3f7261b275819

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\resources\app.asar

Filesize
8.7MB

MD5
e266461d8e76cc8114d1f361d0be08f0

SHA1
76d59c133cdc6817997dc4448a3ffdef9a9f65bc

SHA256
4bb6da4ee8ef4fff6aad93ea60afad58d5e339791ca0b54d21a00b45536db0fe

SHA512
1efc14fc68e290303add03d7111914647dff0a8b0c6be0444436ae663e9a4da0721856f61a98f9a89ccc4564ecc2107ba4021623d5675a9a199b9ea391784c43

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\resources\build_info.json

Filesize
82B

MD5
01f1c12e35974653189fc486f2cbe44b

SHA1
139429f8b24818ee55d0c06775d81dc95ede44cf

SHA256
c9b89d0cdbc727d7b2f82f77c318f89c27cdf2c8302ba184b10a711c9cb2103f

SHA512
5095e9e3de31d07fbd8e5eb73a822b9b32e9d111bd0857ed9de983748075f0769cbdf3ab1aca3588cec1e874bbee2123c9cb423807e835d0e08bea41171e7044

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\swiftshader\libEGL.dll

Filesize
384KB

MD5
11a1aec59cadecc8b433f64cb13144e0

SHA1
5fafe1f33424cbab712ec8a1807696955487d7e2

SHA256
daf483ac20644cef41b1bf12e26a035e87a3c6c0bf7dc7bedeb097cd1b77562f

SHA512
9a341b1f31c4372491733e8424ddff2ffe2d463b7466cb73f2a2b8ff7727ce80e6bee009c5cbe7c693e306fa213732ae4aa57391d80cc66ada0b7303fea5e6df

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\swiftshader\libGLESv2.dll

Filesize
2.7MB

MD5
25386ac4334230c47a0423c59fb597d4

SHA1
9693dd730fba31f5f7e0e23ec2f683e0d0ca9072

SHA256
967038739d0f65f58a306fea5e136e885b32fc9cb023e454b83bf70ddcc536b3

SHA512
b91284b363f4c9e79220480b08d6f138d07c4fa8666ddd24fd5833313dc7cfc33e6fb04ae343204d998f5c8201d9193b56db1bdca3e04492003731b31df7a354

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\swiftshader\libegl.dll

Filesize
384KB

MD5
11a1aec59cadecc8b433f64cb13144e0

SHA1
5fafe1f33424cbab712ec8a1807696955487d7e2

SHA256
daf483ac20644cef41b1bf12e26a035e87a3c6c0bf7dc7bedeb097cd1b77562f

SHA512
9a341b1f31c4372491733e8424ddff2ffe2d463b7466cb73f2a2b8ff7727ce80e6bee009c5cbe7c693e306fa213732ae4aa57391d80cc66ada0b7303fea5e6df

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\swiftshader\libglesv2.dll

Filesize
2.7MB

MD5
25386ac4334230c47a0423c59fb597d4

SHA1
9693dd730fba31f5f7e0e23ec2f683e0d0ca9072

SHA256
967038739d0f65f58a306fea5e136e885b32fc9cb023e454b83bf70ddcc536b3

SHA512
b91284b363f4c9e79220480b08d6f138d07c4fa8666ddd24fd5833313dc7cfc33e6fb04ae343204d998f5c8201d9193b56db1bdca3e04492003731b31df7a354

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\app-1.0.1018\v8_context_snapshot.bin

Filesize
161KB

MD5
d88d23551a4d7230f98fe0cbd363695b

SHA1
8e28eb4153e00aa5345bdb539b925a777588a26b

SHA256
72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

SHA512
ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\packages\DiscordPTB-1.0.1018-full.nupkg

Filesize
78.4MB

MD5
75062e499090c4adb9a3f13ad061d0bf

SHA1
47a9f48f940e64bf092b8dc8c2fedbfb2a76561c

SHA256
5cb0318bf87073eea41263cb0159b03ec9177898bccc90d0eaebfb20121a478e

SHA512
d57d8f5b68bbf3af0f9852076e87df4144af17e3ffcca94ab875583eb0218b48e5a4d1abcf75dc7ff597a967bc9200ab4753db1ec73e2713e65ba942f27d839f

