528b6da45f60c70e76b510aea1b80127ab65438600096ec759ed3faf6360485c

Analysis

max time kernel
138s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
11/11/2023, 19:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

DiscordSetup.exe
Size

91.7MB
MD5

411157551877439b673ea6440e06db15
SHA1

1fbae80bbe7ac29c2400979ad37f8f53bbd09805
SHA256

528b6da45f60c70e76b510aea1b80127ab65438600096ec759ed3faf6360485c
SHA512

8bff693968223c6c78a544c95fb50d8ba28ac25d21672d7ae5ceba2a057a8cb006266697aac4badf0542d452b8ab4505b04803debe3b1127967701c99e63dee2
SSDEEP

1572864:nt1Nu73kzO3PET5hKay4qbSo0MmcTdjy8qgLwlfll6hkIyN5ai5afW70E:nM7syE98arqb3mc04LAtT+M70

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\International\Geo\Nation	Discord.exe

Executes dropped EXE 6 IoCs

pid	Process
3024	Update.exe
3944	Discord.exe
1284	Discord.exe
732	Update.exe
2220	Discord.exe
4088	Discord.exe

Loads dropped DLL 8 IoCs

pid	Process
3944	Discord.exe
1284	Discord.exe
2220	Discord.exe
4088	Discord.exe
2220	Discord.exe
2220	Discord.exe
2220	Discord.exe
2220	Discord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe

Modifies registry class 11 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9023\\Discord.exe\" --url -- \"%1\""	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Discord\shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Discord\shell\open	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Discord\DefaultIcon	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9023\\Discord.exe\",-1"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Discord\shell\open\command	reg.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry

T1112

pid	Process
1904	reg.exe
2868	reg.exe
1664	reg.exe
4192	reg.exe
432	reg.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3944	Discord.exe
3944	Discord.exe
3944	Discord.exe
3944	Discord.exe
3944	Discord.exe
3944	Discord.exe
3944	Discord.exe
3944	Discord.exe
3944	Discord.exe
3944	Discord.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3944	Discord.exe
Token: SeCreatePagefilePrivilege	3944	Discord.exe
Token: SeShutdownPrivilege	3944	Discord.exe
Token: SeCreatePagefilePrivilege	3944	Discord.exe
Token: SeShutdownPrivilege	3944	Discord.exe
Token: SeCreatePagefilePrivilege	3944	Discord.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3024	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 3024	2952	DiscordSetup.exe	89
PID 2952 wrote to memory of 3024	2952	DiscordSetup.exe	89
PID 2952 wrote to memory of 3024	2952	DiscordSetup.exe	89
PID 3024 wrote to memory of 3944	3024	Update.exe	99
PID 3024 wrote to memory of 3944	3024	Update.exe	99
PID 3024 wrote to memory of 3944	3024	Update.exe	99
PID 3944 wrote to memory of 1284	3944	Discord.exe	100
PID 3944 wrote to memory of 1284	3944	Discord.exe	100
PID 3944 wrote to memory of 1284	3944	Discord.exe	100
PID 3944 wrote to memory of 732	3944	Discord.exe	101
PID 3944 wrote to memory of 732	3944	Discord.exe	101
PID 3944 wrote to memory of 732	3944	Discord.exe	101
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 2220	3944	Discord.exe	102
PID 3944 wrote to memory of 4088	3944	Discord.exe	103
PID 3944 wrote to memory of 4088	3944	Discord.exe	103
PID 3944 wrote to memory of 4088	3944	Discord.exe	103
PID 3944 wrote to memory of 1904	3944	Discord.exe	105
PID 3944 wrote to memory of 1904	3944	Discord.exe	105
PID 3944 wrote to memory of 1904	3944	Discord.exe	105
PID 3944 wrote to memory of 2868	3944	Discord.exe	107
PID 3944 wrote to memory of 2868	3944	Discord.exe	107
PID 3944 wrote to memory of 2868	3944	Discord.exe	107
PID 3944 wrote to memory of 1664	3944	Discord.exe	110
PID 3944 wrote to memory of 1664	3944	Discord.exe	110
PID 3944 wrote to memory of 1664	3944	Discord.exe	110

C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe" --squirrel-install 1.0.9023
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3944
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe
      C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9023 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.26 --initial-client-data=0x53c,0x540,0x544,0x530,0x548,0x87e4d78,0x87e4d88,0x87e4d94
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1284
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
      4⤵
      Executes dropped EXE
      PID:732
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=1988,i,7853623525229718430,17132754007169736021,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2220
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2084 --field-trial-handle=1988,i,7853623525229718430,17132754007169736021,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4088
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:1904
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:2868
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:1664
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe\",-1" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4192
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe\" --url -- \"%1\"" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\Update.exe

