Overview

overview

10

Static

static

URLScan

urlscan

1

https://cdn.discorda...

windows7-x64

8

https://cdn.discorda...

windows10-2004-x64

10

Resubmissions

13/03/2023, 08:30

230313-kegj9shd85 3

19/12/2022, 17:13

221219-vrrk4saf3s 10

Analysis

  • max time kernel
    1655s
  • max time network
    1798s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2022, 17:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1045003118900940843/1054445358895353876/Krnl.zip

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 21 IoCs
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 50 IoCs
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Modifies registry key 1 TTPs 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 35 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" https://cdn.discordapp.com/attachments/1045003118900940843/1054445358895353876/Krnl.zip
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1092
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6494f50,0x7fef6494f60,0x7fef6494f70
      2⤵
        PID:1508
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1096 /prefetch:2
        2⤵
          PID:812
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1392 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2044
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1768 /prefetch:8
          2⤵
            PID:1768
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
            2⤵
              PID:1668
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
              2⤵
                PID:536
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3084 /prefetch:8
                2⤵
                  PID:268
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3000 /prefetch:8
                  2⤵
                    PID:676
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3920 /prefetch:2
                    2⤵
                      PID:1804
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1016 /prefetch:8
                      2⤵
                        PID:812
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2036
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
                        2⤵
                          PID:1636
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3068 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1060
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1592
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 /prefetch:8
                          2⤵
                            PID:1736
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3736 /prefetch:8
                            2⤵
                              PID:956
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3712 /prefetch:8
                              2⤵
                                PID:1892
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
                                2⤵
                                  PID:1824
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4064 /prefetch:8
                                  2⤵
                                    PID:1996
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:676
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4020 /prefetch:8
                                    2⤵
                                      PID:2136
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3760 /prefetch:8
                                      2⤵
                                        PID:2184
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3764 /prefetch:8
                                        2⤵
                                          PID:2192
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
                                          2⤵
                                            PID:2264
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
                                            2⤵
                                              PID:2300
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
                                              2⤵
                                                PID:2356
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
                                                2⤵
                                                  PID:2428
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
                                                  2⤵
                                                    PID:2492
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:1
                                                    2⤵
                                                      PID:2500
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3532 /prefetch:8
                                                      2⤵
                                                        PID:2672
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=964 /prefetch:8
                                                        2⤵
                                                          PID:2680
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1112 /prefetch:8
                                                          2⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:2748
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 /prefetch:8
                                                          2⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:2816
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4272 /prefetch:8
                                                          2⤵
                                                            PID:2836
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4260 /prefetch:8
                                                            2⤵
                                                              PID:2824
                                                            • C:\Users\Admin\Downloads\DiscordSetup.exe
                                                              "C:\Users\Admin\Downloads\DiscordSetup.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              • Loads dropped DLL
                                                              PID:2944
                                                              • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
                                                                "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
                                                                3⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                • Suspicious use of FindShellTrayWindow
                                                                PID:2964
                                                                • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                  "C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe" --squirrel-install 1.0.9008
                                                                  4⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:2216
                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                    C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://insecure.sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9008 --annotation=prod=Electron --annotation=ver=13.6.6 --initial-client-data=0x308,0x30c,0x310,0x304,0x314,0x7093850,0x7093860,0x709386c
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    PID:1888
                                                                  • C:\Users\Admin\AppData\Local\Discord\Update.exe
                                                                    C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    PID:2376
                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe" --type=gpu-process --field-trial-handle=1080,13768965136491448882,12734974583249341802,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1088 /prefetch:2
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    PID:2448
                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe" --type=gpu-process --field-trial-handle=1080,13768965136491448882,12734974583249341802,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1240 /prefetch:2
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    PID:1840
                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1080,13768965136491448882,12734974583249341802,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 /prefetch:8
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:2952
                                                                • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                  "C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe" --squirrel-firstrun
                                                                  4⤵
                                                                  • Executes dropped EXE
                                                                  • Checks computer location settings
                                                                  • Loads dropped DLL
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious use of FindShellTrayWindow
                                                                  • Suspicious use of SendNotifyMessage
                                                                  PID:1764
                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                    C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://insecure.sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9008 --annotation=prod=Electron --annotation=ver=13.6.6 --initial-client-data=0x2e8,0x2ec,0x2f0,0x2e4,0x2f4,0x7ef3850,0x7ef3860,0x7ef386c
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    PID:2080
                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe" --type=gpu-process --field-trial-handle=1116,4773723602211623252,9515148471194065552,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1124 /prefetch:2
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    PID:2176
                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
                                                                    5⤵
                                                                    • Modifies registry class
                                                                    • Modifies registry key
                                                                    PID:2476
                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
                                                                    5⤵
                                                                    • Modifies registry class
                                                                    • Modifies registry key
                                                                    PID:1892
                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1116,4773723602211623252,9515148471194065552,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1584 /prefetch:8
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:2736
                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe" --type=renderer --autoplay-policy=no-user-gesture-required --field-trial-handle=1116,4773723602211623252,9515148471194065552,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1612 /prefetch:1
