380317fac753ab94b6443709a0c8f9230d829288f61038e0490938b4fb1aff74

Analysis

max time kernel
193s
max time network
255s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
21/02/2024, 11:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiscordSetup (2).exe
Size

91.7MB
MD5

f436a7d1482c45132be1aaf6117af938
SHA1

0c7817a11b8b3d97d46ab2cfebf23a8901315fc4
SHA256

380317fac753ab94b6443709a0c8f9230d829288f61038e0490938b4fb1aff74
SHA512

fbc283b9e8e55b0a98784c6fb74ed3a3bc2ec402a274aeafc57ca04f9933a3d7f77f76c5957f0e41aded6060c81e3421867d3aec70b7a77d0f28d38e375a839c
SSDEEP

1572864:ZPbzMgmOg0fV+8nFhzQnP1cS2pF9DhElBgvN/jOWgvjH9otWn1Mc6kOT:tTcSzyiS2n9mBgvROLmtW/6xT

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Control Panel\International\Geo\Nation	Discord.exe

Executes dropped EXE 12 IoCs

pid	Process
5080	Update.exe
376	Discord.exe
2608	Discord.exe
1124	Update.exe
4380	Discord.exe
4656	Discord.exe
3136	Update.exe
3844	Discord.exe
3536	Discord.exe
4792	Discord.exe
2052	Discord.exe
4552	Discord.exe

Loads dropped DLL 18 IoCs

pid	Process
376	Discord.exe
2608	Discord.exe
4380	Discord.exe
4656	Discord.exe
4380	Discord.exe
4380	Discord.exe
4380	Discord.exe
4380	Discord.exe
3844	Discord.exe
3536	Discord.exe
3844	Discord.exe
4792	Discord.exe
4792	Discord.exe
4792	Discord.exe
4792	Discord.exe
4792	Discord.exe
2052	Discord.exe
4552	Discord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe

Modifies registry class 19 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\shell	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\shell\open\command	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9033\\Discord.exe\",-1"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9033\\Discord.exe\" --url -- \"%1\""	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9033\\Discord.exe\",-1"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\shell\open	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9033\\Discord.exe\" --url -- \"%1\""	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Discord	reg.exe

Modifies registry key 1 TTPs 9 IoCs

Modify Registry

T1112

pid	Process
4548	reg.exe
4412	reg.exe
1488	reg.exe
2996	reg.exe
1140	reg.exe
4072	reg.exe
4576	reg.exe
4924	reg.exe
3064	reg.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	Discord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Discord.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Discord.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
376	Discord.exe
376	Discord.exe
376	Discord.exe
376	Discord.exe
376	Discord.exe
376	Discord.exe
376	Discord.exe
376	Discord.exe
376	Discord.exe
376	Discord.exe
3844	Discord.exe
3844	Discord.exe
3844	Discord.exe
3844	Discord.exe
3844	Discord.exe
3844	Discord.exe
3844	Discord.exe
3844	Discord.exe
3844	Discord.exe
3844	Discord.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeShutdownPrivilege	376	Discord.exe
Token: SeCreatePagefilePrivilege	376	Discord.exe
Token: SeShutdownPrivilege	376	Discord.exe
Token: SeCreatePagefilePrivilege	376	Discord.exe
Token: SeShutdownPrivilege	3844	Discord.exe
Token: SeCreatePagefilePrivilege	3844	Discord.exe
Token: SeShutdownPrivilege	3844	Discord.exe
Token: SeCreatePagefilePrivilege	3844	Discord.exe
Token: SeShutdownPrivilege	3844	Discord.exe
Token: SeCreatePagefilePrivilege	3844	Discord.exe
Token: SeShutdownPrivilege	3844	Discord.exe
Token: SeCreatePagefilePrivilege	3844	Discord.exe
Token: SeShutdownPrivilege	3844	Discord.exe
Token: SeCreatePagefilePrivilege	3844	Discord.exe
Token: SeShutdownPrivilege	3844	Discord.exe
Token: SeCreatePagefilePrivilege	3844	Discord.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5080	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 5080	4744	DiscordSetup (2).exe	73
PID 4744 wrote to memory of 5080	4744	DiscordSetup (2).exe	73
PID 4744 wrote to memory of 5080	4744	DiscordSetup (2).exe	73
PID 5080 wrote to memory of 376	5080	Update.exe	74
PID 5080 wrote to memory of 376	5080	Update.exe	74
PID 5080 wrote to memory of 376	5080	Update.exe	74
PID 376 wrote to memory of 2608	376	Discord.exe	75
PID 376 wrote to memory of 2608	376	Discord.exe	75
PID 376 wrote to memory of 2608	376	Discord.exe	75
PID 376 wrote to memory of 1124	376	Discord.exe	76
PID 376 wrote to memory of 1124	376	Discord.exe	76
PID 376 wrote to memory of 1124	376	Discord.exe	76
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4380	376	Discord.exe	77
PID 376 wrote to memory of 4656	376	Discord.exe	78
PID 376 wrote to memory of 4656	376	Discord.exe	78
PID 376 wrote to memory of 4656	376	Discord.exe	78
PID 376 wrote to memory of 4412	376	Discord.exe	80
PID 376 wrote to memory of 4412	376	Discord.exe	80
PID 376 wrote to memory of 4412	376	Discord.exe	80
PID 376 wrote to memory of 4924	376	Discord.exe	88
PID 376 wrote to memory of 4924	376	Discord.exe	88
PID 376 wrote to memory of 4924	376	Discord.exe	88
PID 376 wrote to memory of 1488	376	Discord.exe	82
PID 376 wrote to memory of 1488	376	Discord.exe	82
PID 376 wrote to memory of 1488	376	Discord.exe	82

