Analysis Overview
SHA256
ccd1b73aa774e3deefb7672629099eec167b130521b9036b553af6e46ffdbe3f
Threat Level: Shows suspicious behavior
The file DiscordSetup.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads local data of messenger clients
Adds Run key to start application
Checks computer location settings
Executes dropped EXE
Checks installed software on the system
Loads dropped DLL
Enumerates physical storage devices
Checks processor information in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies registry key
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 18:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 18:19
Reported
2024-04-03 18:39
Platform
win7-20240221-en
Max time kernel
121s
Max time network
134s
Command Line
Signatures
Checks installed software on the system
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --squirrel-install 1.0.9039
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --squirrel-firstrun
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl.discordapp.net | udp |
| US | 104.18.48.115:80 | dl.discordapp.net | tcp |
Files
\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | f41538e41528534513d514dab4766ef1 |
| SHA1 | c12f27a11dc965097768760ca89521f18b6f88bb |
| SHA256 | efc81c7e0c2df31b7f7d79910aa2129703d6d19771e74d0978eecd84a0f4c8ef |
| SHA512 | b23319ec5fbcaa07a67d7bf5697653d867e56c9d83ed9134c7403ed4f26637ecf0c72024c26898926d88581b02c89a6877f012a7940202e82e9b9fd0ee01a6f0 |
memory/2600-11-0x00000000003A0000-0x0000000000516000-memory.dmp
memory/2600-12-0x0000000073ED0000-0x00000000745BE000-memory.dmp
memory/2600-13-0x0000000004CD0000-0x0000000004D10000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
| MD5 | 08cb640b720c5d7b6fce3da10cff52df |
| SHA1 | 27eaf8eef5d4b0a0d7231fefb0117f5ef05b6b84 |
| SHA256 | a5597ddbea7f4a6719f343e223520fe4b5385e3a9da12de043c48d7e6353c93a |
| SHA512 | 6dcfaa05a0e9377b01541117e70246cd35d9029b219f7bdecdb5b7db61818b1ffb24dd4345067f89a1630f5efbffe58e8be31821ae09418d0af4850c9e3d8b3d |
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9039-full.nupkg
| MD5 | f6d21fe975682d7d6b33dda9c7006892 |
| SHA1 | 3f219786844dcfe32c239d21ca36d38c6d6672c6 |
| SHA256 | 41f3d369df1e1412dc5b6eabd03a0912fc94628f3c78346d4f31950925ed7b2c |
| SHA512 | 1d3c603c9f6d9896b01457a97f3455d8abd3bf6d9523c880508d9f984bf4d1b9f7139da03cbe74dbf7264f9e5ecfe1467875209613dc7c32b1e08fed6a17c1d1 |
memory/2600-27-0x0000000073ED0000-0x00000000745BE000-memory.dmp
memory/2600-28-0x0000000004CD0000-0x0000000004D10000-memory.dmp
memory/2600-40-0x00000000007E0000-0x00000000007EA000-memory.dmp
memory/2600-41-0x00000000007E0000-0x00000000007EA000-memory.dmp
memory/2600-51-0x0000000004CD0000-0x0000000004D10000-memory.dmp
memory/2600-48-0x0000000004CD0000-0x0000000004D10000-memory.dmp
\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
| MD5 | 8da0897af3eb019033f585bd8e64b296 |
| SHA1 | 287de02175312f99f536ee2b26a152903eaae2e4 |
| SHA256 | 0ee2942b11493f4947a2b1e244c34acd4f1f00b0677c91f9a07557ac84cb0774 |
| SHA512 | 1caac9456db6796164531cf1f031162e280a24612cde57b16bd715d8308ddfb45e715cc4605da216a032f98abebc59058d813ec5869fe9a39bc5677ab9fb9a07 |
memory/2600-208-0x00000000007E0000-0x00000000007EA000-memory.dmp