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Checks computer location settings
                                                                    • Loads dropped DLL
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:1904
                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe\",-1" /f
                                                                    5⤵
                                                                    • Modifies registry class
                                                                    • Modifies registry key
                                                                    PID:1448
                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe\" --url -- \"%1\"" /f
                                                                    5⤵
                                                                    • Modifies registry class
                                                                    • Modifies registry key
                                                                    PID:2796
                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe" --type=gpu-process --field-trial-handle=1116,4773723602211623252,9515148471194065552,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1124 /prefetch:2
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    PID:2268
                                                                  • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe" --type=renderer --autoplay-policy=no-user-gesture-required --field-trial-handle=1116,4773723602211623252,9515148471194065552,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1 --enable-node-leakage-in-renderers
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Checks computer location settings
                                                                    • Loads dropped DLL
                                                                    • Checks processor information in registry
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:732
                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                      C:\Windows\system32\cmd.exe /q /d /s /c "C:\Program^ Files\NVIDIA^ Corporation\NVSMI\nvidia-smi.exe"
                                                                      6⤵
                                                                        PID:2072
                                                                    • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1116,4773723602211623252,9515148471194065552,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,HardwareMediaKeyHandling,MediaSessionService,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2864 /prefetch:8
                                                                      5⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      PID:2300
                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                      "C:\Program Files\Internet Explorer\iexplore.exe" https://discordapp.com/handoff?rpc=6463&key=fe579424-9130-436c-b805-0ba743af6a7a
                                                                      5⤵
                                                                      • Modifies Internet Explorer settings
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:2652
                                                                      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2
                                                                        6⤵
                                                                        • Modifies Internet Explorer settings
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:2740
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1508 /prefetch:8
                                                                2⤵
                                                                  PID:876
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2440 /prefetch:8
                                                                  2⤵
                                                                    PID:2728
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=960 /prefetch:8
                                                                    2⤵
                                                                      PID:2100
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3308 /prefetch:8
                                                                      2⤵
                                                                        PID:2288
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3548 /prefetch:8
                                                                        2⤵
                                                                          PID:2016
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3308 /prefetch:8
                                                                          2⤵
                                                                            PID:2256
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1488 /prefetch:8
                                                                            2⤵
                                                                              PID:2624
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4332 /prefetch:8
                                                                              2⤵
                                                                                PID:2476
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3568 /prefetch:8
                                                                                2⤵
                                                                                  PID:2988
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3192 /prefetch:8
                                                                                  2⤵
                                                                                    PID:2164
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3740 /prefetch:8
                                                                                    2⤵
                                                                                      PID:2220
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3568 /prefetch:8
                                                                                      2⤵
                                                                                        PID:1576
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
                                                                                        2⤵
                                                                                          PID:2100
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3772 /prefetch:8
                                                                                          2⤵
                                                                                            PID:108
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1088,16265719324093170651,9587800036757969043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 /prefetch:8
                                                                                            2⤵
                                                                                              PID:1732
                                                                                          • C:\Program Files\7-Zip\7zG.exe
                                                                                            "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Krnl\" -spe -an -ai#7zMap816:70:7zEvent9222
                                                                                            1⤵
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                            PID:1456
                                                                                          • C:\Windows\system32\AUDIODG.EXE
                                                                                            C:\Windows\system32\AUDIODG.EXE 0x558
                                                                                            1⤵
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:1824
                                                                                          • C:\Users\Admin\Downloads\Krnl\KrnlBootStrapper.exe
                                                                                            "C:\Users\Admin\Downloads\Krnl\KrnlBootStrapper.exe"
                                                                                            1⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            PID:2060
                                                                                          • C:\Users\Admin\Downloads\DiscordSetup.exe
                                                                                            "C:\Users\Admin\Downloads\DiscordSetup.exe"
                                                                                            1⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            PID:2104
                                                                                            • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
                                                                                              "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Suspicious use of FindShellTrayWindow
                                                                                              PID:604
                                                                                          • C:\Users\Admin\Downloads\Krnl\KrnlBootStrapper.exe
                                                                                            "C:\Users\Admin\Downloads\Krnl\KrnlBootStrapper.exe"
                                                                                            1⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            PID:2408
                                                                                          • C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
                                                                                            1⤵
                                                                                            • Drops file in Program Files directory
                                                                                            PID:1664
                                                                                            • C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1664_1726772713\ChromeRecovery.exe
                                                                                              "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1664_1726772713\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={34e4f13e-8156-4b35-a01f-d879bdf82b09} --system
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:1556