C:\Users\Admin\AppData\Local\Temp\DiscordSetup (2).exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup (2).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5080
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe" --squirrel-install 1.0.9033
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:376
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe
      C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9033 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.26 --initial-client-data=0x500,0x504,0x508,0x4fc,0x50c,0x90d5d78,0x90d5d88,0x90d5d94
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2608
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
      4⤵
      Executes dropped EXE
      PID:1124
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1844,i,6898796076175739191,7772603887256320686,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4380
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1940 --field-trial-handle=1844,i,6898796076175739191,7772603887256320686,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4656
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:4412
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:1488
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe\",-1" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4576
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe\" --url -- \"%1\"" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:2996
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4924

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2944

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:3136
- C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe
  "C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3844
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe
    C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9033 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.26 --initial-client-data=0x4e4,0x4e8,0x4ec,0x4e0,0x4f0,0x90d5d78,0x90d5d88,0x90d5d94
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3536
- - C:\Windows\SysWOW64\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
    3⤵
    - Modifies registry class
    - Modifies registry key
    PID:1140
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1736,i,5386182941263754416,18124287525734128395,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4792
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=disclip --bypasscsp-schemes --cors-schemes --fetch-schemes=disclip --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1868 --field-trial-handle=1736,i,5386182941263754416,18124287525734128395,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2052
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=disclip --bypasscsp-schemes --cors-schemes --fetch-schemes=disclip --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2544 --field-trial-handle=1736,i,5386182941263754416,18124287525734128395,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4552
- - C:\Windows\SysWOW64\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
    3⤵
    - Modifies registry class
    - Modifies registry key
    PID:4072
- - C:\Windows\SysWOW64\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe\",-1" /f
    3⤵
    - Modifies registry class
    - Modifies registry key
    PID:4548
- - C:\Windows\SysWOW64\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe\" --url -- \"%1\"" /f
    3⤵
    - Modifies registry class
    - Modifies registry key
    PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\SquirrelSetup.log

Filesize
2KB

MD5
552a9dd580eb2e1be354e0372d596199

SHA1
7cd1aa25e90f9e6524a6ca149bed97b75616eb88

SHA256
555c79403e97f50d063e3500895b51f5968359c0c7aad0e172769e1cac6f77e5

SHA512
32b7180f973c590c3f5847678d01b338646c33080e1ecddaade8c1fbf6e95ff8a807007ea28bcb2c70ae5e0b8c32c3258cef83cd619056d56477d87b1d024a46