memory/2600-209-0x00000000007E0000-0x00000000007EA000-memory.dmp
memory/2600-210-0x0000000004CD0000-0x0000000004D10000-memory.dmp
memory/2600-211-0x0000000004CD0000-0x0000000004D10000-memory.dmp
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\ffmpeg.dll
| MD5 | 55edcca632b1a22e36d348932765600b |
| SHA1 | 8570a38b48b90bfff3a0bce4771d80a1668dbc75 |
| SHA256 | 7c1749d47f64a46b2f1e658b99083b5444f1f405da6125f10fe335059de7a10a |
| SHA512 | f30d3b9a05ebece5c2997c5b9f055ccf3fa30f929b2039af5d8c72f15b11a996acb669f51800d9ffd3409d7705caf807ddba374f72735e010bb57d6023b285f6 |
memory/2600-230-0x0000000073ED0000-0x00000000745BE000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 18:19
Reported
2024-04-03 18:39
Platform
win10v2004-20240226-en
Max time kernel
148s
Max time network
154s
Command Line
Signatures
Reads local data of messenger clients
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9039\\Discord.exe\" --url -- \"%1\"" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Discord | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Discord | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Discord\URL Protocol | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9039\\Discord.exe\",-1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Discord | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Discord\ = "URL:Discord Protocol" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Discord\DefaultIcon | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Discord\shell\open\command | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Discord\shell | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Discord\shell\open | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --squirrel-install 1.0.9039
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9039 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=28.2.7 --initial-client-data=0x528,0x52c,0x530,0x524,0x534,0x827800c,0x8278018,0x8278024
C:\Users\Admin\AppData\Local\Discord\Update.exe
C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1948 --field-trial-handle=1952,i,15242475349511559386,10096802058289808418,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
"C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2184 --field-trial-handle=1952,i,15242475349511559386,10096802058289808418,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe\",-1" /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe\" --url -- \"%1\"" /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | f41538e41528534513d514dab4766ef1 |
| SHA1 | c12f27a11dc965097768760ca89521f18b6f88bb |
| SHA256 | efc81c7e0c2df31b7f7d79910aa2129703d6d19771e74d0978eecd84a0f4c8ef |
| SHA512 | b23319ec5fbcaa07a67d7bf5697653d867e56c9d83ed9134c7403ed4f26637ecf0c72024c26898926d88581b02c89a6877f012a7940202e82e9b9fd0ee01a6f0 |
memory/4416-9-0x0000000000120000-0x0000000000296000-memory.dmp
memory/4416-10-0x00000000744A0000-0x0000000074C50000-memory.dmp
memory/4416-11-0x0000000004BB0000-0x0000000004BC0000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
| MD5 | 08cb640b720c5d7b6fce3da10cff52df |
| SHA1 | 27eaf8eef5d4b0a0d7231fefb0117f5ef05b6b84 |
| SHA256 | a5597ddbea7f4a6719f343e223520fe4b5385e3a9da12de043c48d7e6353c93a |