                                                                                          Network

                                                                                          MITRE ATT&CK Enterprise v6

                                                                                          Replay Monitor

                                                                                          Loading Replay Monitor...

                                                                                          Downloads

                                                                                          • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                                            Filesize

                                                                                            112.5MB

                                                                                            MD5

                                                                                            c355981222a24316b35123974efcb7c0

                                                                                            SHA1

                                                                                            30d5bb16830b3db7f67d5b385e4a60ec7d8c2446

                                                                                            SHA256

                                                                                            876d358d354ea162533c197360b0198cc55072d32fecd184ce9b34f5a5315102

                                                                                            SHA512

                                                                                            01e68a50d066aed775caf191fb7755a30f72ff5c879294a212f3e82668403b959de2d0b4c9615a6ae4f1e0f9edd4f56acdfca8174b5951e89e9b984f0cba9fe5

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                                            Filesize

                                                                                            112.5MB

                                                                                            MD5

                                                                                            c355981222a24316b35123974efcb7c0

                                                                                            SHA1

                                                                                            30d5bb16830b3db7f67d5b385e4a60ec7d8c2446

                                                                                            SHA256

                                                                                            876d358d354ea162533c197360b0198cc55072d32fecd184ce9b34f5a5315102

                                                                                            SHA512

                                                                                            01e68a50d066aed775caf191fb7755a30f72ff5c879294a212f3e82668403b959de2d0b4c9615a6ae4f1e0f9edd4f56acdfca8174b5951e89e9b984f0cba9fe5

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\app.ico
                                                                                            Filesize

                                                                                            278KB

                                                                                            MD5

                                                                                            084f9bc0136f779f82bea88b5c38a358

                                                                                            SHA1

                                                                                            64f210b7888e5474c3aabcb602d895d58929b451

                                                                                            SHA256

                                                                                            dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

                                                                                            SHA512

                                                                                            65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\ffmpeg.dll
                                                                                            Filesize

                                                                                            2.5MB

                                                                                            MD5

                                                                                            24cd5f32f6fdc16e1f7f67f69db61c71

                                                                                            SHA1

                                                                                            5e299d8a2b765b652d2c060f024ea8e41abd126a

                                                                                            SHA256

                                                                                            55707349ed953d32d3a9b3490a0f1d58e25d330c54a38daf09c0e98835368881

                                                                                            SHA512

                                                                                            28e44570e6be9540d4ca0057e4f0f2cc660213f11dcda3addb4f3e00902c93e252b2e258ac3cb4da2fd08eb51a9f7035e07bd400be40500a4bcd5f0f98ab65f2

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\icudtl.dat
                                                                                            Filesize

                                                                                            9.9MB

                                                                                            MD5

                                                                                            80a7528515595d8b0bf99a477a7eff0d

                                                                                            SHA1

                                                                                            fde9a195fc5a6a23ec82b8594f958cfcf3159437

                                                                                            SHA256

                                                                                            6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

                                                                                            SHA512

                                                                                            c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\resources\app.asar
                                                                                            Filesize