Download Submit
C:\Users\Admin\AppData\Local\Discord\Update.exe

Filesize
832KB

MD5
41c852be3a25093011d125f422ec3dcb

SHA1
f7cf263dd47f83350af357aad42498a1a21f2c0e

SHA256
93c1a720ba7243cd43f9a8e3a0f709328b39700fa95ac3f30c3167b741212a3c

SHA512
8f9caf05cc7edb19cb862d52c610a529a0fb3335b03c35954ae0ec418f1b96d1d5b6899d95b6400300ae717b206d5a766a27a4ef9e6ff50cd66250f504081f7a

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\D3DCompiler_47.dll

Filesize
1.8MB

MD5
a10ecacf4d1740b2f29615549db19a6c

SHA1
856b529cc0fa38bb2bf5201a2275e8b85d03d8dc

SHA256
5173c4e7ba4bff91a862028a20c6e9c440921780bab916f689f544d015f29d28

SHA512
167984debe5e03e1d723f61ec1763a200b50ce4f5332848b055f423a02dc41170d5062345943006ba0aef73b058518404ee1461f95041dd08eead2e8d14ea2d8

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe

Filesize
16.3MB

MD5
de1608aa0c1c0bbdffe0a7d171a4f7cd

SHA1
115bca8ef684d94ac3e5e9f8647ad4a7eafa029c

SHA256
f7743ec38568801f65b953d2b28f62aa3c3716b5cba2123f683a4ea38a9456b9

SHA512
7f2a57d3101b5c062e65b6f460ddb97d0cfbfb6f7dca295af2e53ce393249a35fc56ad05acbf61ab4320fec7b7f70a881f6089a432b506046d13147045adaa75

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe

Filesize
10.1MB

MD5
84ab1e1b7548e423b95137f0e5c40019

SHA1
f2c873ccf93f678950dc0220588e5772bbbd3703

SHA256
0d381656a1116fbb1d5d2a9f7e7a4c4c541ab798332eea10b5af791a6fb152d5

SHA512
98292b3781140ee69b98540f8b379bcd48338a7ebc01b251f9f5df4aaa27094f78f641d7e77ad7b6971dd5e6493c2fce1dc18b7b990c5641664c413ad1d9c723

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe

Filesize
1.8MB

MD5
77c3ce688262cb2a8595ac37b5947083

SHA1
d664dd280c6b313cc37e24c2036c5ca0636f0d0a

SHA256
18a7881df440af7ee2b8557c46fc4920ade1652535abc563639fb59cea2e4dcf

SHA512
0b354949b898df3afad3decec882d5641936d579a57bb1a660966092b997a28063984265a5aa384f84a91ca770390f5b5ed5c52e859b2531d623226958c9bc28

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe

Filesize
2.6MB

MD5
eb884f413e3f85320588881a6b6dbef5

SHA1
9fe8566f40c86f373af67164fed86f9ce8faf595

SHA256
39fa12c9fb6076a9e34f5d2acf3e1cd5bf8bd6fe0b4f31126d9eba2b44c8542c

SHA512
89e5d233b095142ce9513b04c4d863d437316ae77e6f6aff829368833463ce9e0856ea7dad324530155db82400dc46fe0975222c4fc9cdb9ec6bb89ed72f6458

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe

Filesize
2.3MB

MD5
6d9c8b7043bd7ff1b59785520a84db83

SHA1
ceb88bc71edbb6bda77ad05f790df59403fd048b

SHA256
14bf5f04d45aaca0c229135dbbdbbfd0c0a5e7cbd2d91208eff68e4f9877c347

SHA512
d0142f896c99f11cc59eb18aeed21a67024919340e14461c945ebb9d3ce95ec3b0d494a40e1608490aa92219f323119d00c274c1aae344c4baeb52a1fae6a2d3

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe

Filesize
2.5MB

MD5
17e4db388b7dfb693422cd5675be72c1

SHA1
1b706d0049435f7f429d2d4156e04fc181d456f6

SHA256
963286cf0d2416b874df1c128853471c58a9fa3b88550589b300d0779ff362f1

SHA512
698a44e1ac736b356badef460d22c7be8fa0d555918d05c807d7055d584f235a682b115138af619cb21112168be21adf33992ee2c5a7c8d114ecbc89e273a997