Filesize
1.5MB

MD5
e1c1a57c36a2f214e8254e3d7cce7e5e

SHA1
d80e5c5cf4a49f5d80207777085180bd69668ddd

SHA256
5cc1486bcb7a867ff37a949fc67ff63c4fd1814aeca614770ef105bae92c3b4c

SHA512
142342e0b71c9a81d05a05538ca0e9e8ef3b7d3f756d487da979e138c460b9da826930abb379c77fc55552bf2a432fb062e8e27f42bc0fb8eb575e125363c61b

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\D3DCompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe

Filesize
130.2MB

MD5
5a35bf74684e9ad3b7108d5178857240

SHA1
930735458c370f926bfe5544dbd9cc78d1fa1aa6

SHA256
6d8feb38e09137b899febdf675af1e5cd3a2d02e341520c6e631f9dd923ab349

SHA512
5cc8ba646825581fd5cd41ee032d3a14efa2005be1d64e6538d73723ceeb4eed68dee08a08f9b2f041b32949aed1d58de79a428d23670e5e1ebd4a358ec84196

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe

Filesize
130.2MB

MD5
5a35bf74684e9ad3b7108d5178857240

SHA1
930735458c370f926bfe5544dbd9cc78d1fa1aa6

SHA256
6d8feb38e09137b899febdf675af1e5cd3a2d02e341520c6e631f9dd923ab349

SHA512
5cc8ba646825581fd5cd41ee032d3a14efa2005be1d64e6538d73723ceeb4eed68dee08a08f9b2f041b32949aed1d58de79a428d23670e5e1ebd4a358ec84196

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe

Filesize
130.2MB

MD5
5a35bf74684e9ad3b7108d5178857240

SHA1
930735458c370f926bfe5544dbd9cc78d1fa1aa6

SHA256
6d8feb38e09137b899febdf675af1e5cd3a2d02e341520c6e631f9dd923ab349

SHA512
5cc8ba646825581fd5cd41ee032d3a14efa2005be1d64e6538d73723ceeb4eed68dee08a08f9b2f041b32949aed1d58de79a428d23670e5e1ebd4a358ec84196

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe

Filesize
130.2MB

MD5
5a35bf74684e9ad3b7108d5178857240

SHA1
930735458c370f926bfe5544dbd9cc78d1fa1aa6

SHA256
6d8feb38e09137b899febdf675af1e5cd3a2d02e341520c6e631f9dd923ab349

SHA512
5cc8ba646825581fd5cd41ee032d3a14efa2005be1d64e6538d73723ceeb4eed68dee08a08f9b2f041b32949aed1d58de79a428d23670e5e1ebd4a358ec84196

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe

Filesize
130.2MB

MD5
5a35bf74684e9ad3b7108d5178857240

SHA1
930735458c370f926bfe5544dbd9cc78d1fa1aa6

SHA256
6d8feb38e09137b899febdf675af1e5cd3a2d02e341520c6e631f9dd923ab349

SHA512
5cc8ba646825581fd5cd41ee032d3a14efa2005be1d64e6538d73723ceeb4eed68dee08a08f9b2f041b32949aed1d58de79a428d23670e5e1ebd4a358ec84196

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\Discord.exe

Filesize
130.2MB

MD5
5a35bf74684e9ad3b7108d5178857240

SHA1
930735458c370f926bfe5544dbd9cc78d1fa1aa6

SHA256
6d8feb38e09137b899febdf675af1e5cd3a2d02e341520c6e631f9dd923ab349

SHA512
5cc8ba646825581fd5cd41ee032d3a14efa2005be1d64e6538d73723ceeb4eed68dee08a08f9b2f041b32949aed1d58de79a428d23670e5e1ebd4a358ec84196

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\d3dcompiler_47.dll

Filesize
3.9MB

MD5
3b4647bcb9feb591c2c05d1a606ed988

SHA1
b42c59f96fb069fd49009dfd94550a7764e6c97c

SHA256
35773c397036b368c1e75d4e0d62c36d98139ebe74e42c1ff7be71c6b5a19fd7

SHA512
00cd443b36f53985212ac43b44f56c18bf70e25119bbf9c59d05e2358ff45254b957f1ec63fc70fb57b1726fd8f76ccfad8103c67454b817a4f183f9122e3f50