                                                                                            8.9MB

                                                                                            MD5

                                                                                            85612e39d87076acd8053bbb9da69d66

                                                                                            SHA1

                                                                                            5242ab61fee540ceabf63e99d9b343cf816a6218

                                                                                            SHA256

                                                                                            de8655d79342d45ffca16d92f22b2dca11e908fcf55b2d9b094fa2b73540ec13

                                                                                            SHA512

                                                                                            727f86bbeddb99f0d5ccac68f4797ad6114d5d42c24ea6f15edb9e702f936b698b0ba57b29562df9715ad285eea27cd6e768ff0b7a99bf964a07c75049356de2

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\resources\build_info.json
                                                                                            Filesize

                                                                                            85B

                                                                                            MD5

                                                                                            cc0127c16b33caf1dfbe160959da95f2

                                                                                            SHA1

                                                                                            f1785a197c382842ec3b7f0350772a3abee408b5

                                                                                            SHA256

                                                                                            c8ac2b3167df6e7ac4a47fa6c22880b13b5469854b7eefeb59dbeaaae46a178b

                                                                                            SHA512

                                                                                            1bc5234a57eae3e2f142598d1bebc140bdd54704c17ca8e9fd741e19e8b24cda747e2f1851e9fceef5778b21935c7048b6f2bfe32f7a0357adfd4532ca9112f3

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\Discord\app-1.0.9008\v8_context_snapshot.bin
                                                                                            Filesize

                                                                                            161KB

                                                                                            MD5

                                                                                            d88d23551a4d7230f98fe0cbd363695b

                                                                                            SHA1

                                                                                            8e28eb4153e00aa5345bdb539b925a777588a26b

                                                                                            SHA256

                                                                                            72c3c123f10eb6e24c83ee40727a3a632cf7a8b062a3b7c7b41db4bfeda52ce4

                                                                                            SHA512

                                                                                            ea757e91c7cfc766b35da226263e82646f5b1153b8800c5cd69321d98b6d424413dcd7a02413a6a0e2f34905daf84bd21302b7ad58f2ebd814a7ac0a92b9d284

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\Discord\update.exe
                                                                                            Filesize

                                                                                            1.5MB

                                                                                            MD5

                                                                                            d2bf47a560d847467660957ce6364a90

                                                                                            SHA1

                                                                                            10ea8183c20f9a10f8708c51986b98d0498ffaa3

                                                                                            SHA256

                                                                                            50ecc97068fe6c8df47c366dd69cb67e868107548f0d348bc49c8b4466f786a1

                                                                                            SHA512

                                                                                            bbd31788b9e435f1c4b1c5cb28884531459ad6c0b0d0b37b914710b29e6a8a8c8a7b3faef9640b009e64fcc0cc1067826775d2ccb7ef42ef0d38e85176226c1c

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9008-full.nupkg
                                                                                            Filesize

                                                                                            78.5MB

                                                                                            MD5

                                                                                            ccff09795cb14b2ba914a2f165839842

                                                                                            SHA1

                                                                                            f687d3a88e6de69351fcc90b19a9b179a32b1f1a

                                                                                            SHA256

                                                                                            b426b6885980c5f15da47bcfe061d8b48dbc24106ff5616409f96c2fbd4d599d

                                                                                            SHA512

                                                                                            6b020e742185a70c723171dfa0320d4fdb58f81c72a8caef241b922dd17e0115cfcf85d2f4fd8b17019a8d03c904571e8682929f1f588cb2adb267885e877014

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
                                                                                            Filesize

                                                                                            80B

                                                                                            MD5

                                                                                            2811cc80de90bf8ca0c530ef6300f485

                                                                                            SHA1

                                                                                            5f67aa08f9bc740659ee2529805d88cfeb470f4e

                                                                                            SHA256

                                                                                            66974b178d2cc2b1be05ea129619d179787dd84095e31538b2cb6c0245592df6

                                                                                            SHA512

                                                                                            16951d39018c6059f31023ca7067ef50f4f4db1772737faaf9b3d872beb3cfa46b45f4061eefb51d4978d20fef81427483c8c44f3c97bea10779edce441ad274