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe

Filesize
3.6MB

MD5
a820690f4793040ae35acbf413bf7a2a

SHA1
d31be1ce332183f00155e73f3458392445614d4d

SHA256
f6dea5651a1ea12ffc1b47baa39c3af47cb065d3ffa7e4c7ab1799c0ecc23f8e

SHA512
3da5e03b8e2a74e15112f6b3cc9f5fc3d6e8959228696d6541f9b29a827aae808576854fef323ea3320a52e7fcecd328f40143f4cee6fdb76a4cd114c30b630e

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe

Filesize
2.6MB

MD5
f4a1ff41cd11670c1abc6a321ac40950

SHA1
af12417002e723357c64b5d9fe9eacfe9c2b16aa

SHA256
b501634dab4ccc37507c7c394b1d6939b353bd780d72ab4ee89ff245d06246b4

SHA512
0fc665932a41e4a74eb38a3890cd0d2a030cd9b61bccb9f40f50c10592aed555aaa863ac765ef060d817c46507ca25fec20c764682f990683759dbdda5a1c84b

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\Discord.exe

Filesize
1.7MB

MD5
11f726fc77ea9418a6c11591fc9874c2

SHA1
bed5363b21131e93ed8d59694eb9481470b83e19

SHA256
68902863d5f9e1db3f5d94c1c5ee7d60fc68da9ecef578dcc61c7a6fce2756af

SHA512
8e834be5db41f2e9bbadde82e9ad25f8e51c8a82dd96b1a110079853be9816af0f6de55a69978468759f47180bc02647332b62fc292e7cb6d9b31a893e57fbe0

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\ffmpeg.dll

Filesize
3.1MB

MD5
8b7fe65dade44f2ff73f0463d1de3362

SHA1
54a2710a3ecb11bbd31ec819f2d85659fa76f1e1

SHA256
929e2c95a29ebe8d40ae81c11e8ef40e5144d951357a349f9327a7d915247f11

SHA512
28d529b1665ae4226098bb963caf1fdd0a5eea6118a5a46d4c649d1d13e5892049ca288bbb1fd17e6ad3be39308a1e4fec4840404b319a47be378ed611fdcca9

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\libglesv2.dll

Filesize
1.4MB

MD5
db7a63b1f89acee425e33b53cd92d211

SHA1
7d85d358916b7df4060f4ee78e78044d43519879

SHA256
7114530fb8d61a67d66afe66be47bd82e5187430416e41e285a3e145ec664a3f

SHA512
021000c3353b819d25b55b4234b578ff73613acff3826a0f2540d1cb2a46851db19ac5d10acf5b1533884f75dbc95ccbed1d7a149ba537e9dfeed37d92d13809

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\resources.pak

Filesize
1.3MB

MD5
60d26dfb5705faee6aba5fd990463101

SHA1
6731edd98bc75b38640ceb29cb15931145dfad41

SHA256
0ddbb62fbb94910ae77157364bff8a03237d3027133bb883c12fbbee597fbe54

SHA512
0db94dd79d57deaa9d9f254dc8bd21d38c0eb464b50058159ed8163d76c37659596bca45a85a7c7d3a660b494c9dfec46f9427d1fb77d5772d332ed3d6e0b46c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\resources\app.asar

Filesize
5.9MB

MD5
b9c4fc36c7b93ff4104561081f351996

SHA1
5a662eeb566c8217113aa1d86e311e3803dad738

SHA256
dcec3d507c1bfdd36ed9806a0ad798c1433ebed5204868b46ed3a6f774f25b86

SHA512
c00eafd1f2561c7fac3613742873d057a7ecb3784c25983dae0a3347dcb1f92f919fe1ac80c1241e5fd85cbe48f95e6e1a420877a1906d4f92258ab79a91bb3d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\resources\build_info.json