| SHA512 | 6dcfaa05a0e9377b01541117e70246cd35d9029b219f7bdecdb5b7db61818b1ffb24dd4345067f89a1630f5efbffe58e8be31821ae09418d0af4850c9e3d8b3d |
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9039-full.nupkg
| MD5 | f6d21fe975682d7d6b33dda9c7006892 |
| SHA1 | 3f219786844dcfe32c239d21ca36d38c6d6672c6 |
| SHA256 | 41f3d369df1e1412dc5b6eabd03a0912fc94628f3c78346d4f31950925ed7b2c |
| SHA512 | 1d3c603c9f6d9896b01457a97f3455d8abd3bf6d9523c880508d9f984bf4d1b9f7139da03cbe74dbf7264f9e5ecfe1467875209613dc7c32b1e08fed6a17c1d1 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
| MD5 | 8da0897af3eb019033f585bd8e64b296 |
| SHA1 | 287de02175312f99f536ee2b26a152903eaae2e4 |
| SHA256 | 0ee2942b11493f4947a2b1e244c34acd4f1f00b0677c91f9a07557ac84cb0774 |
| SHA512 | 1caac9456db6796164531cf1f031162e280a24612cde57b16bd715d8308ddfb45e715cc4605da216a032f98abebc59058d813ec5869fe9a39bc5677ab9fb9a07 |
memory/4416-198-0x000000000FAB0000-0x000000000FAB8000-memory.dmp
memory/4416-199-0x0000000010330000-0x0000000010368000-memory.dmp
memory/4416-200-0x0000000005350000-0x000000000535E000-memory.dmp
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\ffmpeg.dll
| MD5 | 55edcca632b1a22e36d348932765600b |
| SHA1 | 8570a38b48b90bfff3a0bce4771d80a1668dbc75 |
| SHA256 | 7c1749d47f64a46b2f1e658b99083b5444f1f405da6125f10fe335059de7a10a |
| SHA512 | f30d3b9a05ebece5c2997c5b9f055ccf3fa30f929b2039af5d8c72f15b11a996acb669f51800d9ffd3409d7705caf807ddba374f72735e010bb57d6023b285f6 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\v8_context_snapshot.bin
| MD5 | 5e59b98c444e66f981b8605636e88efd |
| SHA1 | 78ce5d12ef8d76e5de09873eec59657a5b3964ee |
| SHA256 | 457167b96cf7cb9d80bf5f74976314b465439adb0563ed820be15d848f3daf66 |
| SHA512 | 9401047fb86cd7d9b9aeea72bc3b7981b834e914d7ecc19ef2f787ccf946548a95241b89d508372caad6a7cc157e2be6fa931d952f836404b7c0c5abe4ca614b |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\icudtl.dat
| MD5 | e0f1ad85c0933ecce2e003a2c59ae726 |
| SHA1 | a8539fc5a233558edfa264a34f7af6187c3f0d4f |
| SHA256 | f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb |
| SHA512 | 714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28 |
memory/4416-207-0x0000000004BB0000-0x0000000004BC0000-memory.dmp
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\resources\app.asar
| MD5 | a3fae9e385d9b80ea269c68bbdb97e41 |
| SHA1 | e5ab851e94104edcf4751b1c1b4312dbcfbf8214 |
| SHA256 | 3674c0eb2a447e6449ba819e04d493a1f4284c587739f0611a19bb4ab236ba65 |
| SHA512 | a5cf45bae5c9ebd397504ccac18d3187a6034c1022b62bd7780f070460f8fb6d44aee08e1af964bd4cbcfab3c6263d8348740274a81f16483b6a4d76b2c73a2b |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\resources\build_info.json
| MD5 | 2975d2275891f5984e461bdf7c5ac170 |
| SHA1 | c324f18d726e6591e56b2117703b2d23e1d335df |
| SHA256 | 415f673c0b3933f8bd08e30421b85f0d75f2f2339bd3e4a29f85fc5c7c98f457 |
| SHA512 | 31f50d242ab3cd59fea7ebc22368f6b42574602ee5abd2905ecc3722cf40fad590c30028e6aa2c2b2be64d5954c09086bdb89900e8d47e3f60ab5dcd1e2a1e28 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\app.ico
| MD5 | 084f9bc0136f779f82bea88b5c38a358 |
| SHA1 | 64f210b7888e5474c3aabcb602d895d58929b451 |
| SHA256 | dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43 |