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
                                                                                            Filesize

                                                                                            1.5MB

                                                                                            MD5

                                                                                            d2bf47a560d847467660957ce6364a90

                                                                                            SHA1

                                                                                            10ea8183c20f9a10f8708c51986b98d0498ffaa3

                                                                                            SHA256

                                                                                            50ecc97068fe6c8df47c366dd69cb67e868107548f0d348bc49c8b4466f786a1

                                                                                            SHA512

                                                                                            bbd31788b9e435f1c4b1c5cb28884531459ad6c0b0d0b37b914710b29e6a8a8c8a7b3faef9640b009e64fcc0cc1067826775d2ccb7ef42ef0d38e85176226c1c

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
                                                                                            Filesize

                                                                                            1.5MB

                                                                                            MD5

                                                                                            d2bf47a560d847467660957ce6364a90

                                                                                            SHA1

                                                                                            10ea8183c20f9a10f8708c51986b98d0498ffaa3

                                                                                            SHA256

                                                                                            50ecc97068fe6c8df47c366dd69cb67e868107548f0d348bc49c8b4466f786a1

                                                                                            SHA512

                                                                                            bbd31788b9e435f1c4b1c5cb28884531459ad6c0b0d0b37b914710b29e6a8a8c8a7b3faef9640b009e64fcc0cc1067826775d2ccb7ef42ef0d38e85176226c1c

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
                                                                                            Filesize

                                                                                            1.5MB

                                                                                            MD5

                                                                                            d2bf47a560d847467660957ce6364a90

                                                                                            SHA1

                                                                                            10ea8183c20f9a10f8708c51986b98d0498ffaa3

                                                                                            SHA256

                                                                                            50ecc97068fe6c8df47c366dd69cb67e868107548f0d348bc49c8b4466f786a1

                                                                                            SHA512

                                                                                            bbd31788b9e435f1c4b1c5cb28884531459ad6c0b0d0b37b914710b29e6a8a8c8a7b3faef9640b009e64fcc0cc1067826775d2ccb7ef42ef0d38e85176226c1c

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Local\Temp\SquirrelSetup.log
                                                                                            Filesize

                                                                                            90B

                                                                                            MD5

                                                                                            212fce42ece3bc8d35fe98676053ae02

                                                                                            SHA1

                                                                                            cddb5572e9f88a2b889b03ee3089fedeadb9dc52

                                                                                            SHA256

                                                                                            27c408a49271e9a5d8630cdd3a691fb0e547135bdb98d01c4dbfb04dab75f325

                                                                                            SHA512

                                                                                            a1d93ea888ad7c2218aadd9a25ad9c9d4d8f6e1fdbb744f34a52d29fd4428a1079ac3aba7cef96f5dbc3ee90b8ce860846df4bc301acf940bfa60d130814b4d0

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.dat
                                                                                            Filesize

                                                                                            40B

                                                                                            MD5

                                                                                            f7cbcd474dd6db8afd39fa1518bbd598

                                                                                            SHA1

                                                                                            f98ba271dd460adff7ce7e125bd84c2709c855e4

                                                                                            SHA256

                                                                                            8cb48193f363f6b540f86e165ab19b708082fd79b7c38611d0035362ffd6b762

                                                                                            SHA512

                                                                                            2bc4896d7bc529a29b4e2aa054e831cec239aa0536a2923f4501b153552147287d6d258d313dccc38de6dc97900d536b95104d907fea90d595f0e4c1a7f25153

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\Downloads\DiscordSetup.exe
                                                                                            Filesize

                                                                                            79.4MB

                                                                                            MD5

                                                                                            dbfdcb36fd2fe762eb471d52d22774bd

                                                                                            SHA1

                                                                                            a6a3f2affeb5acdc132f080977f3fdfd0dd98140

                                                                                            SHA256

                                                                                            7d5c479d6c4c89e8f535010e7fe8e71e02ca015045eee5ecb08b98fd18f29592

                                                                                            SHA512

                                                                                            a14017ede345d63d3fb1a2e2cb5962d884ddecbbecc86239a22615e7aeaf1e17263e8767c1ce6f3a65d12c3da5ddcefb9b59ea6adb60e4274447e8e2dd4cb749