Filesize
83B

MD5
9d612246604bc29ba7a900a04994a807

SHA1
ff9e2798c83d9da553bc92e439bde62580f4e223

SHA256
9ba9b3d0925f9c80bf42357b8711b7168a10befccfc8de7cae7cad64de005c60

SHA512
99b1e4d9c9ae81e9501ac7e3e13b9bfc35b4d5d7870ba64f1adef2bcbd31035f30aa091bd9cefce145ed7b20ccf691cfd6efc8806264451bd6c77b10f9e10e66

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\updater.node

Filesize
1.9MB

MD5
718556018a5fc66c79a540a0e140fed3

SHA1
7a682f42a8f23a66d8d1e7012f4b57dc4f75542c

SHA256
0c366670a099611aacc43d893dba307aa603dfc11e9c07fe3979f5b03af6ac58

SHA512
13f667c82a407d196c0b3feefa843f4dc71ee85d455688dd3064ae85a0f69e2cd7279097f6e2424e48fb87659f226775ca548c44bbb334e51cdee9c507cc5a03

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\v8_context_snapshot.bin

Filesize
585KB

MD5
3f6f227dc46c0d5262cd6ca9bb7703e5

SHA1
c8bc76f93cc6305e70f2041a52acfa6c44e9889b

SHA256
869f5e88fb5e04840f035fc1c3f688e94499c8514bd053c9979413ebb8de4611

SHA512
566394fef910b8edeb04c7f5c172ce9b361478275463f7eee4b5611536241431fa7638e47e5ac4b9df7467c98b120869b4e4f87e46628b40dae5685897cd256c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9033\vk_swiftshader.dll

Filesize
1.2MB

MD5
dda0693bfffb912a887966dd18088498

SHA1
f20fc84427ed99b15a68e927bd4ce62ad8e723e6

SHA256
c3de8b0d056262745207d0e09d8e1010486ebeef2e81e0e823192706bb483d76

SHA512
dbcb655b2f5c32284f3fcc2784025676bab2a37bd15b872b4c02f96d5c9ab39564544b4491d03479db520c0699dac07a31017ee5e16364406d8aac961136751a

Download Submit
C:\Users\Admin\AppData\Local\Discord\packages\Discord-1.0.9033-full.nupkg

Filesize
2.3MB

MD5
bb0afb839dbdd4b8745ef0070aac8001

SHA1
fcb26597fafd54d9dcfd6f21d816b35ff3f896c4

SHA256
27a81432d503001ce9b8b045f38f51fa024af81bfc4cc2eb128b5bdbda5b02d0

SHA512
b17ee758f5dbb182624d7c4a9b8625778a6020dab3f2b2ad7acc3b1702e421ae87973b9a90658bbb380bdfccc40a818d1f69a6ce549cf44ede58d54b7f94af1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Update.exe.log

Filesize
1KB

MD5
2244dc0b3273589a6f523d1132743c50

SHA1
aa3b1e074e6db473c5b29c613f96bdb1e055224f

SHA256
95360f53262f25f870960255268efe6213d026715336c1366db1a58b2b5e0f3f

SHA512
951c1be44dad2f68c35bbdc2a971316bc348298d91a1be97cc90eeb1e1082263473affc1117fd35ebff3744a70e19eb6c20cb587a059281ba1e24ee5636ea5d0

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9033-full.nupkg

Filesize
90.8MB

MD5
797dbaecf5ec51ae11a7da7cd022179b

SHA1
fe2fa932b01cccfaffc1a5ccaa4a6b5fbebbb44a

SHA256
07bd01d9fc6b5c4bdc2c9a28568e4c58fa9e2af5149cd5cf83f7992f909b78a8

SHA512
55f77de954e41d6538b782c8f49f1599621a76d903d469c5876c33be803d6f1db9ad242b59321b6561d225379fa71a50b24966715800911b8fcda33b1ac69414

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
9eefd4d9016af451e2db5fa6a904e5b9

SHA1
829ff8b19cb6f5a81104b4affa277208e9b0108d

SHA256
9b4a744a7d8a503bd792817a9415859805e6041039fb3f6adfba7d69b74cc32c

SHA512
a60067d90f0805cfc076f9a707a297db0cfed7e680ded4c4b74378a9ec1e9ca4e4ec77a6066bfcada157211bcda7b91ee008f798488fc93a2978ecf75593503a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
d7fdcb699ffc80a925263c77e0c7e21a