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\ffmpeg.dll

Filesize
3.1MB

MD5
2a66ad2838355a0f800c713d01c6c031

SHA1
bf82a52eda42c2a7eb3dd292288aff202037925e

SHA256
3d156e945359e50886d7471d89a5184ead70209a681a2aa7eb02f4c5d34f2a0a

SHA512
cf374b4f7b99d600cda49a442f9488bd55b99b5d540e1bc587c4996e8d5b85d1737c7d26bfae1c86fd61de67e8e1586dce8625f35f3ebffe71e206287e408069

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\ffmpeg.dll

Filesize
3.1MB

MD5
2a66ad2838355a0f800c713d01c6c031

SHA1
bf82a52eda42c2a7eb3dd292288aff202037925e

SHA256
3d156e945359e50886d7471d89a5184ead70209a681a2aa7eb02f4c5d34f2a0a

SHA512
cf374b4f7b99d600cda49a442f9488bd55b99b5d540e1bc587c4996e8d5b85d1737c7d26bfae1c86fd61de67e8e1586dce8625f35f3ebffe71e206287e408069

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\ffmpeg.dll

Filesize
3.1MB

MD5
2a66ad2838355a0f800c713d01c6c031

SHA1
bf82a52eda42c2a7eb3dd292288aff202037925e

SHA256
3d156e945359e50886d7471d89a5184ead70209a681a2aa7eb02f4c5d34f2a0a

SHA512
cf374b4f7b99d600cda49a442f9488bd55b99b5d540e1bc587c4996e8d5b85d1737c7d26bfae1c86fd61de67e8e1586dce8625f35f3ebffe71e206287e408069

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\ffmpeg.dll

Filesize
3.1MB

MD5
2a66ad2838355a0f800c713d01c6c031

SHA1
bf82a52eda42c2a7eb3dd292288aff202037925e

SHA256
3d156e945359e50886d7471d89a5184ead70209a681a2aa7eb02f4c5d34f2a0a

SHA512
cf374b4f7b99d600cda49a442f9488bd55b99b5d540e1bc587c4996e8d5b85d1737c7d26bfae1c86fd61de67e8e1586dce8625f35f3ebffe71e206287e408069

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\ffmpeg.dll

Filesize
3.1MB

MD5
2a66ad2838355a0f800c713d01c6c031

SHA1
bf82a52eda42c2a7eb3dd292288aff202037925e

SHA256
3d156e945359e50886d7471d89a5184ead70209a681a2aa7eb02f4c5d34f2a0a

SHA512
cf374b4f7b99d600cda49a442f9488bd55b99b5d540e1bc587c4996e8d5b85d1737c7d26bfae1c86fd61de67e8e1586dce8625f35f3ebffe71e206287e408069

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\libEGL.dll

Filesize
394KB

MD5
5ccb122e1611f7a5c618d5cacb28a158

SHA1
015136a7b387518a1b39cdd7fe5ed531781223de

SHA256
ab141716d35c405a96f2f3cfab2aab911de49763e76172df38e02fdd95a7c585

SHA512
dccab5ff7af48f5b76854aa988e531dcd61d074ef3d55d33501800a90c5d5c54d70d699838757bf85e6ebcb74481c9617ea978fd9ea9007ec055be28c0564b85

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\libGLESv2.dll

Filesize
6.4MB

MD5
305130d6104f70318296592e9f156a4f

SHA1
ed5d07b689b1c826b861e90bc4ff6be561057c95

SHA256
e076450705197ac81ff6a69eb77a85360b7063196447aded02485076cb9e70cf

SHA512
14996848d33a26a0f4a1b43332ef143713f47c8137003955b1fd22f748752c1a1f454d5842a35f1c0d66df03e0b0da460e2ef6d4c36111664645dc97a8a6c1d2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\libegl.dll

Filesize
394KB

MD5
5ccb122e1611f7a5c618d5cacb28a158

SHA1
015136a7b387518a1b39cdd7fe5ed531781223de

SHA256
ab141716d35c405a96f2f3cfab2aab911de49763e76172df38e02fdd95a7c585

SHA512
dccab5ff7af48f5b76854aa988e531dcd61d074ef3d55d33501800a90c5d5c54d70d699838757bf85e6ebcb74481c9617ea978fd9ea9007ec055be28c0564b85