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\Downloads\DiscordSetup.exe
                                                                                            Filesize

                                                                                            79.4MB

                                                                                            MD5

                                                                                            dbfdcb36fd2fe762eb471d52d22774bd

                                                                                            SHA1

                                                                                            a6a3f2affeb5acdc132f080977f3fdfd0dd98140

                                                                                            SHA256

                                                                                            7d5c479d6c4c89e8f535010e7fe8e71e02ca015045eee5ecb08b98fd18f29592

                                                                                            SHA512

                                                                                            a14017ede345d63d3fb1a2e2cb5962d884ddecbbecc86239a22615e7aeaf1e17263e8767c1ce6f3a65d12c3da5ddcefb9b59ea6adb60e4274447e8e2dd4cb749

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\Downloads\Krnl.zip
                                                                                            Filesize

                                                                                            1.1MB

                                                                                            MD5

                                                                                            f38c6d43236970071c9a563fa1ba5132

                                                                                            SHA1

                                                                                            08f45fe2df934cb91cc7c590eba3e5966565fc83

                                                                                            SHA256

                                                                                            06eae26624e6b4ee6a05680dc255648e2833effdd4d11f533e330e0433a0374a

                                                                                            SHA512

                                                                                            6b13adc38b18bbd00c9270b0ea54b15eaedfaa0ebc7a01b6dfdc29c0ca20681a2fd5ff5f61fa265dbf463879f80e90996598a63522296a26858706ff35118cf9

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\Downloads\Krnl\KrnlBootStrapper.exe
                                                                                            Filesize

                                                                                            5KB

                                                                                            MD5

                                                                                            e8cab1a06f2876e493a9eedff1f41a38

                                                                                            SHA1

                                                                                            f502a0ce4d5e407bc75d75ab1e36452107e22873

                                                                                            SHA256

                                                                                            e2bb43a0f05f03c3c5d7fe313673164f7ca0c44d340e71eb3407b0a436863498

                                                                                            SHA512

                                                                                            e745b2bb4d7172c60639a7df0394acb44235efd3a69d611f9400156cd3dc570f7f917719f17edb41bac8361afe539520c5f203df1d9bf7320ee1bef2e483cd17

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\Downloads\Krnl\KrnlBootStrapper.exe
                                                                                            Filesize

                                                                                            5KB

                                                                                            MD5

                                                                                            e8cab1a06f2876e493a9eedff1f41a38

                                                                                            SHA1

                                                                                            f502a0ce4d5e407bc75d75ab1e36452107e22873

                                                                                            SHA256

                                                                                            e2bb43a0f05f03c3c5d7fe313673164f7ca0c44d340e71eb3407b0a436863498

                                                                                            SHA512

                                                                                            e745b2bb4d7172c60639a7df0394acb44235efd3a69d611f9400156cd3dc570f7f917719f17edb41bac8361afe539520c5f203df1d9bf7320ee1bef2e483cd17

                                                                                            Download Submit

                                                                                          • C:\Users\Admin\Downloads\Krnl\main.dll
                                                                                            Filesize

                                                                                            4.0MB

                                                                                            MD5

                                                                                            f5130286a2f01cac52401d3e5df53ac8

                                                                                            SHA1

                                                                                            21b3a333abb0f08561dbc511e413a2d8c65d64ee

                                                                                            SHA256

                                                                                            7b17a2eb7d3e69cffc8f6b09abfff63ac92f49e5778d3523f4e9565ad5ed16a7

                                                                                            SHA512

                                                                                            8830756c6129a147369c7292e19e2591fb909e7544fc7863c26a67b889fd695673261606a8f0def102fa70e0797196579c59709680288886ada67599ed21211c

                                                                                            Download Submit

                                                                                          • \Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                                            Filesize

                                                                                            112.5MB

                                                                                            MD5

                                                                                            c355981222a24316b35123974efcb7c0

                                                                                            SHA1

                                                                                            30d5bb16830b3db7f67d5b385e4a60ec7d8c2446

                                                                                            SHA256

                                                                                            876d358d354ea162533c197360b0198cc55072d32fecd184ce9b34f5a5315102

                                                                                            SHA512

                                                                                            01e68a50d066aed775caf191fb7755a30f72ff5c879294a212f3e82668403b959de2d0b4c9615a6ae4f1e0f9edd4f56acdfca8174b5951e89e9b984f0cba9fe5