SHA1
bf2a72935e68fe9fe8baa360e476ea65d1f855e6

SHA256
86ef8295b610df84322bc1e18414601fa10fba22c3e0725c146907a725f0ac34

SHA512
a3efcae25c51ebd0c5ae71c91b9fd4433f5abc1841544c16e6f188c546af9dde225ff882c7610b7f690bc1cc85e427dd44680752db0448a68b9fdc05d2902747

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk

Filesize
2KB

MD5
43a4dc51da1724806ca26ac8de181bc6

SHA1
e2f4a6738f8fae283f9683ace7bbdbae7d46f820

SHA256
5082e1384035227cdfd7bccc0c396a34d6328a2b3d12a401cf8654a49e09402e

SHA512
2b040c150a3c26a0a74337dd8b721ec84d075d3d112749eb7ec62ba7530f23f0698581c131fab679f4ca31cef50bbe8efddb82b7c059892c1baea125a7124c76

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
30b1c86f6a2a17631bc9ca2866fb814b

SHA1
f84544e091b766bb25df0b883725de787d1bfcf8

SHA256
d71aa9a3ddd86690ff5bc5e067c687adbe738766b9192ee09bca4f3ddb01b0be

SHA512
45f2822f6c5f534e2c4a3511d1acedd407f19cbd76f64e1a009afc07241aef76c4156efecb746249200b6272958be6049efaae6d68a79f8855576a494075c45f

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.dat

Filesize
40B

MD5
b6cbbfac70831a4685d2e957be5fa7aa

SHA1
92a6d17c993d7292013d7cc80f09737beced50e6

SHA256
f8fe9f5c76019e10a438c437090102136882f5fcd77b51b010ea3f477a0aa6a0

SHA512
52df3ea12244b6d041286c6906e19420e7b9aa352b648d191e2913e0542bca0689199afa1427be2f88cb73469758fc8ee68071c39927eb11c4665c0b990d4778

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local State

Filesize
389B

MD5
00140610401ae50ea19b511e946cd963

SHA1
8ffc04268a23515be7e5fceee2f9d1fee4fd18ca

SHA256
455fd683975a5770845da11d5be6cd327df350de3d76b2ebdbb4a15ed3e47eee

SHA512
72bb09036b2ae6da81632794abc370e3d40adc63720c5ff5a61db31e80208c2d8591c7c2d9cb9dddd2a18b08a5031b74203ab24d2b43b5ee53131a2c35344be4

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\LOG

Filesize
247B

MD5
2cd1ffee6472271ba223a6b113f400a2

SHA1
87c28fa34be7259b0463fb744228b3b623ae50b0

SHA256
eb45492db2bb477b212a46d455fa7ba6e30de5e250194f1973714ce0f29cfb61

SHA512
ec6b50f941b99bd300ff24e7fce5e6043f3aaacd08783184a86673e8b1aef807c88433fdc4ff7fda314183f51bd0e50208ce833e3af7d6c24535c8168f2dbc77

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\Network Persistent State

Filesize
503B

MD5
cc729fda2d9a3ca4ff2d2b2e47acf511

SHA1
904ebd0f4367a94c5655618a39908dc8cd6367c6

SHA256
b143087b6f40fa5ad19fb155282f80b500f206852916870c7c28601f4c216dc0

SHA512
a53a110c5fba14940169d5c7eba00123818ed6d59c1b12a67763ddf899666bd256ba3118c2f22eee8cb8c31ef5b0263a13625dbaa784cfb55c7fe5f9a52095f2

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\discord\module_data\crashlogs\2024_02_21T11_51_10_389Z-0-events.log

Filesize
670B

MD5
11f1850375c55e05b751e5eff75a1210

SHA1
8131c85ff9ff7be9e702f7b3d3bf2fd58005d171

SHA256
614425be315b0d1f6666e5f6ee35b4c91a6572e1418c0646e85e9ec69728258f

SHA512
06e87da422b9551fceba33816d917a0688656a30b121c7026efea9211188337dbbb96a7ff25a4ba17c384adad46633c7719b266f4a782074229fe9f5c9fc7599

