974fed211f79d0b4ef3d6af92a7c4355ed91b8d4f830787f64daa6b0f2c7dcf1

Resubmissions

10/03/2024, 18:37

240310-w9lm9aac5y 7

05/03/2024, 23:48

240305-3tr9esea78 4

24/02/2024, 15:25

240224-stryjsfe44 7

Analysis

max time kernel
1483s
max time network
1509s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
24/02/2024, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiscordSetup.exe
Size

91.7MB
MD5

e4ffb4e97fcc52aff2aea87c052ea1f6
SHA1

bcd35d5ebbb42ea569fc0de708530846d564fc0d
SHA256

974fed211f79d0b4ef3d6af92a7c4355ed91b8d4f830787f64daa6b0f2c7dcf1
SHA512

98187f9e3726f237613d95ef41f8f5d3cde85477955c7a9a4ad24b10739e5d5078755d86449d0cc2901e23b6c66f10c73dd2c38d31cfe89a45eacc72f8ba97a2
SSDEEP

1572864:Fhr6Ezlu57o2dqPisSsvdWQtyNDq4vWBFaHqeL5FdRHa+9qnejabmNXHPBCx2LoK:/+Ezlu5c2dJavASyYxjaKeFF7Ha+96e1

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Executes dropped EXE 6 IoCs

pid	Process
1832	Update.exe
1020	Discord.exe
3984	Discord.exe
2036	Update.exe
4156	Discord.exe
2800	Discord.exe

Loads dropped DLL 8 IoCs

pid	Process
1020	Discord.exe
3984	Discord.exe
2800	Discord.exe
4156	Discord.exe
4156	Discord.exe
4156	Discord.exe
4156	Discord.exe
4156	Discord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Discord\shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Discord\shell\open	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9032\\Discord.exe\" --url -- \"%1\""	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Discord\DefaultIcon	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9032\\Discord.exe\",-1"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Discord\URL Protocol	reg.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry

T1112

pid	Process
776	reg.exe
4520	reg.exe
2520	reg.exe
4696	reg.exe
1144	reg.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1020	Discord.exe
1020	Discord.exe
1020	Discord.exe
1020	Discord.exe
1020	Discord.exe
1020	Discord.exe
1020	Discord.exe
1020	Discord.exe
1020	Discord.exe
1020	Discord.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1020	Discord.exe
Token: SeCreatePagefilePrivilege	1020	Discord.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1832	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 1832	4504	DiscordSetup.exe	82
PID 4504 wrote to memory of 1832	4504	DiscordSetup.exe	82
PID 4504 wrote to memory of 1832	4504	DiscordSetup.exe	82
PID 1832 wrote to memory of 1020	1832	Update.exe	83
PID 1832 wrote to memory of 1020	1832	Update.exe	83
PID 1832 wrote to memory of 1020	1832	Update.exe	83
PID 1020 wrote to memory of 3984	1020	Discord.exe	84
PID 1020 wrote to memory of 3984	1020	Discord.exe	84
PID 1020 wrote to memory of 3984	1020	Discord.exe	84
PID 1020 wrote to memory of 2036	1020	Discord.exe	85
PID 1020 wrote to memory of 2036	1020	Discord.exe	85
PID 1020 wrote to memory of 2036	1020	Discord.exe	85
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 4156	1020	Discord.exe	86
PID 1020 wrote to memory of 2800	1020	Discord.exe	87
PID 1020 wrote to memory of 2800	1020	Discord.exe	87
PID 1020 wrote to memory of 2800	1020	Discord.exe	87
PID 1020 wrote to memory of 2520	1020	Discord.exe	89
PID 1020 wrote to memory of 2520	1020	Discord.exe	89
PID 1020 wrote to memory of 2520	1020	Discord.exe	89
PID 1020 wrote to memory of 4696	1020	Discord.exe	91
PID 1020 wrote to memory of 4696	1020	Discord.exe	91
PID 1020 wrote to memory of 4696	1020	Discord.exe	91
PID 1020 wrote to memory of 1144	1020	Discord.exe	93
PID 1020 wrote to memory of 1144	1020	Discord.exe	93
PID 1020 wrote to memory of 1144	1020	Discord.exe	93