                                                                                            Download Submit

                                                                                          • \Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                                            Filesize

                                                                                            112.5MB

                                                                                            MD5

                                                                                            c355981222a24316b35123974efcb7c0

                                                                                            SHA1

                                                                                            30d5bb16830b3db7f67d5b385e4a60ec7d8c2446

                                                                                            SHA256

                                                                                            876d358d354ea162533c197360b0198cc55072d32fecd184ce9b34f5a5315102

                                                                                            SHA512

                                                                                            01e68a50d066aed775caf191fb7755a30f72ff5c879294a212f3e82668403b959de2d0b4c9615a6ae4f1e0f9edd4f56acdfca8174b5951e89e9b984f0cba9fe5

                                                                                            Download Submit

                                                                                          • \Users\Admin\AppData\Local\Discord\app-1.0.9008\Discord.exe
                                                                                            Filesize

                                                                                            112.5MB

                                                                                            MD5

                                                                                            c355981222a24316b35123974efcb7c0

                                                                                            SHA1

                                                                                            30d5bb16830b3db7f67d5b385e4a60ec7d8c2446

                                                                                            SHA256

                                                                                            876d358d354ea162533c197360b0198cc55072d32fecd184ce9b34f5a5315102

                                                                                            SHA512

                                                                                            01e68a50d066aed775caf191fb7755a30f72ff5c879294a212f3e82668403b959de2d0b4c9615a6ae4f1e0f9edd4f56acdfca8174b5951e89e9b984f0cba9fe5

                                                                                            Download Submit

                                                                                          • \Users\Admin\AppData\Local\Discord\app-1.0.9008\ffmpeg.dll
                                                                                            Filesize

                                                                                            2.5MB

                                                                                            MD5

                                                                                            24cd5f32f6fdc16e1f7f67f69db61c71

                                                                                            SHA1

                                                                                            5e299d8a2b765b652d2c060f024ea8e41abd126a

                                                                                            SHA256

                                                                                            55707349ed953d32d3a9b3490a0f1d58e25d330c54a38daf09c0e98835368881

                                                                                            SHA512

                                                                                            28e44570e6be9540d4ca0057e4f0f2cc660213f11dcda3addb4f3e00902c93e252b2e258ac3cb4da2fd08eb51a9f7035e07bd400be40500a4bcd5f0f98ab65f2

                                                                                            Download Submit

                                                                                          • \Users\Admin\AppData\Local\Discord\app-1.0.9008\ffmpeg.dll
                                                                                            Filesize

                                                                                            2.5MB

                                                                                            MD5

                                                                                            24cd5f32f6fdc16e1f7f67f69db61c71

                                                                                            SHA1

                                                                                            5e299d8a2b765b652d2c060f024ea8e41abd126a

                                                                                            SHA256

                                                                                            55707349ed953d32d3a9b3490a0f1d58e25d330c54a38daf09c0e98835368881

                                                                                            SHA512

                                                                                            28e44570e6be9540d4ca0057e4f0f2cc660213f11dcda3addb4f3e00902c93e252b2e258ac3cb4da2fd08eb51a9f7035e07bd400be40500a4bcd5f0f98ab65f2

                                                                                            Download Submit

                                                                                          • \Users\Admin\AppData\Local\SquirrelTemp\Update.exe
                                                                                            Filesize

                                                                                            1.5MB

                                                                                            MD5

                                                                                            d2bf47a560d847467660957ce6364a90

                                                                                            SHA1

                                                                                            10ea8183c20f9a10f8708c51986b98d0498ffaa3

                                                                                            SHA256

                                                                                            50ecc97068fe6c8df47c366dd69cb67e868107548f0d348bc49c8b4466f786a1

                                                                                            SHA512

                                                                                            bbd31788b9e435f1c4b1c5cb28884531459ad6c0b0d0b37b914710b29e6a8a8c8a7b3faef9640b009e64fcc0cc1067826775d2ccb7ef42ef0d38e85176226c1c