Download Submit
C:\Users\Admin\AppData\Roaming\discord\sentry\queue\queue.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Roaming\discord\sentry\scope_v3.json

Filesize
1KB

MD5
c014d3e7e88dfcdf012e392abe2721e9

SHA1
3ae20dec55a6595866be5dc19484dcd92201b50e

SHA256
0cc1c79370ed48fc4447d8bf1a4cbfe2f8fa028ec2da06ccfa1f45df726e2ea8

SHA512
2dce5fceea4c4f38ec23e6ed50f5f4feb371a4b1e1a1cdd123b0a4c35364cd5e436a17b12d2c1df172892a2437bd004c5240c65ff2d8e0797782d2511b1ba8a3

Download Submit
C:\Users\Admin\Desktop\Discord.lnk

Filesize
2KB

MD5
8215ec96793cfef9b9f680c02b97a7d4

SHA1
6968af542560c7b5c8758d1f2489a7ca68ae1910

SHA256
c1bd1a0bb2055d333bc498dd08d06c24729af38e24108037cd92a8a4f4f44adf

SHA512
3f84d71538e13eac16ab14f6ba2bb1d52dfea93c3bbb2bf41d6e5cc3d1db94c8594d2e9554cd4ef80e0972708d1379a3ae32851fcb193458dbaf09917af45e77

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9033\d3dcompiler_47.dll

Filesize
946KB

MD5
07229ddb993ba2a3190e805fadf68ffa

SHA1
287b6cb64527e07eb9c0d015c3fd4791f831297f

SHA256
2a31982affb7003b6067e5faad9ac7a7805bf880a78802ed63bd23adb3842bb8

SHA512
326082e5848c53730ab06d8d8c4c777216e34428406f627bac1d09826287a1462442159ac3730f13f4f601c03ccd9a199b6575f51d1079a4f8a2a18e5446a37a

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9033\ffmpeg.dll

Filesize
1.5MB

MD5
75c4909d31893ee18e7edc0979efa886

SHA1
f3a9a51e19f6fe63a5880cc7d30dbdf2c69eb26c

SHA256
256f1842d4b170e2afdf966b4b919f46c9f21d122990db536d4f020eb90c7d83

SHA512
cdb700fc2a5a999d150f1153789dfc941d4694af8dab66f79b3674cab7cbe1621f8c7b9409b6338d3ccdba23834cba041f4cc6e065bb3fb6b095f1dc21ea8708

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9033\ffmpeg.dll

Filesize
1.7MB

MD5
da2622c53be0c379e55188357859d5a7

SHA1
cdc14eb15573a7278edfe013851a40506f6f9298

SHA256
674901671f61cb1eadef95eb3746ad1876ef2d33eb5260e48e7629c913fdab64

SHA512
7c91e9963740fe86900a5a52b7b1a8f69e177e6c3f8c24f70c2c3d539af991d54f5bc8bb417ab2a5660114fc3d28ab25928ae67288fb05b2fd8bb4b897ceff68

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9033\ffmpeg.dll

Filesize
2.4MB

MD5
adc7267b9b77c30bc26905d028ed2cb7

SHA1
bf0f100479e4718aedb077a3936c74338408cbd3

SHA256
b461c645baa6dcf43eb27496b27d357c5570ac183c7fb0cfc25984bed161998c

SHA512
5a185c010558f963974caf9b8db9b25d9488d6a43ca36d4fc4129f44eb361f6fd47f6b262ec796d32a530b49bd5a0d00824d2a945842cc15836a80f81b74bff1

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9033\ffmpeg.dll

Filesize
1.8MB

MD5
eb76756d9ff942ab5a6155dd35e01556

SHA1
76901fc06baaf102f42f77e77c62a3189e8482bb

SHA256
e75c91a17676bfb37f4d5d7f0f4be26875eeb088252166986201909416954ec3

SHA512
c0ca9906ad89764069853cbdc2b1e4ba90686e748facf4df925cff99e2d27abe5a35e5d0138293a07b0374b586323c101e0af49179e11838e8aa5bd819b6f648