C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1832
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe" --squirrel-install 1.0.9032
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1020
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe
      C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9032 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.26 --initial-client-data=0x568,0x56c,0x570,0x564,0x574,0x88f5d78,0x88f5d88,0x88f5d94
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3984
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
      4⤵
      Executes dropped EXE
      PID:2036
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1952,i,14578291331818459425,14419749005633886298,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4156
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2044 --field-trial-handle=1952,i,14578291331818459425,14419749005633886298,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2800
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:2520
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4696
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:1144
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe\",-1" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:776
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe\" --url -- \"%1\"" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\D3DCompiler_47.dll

Filesize
3.2MB

MD5
76e39a5fce58153cf883b845d334f684

SHA1
1dd6b34e77b29d70085794d1be6907dfa3528516

SHA256
73b0258b0566946e4420cec360adb48493b8ed68e6f8c111f5202e97406e6b23

SHA512
c7ad6fa195ab1b449cc048b68c1dd0adcea09b18aa7707b1fe05e75151c95d539ca8b88fc561073931a6f4a52bd94ae3330c96ba48361134aa8fc36bd37c69b3

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe

Filesize
14.1MB

MD5
8a0e54f4d7368a0332544e76b09160a1

SHA1
a84b545192cf8f771f291c81cb640371353ccac2

SHA256
23cd015b50def39059548171af54ddac645a4610ce0e2c90781b0ce3099e94bf

SHA512
e5d2eae50966c33a586fbe2cfed79120e1bf1953c00b303fd96da0e4f126be294edd73ef5909a9168d567f7e6ac47fba71b346e89cb13e6f91d87902826c1331

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe

Filesize
1.3MB

MD5
1ee34e2d97ef02dcc8651aac4effa125

SHA1
d057b9c43e1db550145ab196aae946bf7263adde

SHA256
8fbe63733fcda0e4c1be92498b0d7adf9718ca6028f41c04c025ae95d89d5ce5

SHA512
b55efc823aff4f9331606259b398bf4215239523ce8129855768f9ae38795df5a0401b264e2d27876e53b305abff70f6b48a472f116ce37ce160abd6d4c7bc58

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe

Filesize
3.5MB

MD5
c623431556bf743d9b732af88202175b

SHA1
8b56355c9c31c6990f781c9a66f1e7807474f4eb

SHA256
0d00687bc03502b589a7c99fc44eb9dd7699f8dad7651e4f51a9add57f270a1a

SHA512
afcce1ceef3ac5603357d9516b1c6bfc8b8048a45f8853af13e3ad8c70b345d9aa3ae64bc890bfb9f942ac6dab546a82c1d0adcfe8b5c713c3829de202c246fc

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe

Filesize
2.9MB

MD5
ee15968fa7f1c6fe7f9d7225def501e4

SHA1
e3a2d83d7ec10697ad6a93bd9fb1ada4b514c0d2

SHA256
674ef71a0bb2bc4b21241c741f941bf8aa4be6f9285258d479b0b22140d58619

SHA512
a76bdef7fbafc8488c2421bddf48e9222825e29abe466d70dbf14ba0fa2a9fcad8752580703fbc9f44c361c486290a947655bc5037b59dd0544d44451ac221b7

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe

Filesize
2.6MB

MD5
e1a1679563affe1a36ef97face6dc6db

SHA1
b6df887d71d61d875e839cc57b2a1f044d1889e6

SHA256
1ed30117f12d73139e559c5a2dd9af33d3cb3cb48d61679df84b2f0024249c0b

SHA512
013da4ad1db549dc1dedb5e810d704e59e75717018774dfdc6e7dfa38a7b81cf0a2eee3acd5afec879ecf392496f2029d9dcad914a0c086a6193a57002049712

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\Discord.exe

Filesize
2.3MB

MD5
41aa33911872132f81b7d02bf4ead305

SHA1
92b3cde5d3f01ecbf91d6256dc897a48e16e9fa7

SHA256
fa9d0b5753635c0c5e06da2b28f5467b8dccc602fa195b84ad840a9d259be1c6

SHA512
4f6d338ff5838054416851487eed22993ecb2a4822a4ada426f5c83f6671ccc400fe372e568b29832dccf627acdecb24b64d64de382ec1474636aa552831ee71