                                                                                            Download Submit

                                                                                          • \Users\Admin\AppData\Local\SquirrelTemp\Update.exe
                                                                                            Filesize

                                                                                            1.5MB

                                                                                            MD5

                                                                                            d2bf47a560d847467660957ce6364a90

                                                                                            SHA1

                                                                                            10ea8183c20f9a10f8708c51986b98d0498ffaa3

                                                                                            SHA256

                                                                                            50ecc97068fe6c8df47c366dd69cb67e868107548f0d348bc49c8b4466f786a1

                                                                                            SHA512

                                                                                            bbd31788b9e435f1c4b1c5cb28884531459ad6c0b0d0b37b914710b29e6a8a8c8a7b3faef9640b009e64fcc0cc1067826775d2ccb7ef42ef0d38e85176226c1c

                                                                                            Download Submit

                                                                                          • \Users\Admin\Downloads\Krnl\main.dll
                                                                                            Filesize

                                                                                            4.0MB

                                                                                            MD5

                                                                                            f5130286a2f01cac52401d3e5df53ac8

                                                                                            SHA1

                                                                                            21b3a333abb0f08561dbc511e413a2d8c65d64ee

                                                                                            SHA256

                                                                                            7b17a2eb7d3e69cffc8f6b09abfff63ac92f49e5778d3523f4e9565ad5ed16a7

                                                                                            SHA512

                                                                                            8830756c6129a147369c7292e19e2591fb909e7544fc7863c26a67b889fd695673261606a8f0def102fa70e0797196579c59709680288886ada67599ed21211c

                                                                                            Download Submit

                                                                                          • memory/604-92-0x0000000004905000-0x0000000004916000-memory.dmp

                                                                                            Filesize

                                                                                            68KB

                                                                                            Download

                                                                                          • memory/604-88-0x0000000000350000-0x000000000035A000-memory.dmp

                                                                                            Filesize

                                                                                            40KB

                                                                                            Download

                                                                                          • memory/604-90-0x000000006D4B1000-0x000000006D4B3000-memory.dmp

                                                                                            Filesize

                                                                                            8KB

                                                                                            Download

                                                                                          • memory/604-80-0x0000000004905000-0x0000000004916000-memory.dmp

                                                                                            Filesize

                                                                                            68KB

                                                                                            Download

                                                                                          • memory/604-93-0x0000000000350000-0x000000000035A000-memory.dmp

                                                                                            Filesize

                                                                                            40KB

                                                                                            Download

                                                                                          • memory/1456-55-0x000007FEFB761000-0x000007FEFB763000-memory.dmp

                                                                                            Filesize

                                                                                            8KB

                                                                                            Download

                                                                                          • memory/2060-59-0x0000000000130000-0x0000000000138000-memory.dmp

                                                                                            Filesize

                                                                                            32KB

                                                                                            Download

                                                                                          • memory/2376-110-0x0000000000D30000-0x0000000000EA6000-memory.dmp

                                                                                            Filesize

                                                                                            1.5MB

                                                                                            Download

                                                                                          • memory/2408-310-0x00000000003A0000-0x00000000003A8000-memory.dmp

                                                                                            Filesize

                                                                                            32KB

                                                                                            Download

                                                                                          • memory/2944-64-0x0000000074C91000-0x0000000074C93000-memory.dmp

                                                                                            Filesize

                                                                                            8KB

                                                                                            Download

                                                                                          • memory/2964-95-0x0000000004C86000-0x0000000004C97000-memory.dmp

                                                                                            Filesize

                                                                                            68KB

                                                                                            Download

                                                                                          • memory/2964-89-0x0000000002160000-0x000000000216A000-memory.dmp

                                                                                            Filesize

                                                                                            40KB

                                                                                            Download

                                                                                          • memory/2964-91-0x0000000002160000-0x000000000216A000-memory.dmp

                                                                                            Filesize

                                                                                            40KB

                                                                                            Download

                                                                                          • memory/2964-69-0x00000000009D0000-0x0000000000B46000-memory.dmp

                                                                                            Filesize

                                                                                            1.5MB

                                                                                            Download