| SHA512 | 65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb |
memory/3736-219-0x00000000744A0000-0x0000000074C50000-memory.dmp
memory/3736-220-0x0000000005A50000-0x0000000005A60000-memory.dmp
memory/3736-223-0x0000000005970000-0x0000000005990000-memory.dmp
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\resources.pak
| MD5 | e9056386a2b4edac9f0ffa829bc0cfa0 |
| SHA1 | f8d4b8289ebb088c9997a1fde1c2f12aedd6c82e |
| SHA256 | 546456d9a1328836a99876824f3beb7279f38403cd001515f5d9eb204939e57c |
| SHA512 | c49e832e5c16a1846ea882395e83f9cbe9f4f6b44be9f0c7276d0a4495b88091bd95593c5e167dba853834058d7ca823db60d2fac73434ed952b7064b2daf6da |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\locales\en-US.pak
| MD5 | 809b600d2ee9e32b0b9b586a74683e39 |
| SHA1 | 99d670c66d1f4d17a636f6d4edc54ad82f551e53 |
| SHA256 | 0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb |
| SHA512 | 9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\chrome_200_percent.pak
| MD5 | 47668ac5038e68a565e0a9243df3c9e5 |
| SHA1 | 38408f73501162d96757a72c63e41e78541c8e8e |
| SHA256 | fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32 |
| SHA512 | 5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\chrome_100_percent.pak
| MD5 | 4fc6564b727baa5fecf6bf3f6116cc64 |
| SHA1 | 6ced7b16dc1abe862820dfe25f4fe7ead1d3f518 |
| SHA256 | b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb |
| SHA512 | fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\libglesv2.dll
| MD5 | 5dbf4a2b443fbe52d9b80511ea0b94cc |
| SHA1 | a4a3d31f9d2902c455e9e5e1fab931fd6108272e |
| SHA256 | 53cd9f341abe29b5b53c58a9060087551685385cc18bf5c8c25b54cf8773d499 |
| SHA512 | e30aaaaeaf42250b45d8a867352af6aec33dd81bbd7eeb72fae17f6a8050cf7aeacba9ab08c3a5ea489a030738474909d97210f56f0222165b8c9a645540514a |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\libEGL.dll
| MD5 | 42c5ffe970aa12c10e5a45f837a033d9 |
| SHA1 | 0b0d82cebe169768c892c7bbfcc0346db47da4a7 |
| SHA256 | 3eafdd2a558f1110606e4c95b5f2efac0536bb0005d5bd9f68957d3e866771c6 |
| SHA512 | 83de7c9638ac8e6ac2d34c87917dfc8aa309dfbec54e56b327384a47d959ce53207c2c214a2a42f44a6f9c524448f0cb405cbdcf9319f70a616da332dcaac0f5 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\vk_swiftshader.dll
| MD5 | d045ce8fac358f6ca98e61ea86787f67 |
| SHA1 | 71ce4486853720deaa43df67c1768e93e76f57c0 |
| SHA256 | 0c75f2949da407561083ab79a3122152f69aa1ceb6d4df919fc2a277ba56c33b |
| SHA512 | 273308a6e0b094171aaa1cf445ef88c0449b54be69529532fcbe91d6742cac28ff5145f482130f9e7f2f528899bd4844d05e9c51b70e2334ed420e2e31d19fee |
\??\pipe\crashpad_2476_UMWPTSEZUFABNDFH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\d3dcompiler_47.dll
| MD5 | 08ac37f455e0640c0250936090fe91b6 |
| SHA1 | 7a91992d739448bc89e9f37a6b7efeb736efc43d |
| SHA256 | 2438b520ac961e38c5852779103734be373ee2b6d1e5a7a5d49248b52acc7c4d |
| SHA512 | 35a118f62b21160b0e7a92c7b9305da708c5cbd3491a724da330e3fc147dde2ca494387866c4e835f8e729b89ee0903fd1b479fcc75b9e516df8b86a2f1364c8 |
memory/3736-293-0x00000000744A0000-0x0000000074C50000-memory.dmp
memory/4416-317-0x00000000744A0000-0x0000000074C50000-memory.dmp
memory/4416-318-0x0000000004BB0000-0x0000000004BC0000-memory.dmp
memory/4416-319-0x0000000004BB0000-0x0000000004BC0000-memory.dmp