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\libglesv2.dll

Filesize
6.4MB

MD5
305130d6104f70318296592e9f156a4f

SHA1
ed5d07b689b1c826b861e90bc4ff6be561057c95

SHA256
e076450705197ac81ff6a69eb77a85360b7063196447aded02485076cb9e70cf

SHA512
14996848d33a26a0f4a1b43332ef143713f47c8137003955b1fd22f748752c1a1f454d5842a35f1c0d66df03e0b0da460e2ef6d4c36111664645dc97a8a6c1d2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\resources.pak

Filesize
5.1MB

MD5
7fd8c5f2e763aa919775b9dccac733de

SHA1
0192874c667b10b9da77e97b9897e794121f4e5c

SHA256
5cffe876882d9f5acf5e2dbc5629b0083a2d3c87e7f57c0992ea5a4c720bf38a

SHA512
977881e62fb96130f9a042b015e7e22ad4ae5ec63b6a73946783d63dd983b8edca021cd6d822ce51828451b2a94c4a20584802b495feaa863aaf6b2660643ff5

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\resources\app.asar

Filesize
6.3MB

MD5
d1fd1c56a4743c509aad7b4a874b3864

SHA1
140a70f9d4aaed666306fe88182db88e2aa93f34

SHA256
6f53ad29e67d9c1a775077db6110664e206898d71c373b9a5f4fd227807d8ee6

SHA512
ab1e52bddc9a2bc7f50f7bf1c2d07d827d650f2f45a42ab50912e899c6b47793dac702d5a358fdd318018d9cc2f3876b1e2e59993f7aaa5b57ed115fc6bd9596

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\resources\build_info.json

Filesize
83B

MD5
fe4c58d125243b4331dfa1fe2fc77acc

SHA1
44e6ae14d3b26cc83c20af285c581e6494f0e38c

SHA256
22fcd2ec831187c3a309420fcb1a5316d1b72e797d7a122b0a19669a340538ed

SHA512
ca6dfb7921c4c2b84ad1b9223c8bae68704786712b12c28d0161cb1b5de8e150a09dcc7ebd76b3b9ed170b1da83b1e090e29c886fda23b851c83f9a19f86c9ad

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\v8_context_snapshot.bin

Filesize
585KB

MD5
3f6f227dc46c0d5262cd6ca9bb7703e5

SHA1
c8bc76f93cc6305e70f2041a52acfa6c44e9889b

SHA256
869f5e88fb5e04840f035fc1c3f688e94499c8514bd053c9979413ebb8de4611

SHA512
566394fef910b8edeb04c7f5c172ce9b361478275463f7eee4b5611536241431fa7638e47e5ac4b9df7467c98b120869b4e4f87e46628b40dae5685897cd256c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\vk_swiftshader.dll

Filesize
4.3MB

MD5
47ba37103b50e9ae1dd791aae269b515

SHA1
afd58777a113847339d69cefd7cca277dbb778df

SHA256
af8f9bf5b52c6525b0d4a0a09988c1541f70a64ac92274dbe7d942623b9d4985

SHA512
c07b3ceedce3635375f7f793ec7ebbc4866f436fd91748206a629e0f30ce1969fe656e55e95e4bda5635f0cd3994c28aada112d15ab8c1a693599bb824b502cf

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9023\vk_swiftshader.dll

Filesize
4.3MB

MD5
47ba37103b50e9ae1dd791aae269b515

SHA1
afd58777a113847339d69cefd7cca277dbb778df

SHA256
af8f9bf5b52c6525b0d4a0a09988c1541f70a64ac92274dbe7d942623b9d4985

SHA512
c07b3ceedce3635375f7f793ec7ebbc4866f436fd91748206a629e0f30ce1969fe656e55e95e4bda5635f0cd3994c28aada112d15ab8c1a693599bb824b502cf

Download Submit
C:\Users\Admin\AppData\Local\Discord\packages\Discord-1.0.9023-full.nupkg

Filesize
90.8MB

MD5
5d21e7862f15fb655fc25d4bc44a4bd5

SHA1
0700805bdb793588c811724badd6e1f3c8924da5

SHA256
aea4b7baa7b9a230729075878b4cd5aac73de3aaa5c39462b75243da2cc01ceb

SHA512
0ef9b36729cc8b18b7e5b8728e2315760aa152f00e708e2fd26f9710fa64969568cc0a987d8657f00bf6b296aa8375d8b5466463cb6ee8c95b1b0fbe5efb6eaf