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\packages\RELEASES

Filesize
83B

MD5
11989048d05d40d0ae2644d2198ce53a

SHA1
d5254dd6a080ec6191efed9197c2a732c185ec69

SHA256
7ba357328984c0f82452211eee08dd0fba6cd747c4c3155cdb5e8780af6e4d65

SHA512
7d18ef835428c955cd155a94909749be5069c2a62d05bd234edbeec09965dc6039ce77c24b254f59dab714824ea9474e2d8d5f15b4f60a190e49546babee97d8

Download Submit
C:\Users\Admin\AppData\Local\DiscordPTB\update.exe

Filesize
1.5MB

MD5
c2a2aca4bb0320ef209161a09f552365

SHA1
9144d31f8e793ca68cb252b3a703d5d3a3cd26df

SHA256
e1afb35f2e8d02f31ab07bc9493c2cb256eca1b074759fb53cc026ca3262290e

SHA512
e0be2dca260b1542b3c60d1c25167dd0c78269a124c4b92a339dd0c69d1e744a25367da485a671fdf5b4f59cc0dbb3ff40e3e4d260af8090ffae189c6d004f8d

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\DiscordPTB-1.0.1018-full.nupkg

Filesize
78.4MB

MD5
75062e499090c4adb9a3f13ad061d0bf

SHA1
47a9f48f940e64bf092b8dc8c2fedbfb2a76561c

SHA256
5cb0318bf87073eea41263cb0159b03ec9177898bccc90d0eaebfb20121a478e

SHA512
d57d8f5b68bbf3af0f9852076e87df4144af17e3ffcca94ab875583eb0218b48e5a4d1abcf75dc7ff597a967bc9200ab4753db1ec73e2713e65ba942f27d839f

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
83B

MD5
11989048d05d40d0ae2644d2198ce53a

SHA1
d5254dd6a080ec6191efed9197c2a732c185ec69

SHA256
7ba357328984c0f82452211eee08dd0fba6cd747c4c3155cdb5e8780af6e4d65

SHA512
7d18ef835428c955cd155a94909749be5069c2a62d05bd234edbeec09965dc6039ce77c24b254f59dab714824ea9474e2d8d5f15b4f60a190e49546babee97d8

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
c2a2aca4bb0320ef209161a09f552365

SHA1
9144d31f8e793ca68cb252b3a703d5d3a3cd26df

SHA256
e1afb35f2e8d02f31ab07bc9493c2cb256eca1b074759fb53cc026ca3262290e

SHA512
e0be2dca260b1542b3c60d1c25167dd0c78269a124c4b92a339dd0c69d1e744a25367da485a671fdf5b4f59cc0dbb3ff40e3e4d260af8090ffae189c6d004f8d

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
c2a2aca4bb0320ef209161a09f552365

SHA1
9144d31f8e793ca68cb252b3a703d5d3a3cd26df

SHA256
e1afb35f2e8d02f31ab07bc9493c2cb256eca1b074759fb53cc026ca3262290e

SHA512
e0be2dca260b1542b3c60d1c25167dd0c78269a124c4b92a339dd0c69d1e744a25367da485a671fdf5b4f59cc0dbb3ff40e3e4d260af8090ffae189c6d004f8d

Download Submit
C:\Users\Admin\AppData\Roaming\discordptb\Crashpad\settings.dat

Filesize
40B

MD5
ae5a7b06a61a91676ffefd67979d51a2

SHA1
77fe509fcd0fd9263a403f8d0ffec9656b032911

SHA256
7a7e38d9b42449ce6c5d32ec5a97e48095fdb8969a168925db924538cb457998

SHA512
3600f66a45d756b0c5e481266add8bcfc351404b3713bdccbd8d5d558b13fffc892e3bad259b2d5f2f5f124f981f2d8797b2295d5d4095ca9ffdc0a59c68131a

Download Submit
memory/1972-159-0x0000000005560000-0x0000000005580000-memory.dmp

Filesize
128KB

Download
memory/4164-138-0x00000000077D0000-0x00000000077D8000-memory.dmp

Filesize
32KB

Download
memory/4164-135-0x0000000000660000-0x00000000007D6000-memory.dmp

Filesize
1.5MB

Download
memory/4164-139-0x0000000007FE0000-0x0000000008018000-memory.dmp

Filesize
224KB

Download
memory/4164-140-0x00000000058A0000-0x00000000058AE000-memory.dmp

Filesize
56KB

Download