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\d3dcompiler_47.dll

Filesize
2.6MB

MD5
ac3b4e5a0367d0cfcd869449b7e3f499

SHA1
cac6bb4f88b017f3d3453b94feff5918419da054

SHA256
014be8e99e963491db66bbccbf23668510227f87ebb603484f3d3d49c20955fc

SHA512
1631a1e34b2b304549fc6d2f549e8cbb45e07de4b5cce29d8fce9bd87ff8aef97ec9c102130415b449287e75d18d89b2188c838f96255dd5e174d2052cead1f1

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\ffmpeg.dll

Filesize
1015KB

MD5
7408b7aef15cdde6879075a2f59c446e

SHA1
0d4f5ef2e251d1705618b7512d4fba43b5671db4

SHA256
127cf17ca450f030bbd429384bf69df11ee0e1e3537e6b2d02a50e2a5ecc26ac

SHA512
78fe27f85bb66895cb84bfedddf506284016633077ee5d06594dd3af33d95ffbc5e8e0daefe35e6d3e6ac65d80195219f7908140e011d109f6237ca9a3611d7a

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\ffmpeg.dll

Filesize
1024KB

MD5
a23b616861956901721c52bdb0540f1a

SHA1
5fc1a1d43bfe61bb02c29d5200db7e234567b5ee

SHA256
43b0ab171ce28f95257236fb0d961f8909213ebefe955b0ea7483c859a0e6007

SHA512
df751243f119fd213e9cca1b4af0225d2c26f95be47a9afb7068ef85396e2ee83e0033553ef22a4db457bc368baf53caae8c74ad7ff62130b9a3903c89718142

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\ffmpeg.dll

Filesize
3.1MB

MD5
ffd6e2a087f1ba07275c45b8e3579a8d

SHA1
ba8bbc8ead3e47390130f06dc492b2ca11b7b273

SHA256
39627374115d035b5a7dbad81d5034397b166e1dda73009b556c901723bb7a1c

SHA512
a48ea5fff434a7ce3a8a35653c5f681a21cab60f70ace710519cc821842764603cc5f0183ee81e3521659e81ef54ec801fb101dc657d40fc7402c1cd2bef960e

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\ffmpeg.dll

Filesize
2.8MB

MD5
130d6d2a3cb32fcff35c977f0ffa8391

SHA1
ed12689274e3a4e3bf268f13624c360098759c7b

SHA256
417494d1a12e1a3184d98e4023a427528611a0ae7e3270c1aa7effbcf29e48a0

SHA512
ea51b94da721ecbdeef111777d31fb6fe04ab9c350cea5a279b66c747f7fc915c18fb9c26e860e80efebffbf976df592a22cca1cd7a62053569b82db2daf775d

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\ffmpeg.dll

Filesize
2.3MB

MD5
b198073fb25dc4a1471c54a9a64971e3

SHA1
bdaa46c531060d40b96bb2af70a4bebc2c88a095

SHA256
163e14348a4b541c5c6294a0b8f687829f12f7db82ae82a607738233e9cc29fb

SHA512
8902334f3f27e24d686de6c4cb8e551caffda4805c3b893718da67ce14f06ec61344d3a3611549a200b7a20c1849ad69e6561f7beea343921f51477741fa7784

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\icudtl.dat

Filesize
8.4MB

MD5
55c088db1bf8afe61e9f8e9570f418ae

SHA1
0be418691a060341167278d15ad2b7604a759627

SHA256
7967ef0199095c705aee36df3b7d2fc4a83e8a1d8ce6223334991a58a2b063c7

SHA512
9825570afac85b7bb4424b227f1c9d70b3f5f007ce7043c218ea02045b5104190c7b4cdb30bd7a791ba373815188248af139792be2fb84c9de855d3e01817d2f

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\libEGL.dll

Filesize
394KB

MD5
eac862a9127d274648e60351ce3664e6

SHA1
ff679537400f9c604870ebaba4c06057ec6b82a2

SHA256
1b18dbfe91b53e37297c6817ee62cf540a71639e40ff5a5a887e82352bfdc939

SHA512
3b776213401bbb75ce64046cfe2018fcb19d6b32bf7bedf2efe84e351b199abe14521e83792220d3506f803dbf6b1f9c171f38ed4d3cec1e3cabdcfc1ba18c01