Download Submit
C:\Users\Admin\AppData\Local\Discord\packages\RELEASES

Filesize
80B

MD5
03aad23bba311ba04390f899cd9b5d02

SHA1
ec0049d9114bc155841e518560c84d13c74e1651

SHA256
950309fb5936ac76e3b9a5ba5b35f9586f529b50204138f923ae6ba57c2f41e7

SHA512
c3f4db511f5229ede5943a8a7cc497fb06b223dc21f2059bf3aa6828511cfdf7095910176fdc4e2681c2dfb7e3b95ca931a486f6a1e06be780ca5fa652fbb4d7

Download Submit
C:\Users\Admin\AppData\Local\Discord\update.exe

Filesize
1.5MB

MD5
e1c1a57c36a2f214e8254e3d7cce7e5e

SHA1
d80e5c5cf4a49f5d80207777085180bd69668ddd

SHA256
5cc1486bcb7a867ff37a949fc67ff63c4fd1814aeca614770ef105bae92c3b4c

SHA512
142342e0b71c9a81d05a05538ca0e9e8ef3b7d3f756d487da979e138c460b9da826930abb379c77fc55552bf2a432fb062e8e27f42bc0fb8eb575e125363c61b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9023-full.nupkg

Filesize
90.8MB

MD5
5d21e7862f15fb655fc25d4bc44a4bd5

SHA1
0700805bdb793588c811724badd6e1f3c8924da5

SHA256
aea4b7baa7b9a230729075878b4cd5aac73de3aaa5c39462b75243da2cc01ceb

SHA512
0ef9b36729cc8b18b7e5b8728e2315760aa152f00e708e2fd26f9710fa64969568cc0a987d8657f00bf6b296aa8375d8b5466463cb6ee8c95b1b0fbe5efb6eaf

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
03aad23bba311ba04390f899cd9b5d02

SHA1
ec0049d9114bc155841e518560c84d13c74e1651

SHA256
950309fb5936ac76e3b9a5ba5b35f9586f529b50204138f923ae6ba57c2f41e7

SHA512
c3f4db511f5229ede5943a8a7cc497fb06b223dc21f2059bf3aa6828511cfdf7095910176fdc4e2681c2dfb7e3b95ca931a486f6a1e06be780ca5fa652fbb4d7

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
e1c1a57c36a2f214e8254e3d7cce7e5e

SHA1
d80e5c5cf4a49f5d80207777085180bd69668ddd

SHA256
5cc1486bcb7a867ff37a949fc67ff63c4fd1814aeca614770ef105bae92c3b4c

SHA512
142342e0b71c9a81d05a05538ca0e9e8ef3b7d3f756d487da979e138c460b9da826930abb379c77fc55552bf2a432fb062e8e27f42bc0fb8eb575e125363c61b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
e1c1a57c36a2f214e8254e3d7cce7e5e

SHA1
d80e5c5cf4a49f5d80207777085180bd69668ddd

SHA256
5cc1486bcb7a867ff37a949fc67ff63c4fd1814aeca614770ef105bae92c3b4c

SHA512
142342e0b71c9a81d05a05538ca0e9e8ef3b7d3f756d487da979e138c460b9da826930abb379c77fc55552bf2a432fb062e8e27f42bc0fb8eb575e125363c61b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/732-225-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/732-227-0x0000000004EA0000-0x0000000004EC0000-memory.dmp

Filesize
128KB

Download
memory/732-222-0x0000000073C30000-0x00000000743E0000-memory.dmp

Filesize
7.7MB

Download
memory/732-291-0x0000000073C30000-0x00000000743E0000-memory.dmp

Filesize
7.7MB

Download
memory/3024-34-0x0000000008250000-0x0000000008258000-memory.dmp

Filesize
32KB

Download
memory/3024-43-0x0000000008A60000-0x0000000008A98000-memory.dmp

Filesize
224KB

Download
memory/3024-46-0x00000000061A0000-0x00000000061AE000-memory.dmp

Filesize
56KB

Download
memory/3024-11-0x0000000005A10000-0x0000000005A20000-memory.dmp

Filesize
64KB

Download
memory/3024-10-0x0000000073C30000-0x00000000743E0000-memory.dmp

Filesize
7.7MB

Download
memory/3024-9-0x0000000000F40000-0x00000000010B6000-memory.dmp

Filesize
1.5MB

Download
memory/3024-313-0x0000000073C30000-0x00000000743E0000-memory.dmp

Filesize
7.7MB

Download
memory/3024-314-0x0000000005A10000-0x0000000005A20000-memory.dmp

Filesize
64KB

Download