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9033\libEGL.dll

Filesize
394KB

MD5
daec2b3d7c492907ea9cb3389f1b525f

SHA1
b8cc098ebbf2e2d945d012e7ef203c08dc5a1611

SHA256
48f8115a96d0dbfdaa65bf4000d5da738eebf7dbc9685232944aaf69a197fa97

SHA512
b3213a73c553faae11286feee1d86c3cc658595acd53844372383013b724afab582c4f52063655e9490f8d73e0202eb38bec5aed7ecb0372a530603ac9d59eef

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9033\libGLESv2.dll

Filesize
1.5MB

MD5
368979d1574244ceb3fe31760ae52a04

SHA1
1299506ef89f66cfb892edce4e29aba0ca654e7f

SHA256
2836a26f2474a7b5353b51429ccb237d4bfe8b91c19cb6dbed87540c5775c825

SHA512
fdc4194f6071a4090e52953bbf626b6e2f42df65c1c4494a64906196484e301fd5dc9176eaa7f7ce87681775e84640333ef8d6eec4c34a0972c96f3b1e5a5bb4

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9033\updater.node

Filesize
1.8MB

MD5
9d5c95650b6429e36a9a746ec650fcb2

SHA1
65833a1bf0426841ae990d49beea6a7cd2a31482

SHA256
699270f070d80f69b8b88599ffe26ee0f5d7df32ca8be522a456c58e0e10f6c6

SHA512
23ac0531a097a9edc910e2eafc84b419b364240fe8dbc4cfee24695b64785a6d1751214251e6a10f4d9b4547925659abc73839e9dbcaa8a5d4c97c55d00ee4b4

Download Submit
\Users\Admin\AppData\Local\Discord\app-1.0.9033\vk_swiftshader.dll

Filesize
1.5MB

MD5
8b19528535035380ba2bab96623c77d8

SHA1
0bc655f0c14fd42a2b84e80b5ffee9515e338e85

SHA256
d66325c8b95d1435bd8807ed9ba4077cab717ec9f0161c282fe64e029828098a

SHA512
56f7d950d24dcf8b7ce41eb187dc638c38e1bbfe0d0122a5b0c07a7053c7fc2b979b7357865addb059864342a0b5cb51c86ed0c7498de5c2bab0768bc3676a18

Download Submit
memory/1124-273-0x00000000730F0000-0x00000000737DE000-memory.dmp

Filesize
6.9MB

Download
memory/1124-222-0x00000000730F0000-0x00000000737DE000-memory.dmp

Filesize
6.9MB

Download
memory/1124-223-0x0000000004B80000-0x0000000004B90000-memory.dmp

Filesize
64KB

Download
memory/1124-230-0x0000000004AE0000-0x0000000004B00000-memory.dmp

Filesize
128KB

Download
memory/3136-314-0x00000000730F0000-0x00000000737DE000-memory.dmp

Filesize
6.9MB

Download
memory/3136-321-0x00000000730F0000-0x00000000737DE000-memory.dmp

Filesize
6.9MB

Download
memory/3136-315-0x0000000005810000-0x0000000005820000-memory.dmp

Filesize
64KB

Download
memory/5080-200-0x0000000001480000-0x0000000001490000-memory.dmp

Filesize
64KB

Download
memory/5080-199-0x0000000010400000-0x0000000010438000-memory.dmp

Filesize
224KB

Download
memory/5080-309-0x00000000730F0000-0x00000000737DE000-memory.dmp

Filesize
6.9MB

Download
memory/5080-198-0x000000000FA80000-0x000000000FA88000-memory.dmp

Filesize
32KB

Download
memory/5080-11-0x0000000001480000-0x0000000001490000-memory.dmp

Filesize
64KB

Download
memory/5080-310-0x0000000001480000-0x0000000001490000-memory.dmp

Filesize
64KB

Download
memory/5080-10-0x00000000730F0000-0x00000000737DE000-memory.dmp

Filesize
6.9MB

Download
memory/5080-9-0x0000000000930000-0x0000000000AA6000-memory.dmp

Filesize
1.5MB

Download