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\libGLESv2.dll

Filesize
2.5MB

MD5
e8a3f4adb3ed981efb25b03314c74a93

SHA1
0315e1bfe5ff8d871c8ba48c9f456e1caf86b59e

SHA256
d20fba17980370a2fddfb829997886d2f5920a14fc94e95540342954c1130eaf

SHA512
2ed0335c8f98b1b9f4e1abdd6d43b1b23e699977e53dad55901bd8aaa7acce217575c29806468cac7a3edd2a891c41f0fe4419c4dddc1732ebb364447fed2991

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\libglesv2.dll

Filesize
2.2MB

MD5
19fd9418e928fc3af2ac0e2db2896fca

SHA1
f0136a432c00d2c3306879443f86e63e42e798f5

SHA256
a077f2f8b8218177ff44b9722a57fb581b132756b50e387845fd5c284f22c442

SHA512
de0a002c15724eab4c92f1966632c781662022917025be7d0256dca3843732685fbbef4dde433403585fcf87404f98804dd76ef08c33b568af32dbdee4401cba

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\resources.pak

Filesize
3.4MB

MD5
6a19328c8831d1619c4dfe82b900d4f3

SHA1
3b47b07f559625c7a004465ddac72074fbf62e73

SHA256
72eb08910dc5228e73f2587bf4b52affd2139c024a7018571030ca214fe50bcf

SHA512
a676607ebe8a181f1eecb8d4d1dad5407d3099c5c5e453fd575bf6607df60ca9079be702c8cf4fda88d44a6d030c57477bb4130a9dc05385eeda86638599bcda

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\resources\app.asar

Filesize
6.3MB

MD5
c5d53638a017f91ae986ef30328243d1

SHA1
9c91da7b9b6bb994479679d0e01c372555cdc9e0

SHA256
e6710756eeeac433df224584f84ca19d2537906143eb9b1c845e0af3ac45b145

SHA512
0aa12b36aabda71e9701a462bdef0aefa96e51c450bda152f8ae201c8cc7fcec4adf869a8649e828897d316de2391510fdc1523fc376f5a39a9f3639fd6ef554

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\resources\build_info.json

Filesize
83B

MD5
154fa0d6729df74a2f342517a229ee17

SHA1
b1374448243a4dccaa368746b71d13baa0fe83ca

SHA256
4dc5d5ea381964db913c5fc2c5e2bf4d35bdc591f6008e72bea2fb80504d98f5

SHA512
d1205aab830d68f63ccf26ee7f7136acc37b53e073b28ef48e649fd7e92c9df41eada31327c7bb0b006c74a03c44f81113ff1f6eb75184e39944cde8ec987cdb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\v8_context_snapshot.bin

Filesize
585KB

MD5
3f6f227dc46c0d5262cd6ca9bb7703e5

SHA1
c8bc76f93cc6305e70f2041a52acfa6c44e9889b

SHA256
869f5e88fb5e04840f035fc1c3f688e94499c8514bd053c9979413ebb8de4611

SHA512
566394fef910b8edeb04c7f5c172ce9b361478275463f7eee4b5611536241431fa7638e47e5ac4b9df7467c98b120869b4e4f87e46628b40dae5685897cd256c

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\vk_swiftshader.dll

Filesize
2.5MB

MD5
ce2389c60808fb2f8e488198a0f7eb0f

SHA1
7127bebb93abe13365f38f78b9089e9b58d07afd

SHA256
b7cfaa9ab22bba29361b07f9ae3faac31512fcc3c0d6ea041054984a55a36540

SHA512
2183f1ca4e5c43b63e03ba15a4d4de9102b02fdf1a837b6da71d5d9af7ea1da95656508f875ea14f2b74588433f1fde07bda9ca2cdf84ebd098f9f0d3f40737a

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9032\vk_swiftshader.dll

Filesize
2.1MB

MD5
7c0c4c6766dd798579fbc6d18d62b5b0

SHA1
a46da83b063b2c1ee74e841ea3ad96e2201113fb

SHA256
96a01b77bb484c8def796c72e0759769162ba84dbbbb18b78fb695780b82b182

SHA512
caef380e2db6598af4be01cd8dee3ee31ca5b3abd412f1d0eaa02a39a89f0d2f2131c4f4ff89a68a5eb3f97d432c4b5003c7d184d006c01ec334b1ee4f231a91

Download Submit
C:\Users\Admin\AppData\Local\Discord\packages\Discord-1.0.9032-full.nupkg

Filesize
2.7MB

MD5
f06b60a5044dfaa678acae04179bfcb0

SHA1
e3a3405a318f48da4f297fdda7477eb3a63886d8

SHA256
3a02f38c18e9294e1c30c50da208ca163afadd0c932bc6725080f0b68854e7db

SHA512
066e31c2b064f5aa3bbf9b0740a4a5815cac5dbfac9355f531c269a940275c0405cfa6a51cb711302bdad1f42d5f668a545e7e0eeef0c76677b3ff5707bf9cec

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9032-full.nupkg

Filesize
82.6MB

MD5
ac2189d159b23886e0e7ae5616c5311c

SHA1
442cfbe5ddca187d375431e1d85afa4dfbc2a8bf

SHA256
de13e17014243af820b4366cf353d161259644ac78c29ead841c9afa3b309fd2

SHA512
c684bf88696fe69085aa59dc216499285946be1be2f38e9df8ae2a9235e3e57350fa2185afef666b9d91f2721974b3360d2760a324aedda16602916a1915b14c

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
ae5c63df2f52fa8ef3530af1135449b5

SHA1
269077ed0169fba60e5b9fd2c0c697b67b94afe1

SHA256
236cf449a70a058f0c7a10cff001bd9d5984417c2dad8b2f92a7a391f0519c20

SHA512
2b037bbf8a7060bdc69fac1903453d41dab05deeb70f57906c2b51f933fdac7aa7a010a15a8fd5923dd0d234dd748d537380d1d22eb6cab571a6b958ac37bd44

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
28f41e3c6b07465128bde253d66164d0

SHA1
e4f1e108d30da01be709882e378a4b42c1b21e19

SHA256
85da3ea63342c060f421988ea402e40091035fdaa5e85e93a62789a4740b314d

SHA512
1c0633ced4076005967a01712450e73c18618ef983bf37ffa804ae10c822fded1ae55260e02c2175ced130cfb7825bc5af35072156295a832f8cc53bb7e4d43c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1832-198-0x000000000F7A0000-0x000000000F7A8000-memory.dmp

Filesize
32KB

Download
memory/1832-314-0x0000000073F70000-0x0000000074721000-memory.dmp

Filesize
7.7MB

Download
memory/1832-11-0x00000000029A0000-0x00000000029B0000-memory.dmp

Filesize
64KB

Download
memory/1832-316-0x00000000029A0000-0x00000000029B0000-memory.dmp

Filesize
64KB

Download
memory/1832-315-0x00000000029A0000-0x00000000029B0000-memory.dmp

Filesize
64KB

Download
memory/1832-199-0x000000000F820000-0x000000000F858000-memory.dmp

Filesize
224KB

Download
memory/1832-202-0x00000000058F0000-0x00000000058FE000-memory.dmp

Filesize
56KB

Download
memory/1832-10-0x0000000073F70000-0x0000000074721000-memory.dmp

Filesize
7.7MB

Download
memory/1832-9-0x0000000000260000-0x00000000003D6000-memory.dmp

Filesize
1.5MB

Download
memory/1832-205-0x00000000029A0000-0x00000000029B0000-memory.dmp

Filesize
64KB

Download
memory/2036-226-0x0000000073F70000-0x0000000074721000-memory.dmp

Filesize
7.7MB

Download
memory/2036-291-0x0000000073F70000-0x0000000074721000-memory.dmp

Filesize
7.7MB

Download
memory/2036-242-0x0000000004CD0000-0x0000000004CE0000-memory.dmp

Filesize
64KB

Download
memory/2036-240-0x00000000025A0000-0x00000000025C0000-memory.dmp

Filesize
128KB

Download