ccd1b73aa774e3deefb7672629099eec167b130521b9036b553af6e46ffdbe3f

Analysis

max time kernel
86s
max time network
137s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
04/04/2024, 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiscordSetup.exe
Size

94.6MB
MD5

c08f6fd1027cf7216bf6a4bb94a7e54a
SHA1

83f3d43ddcbe887144ad804bec9527bc36b56b49
SHA256

ccd1b73aa774e3deefb7672629099eec167b130521b9036b553af6e46ffdbe3f
SHA512

2f9f6b61750bdc95df74efcd735cf4696a23dab40b1fb0c799a0ba5fc02a08610c0925c3710cd70a99bf9a0a09e69fb934a80c3dd5e773d50ae9598d169fb06b
SSDEEP

1572864:hYLmKqR1jtc9bcgQxZYuxsQZonARqnz2a/XmC+fpjPkkyuJzI886/GJ+5lGoHGw:hYLmKYc9beZFh8z7/2xPW6+c7G2Gw

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	discord.com
32	discord.com

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	Discord.exe

Executes dropped EXE 11 IoCs

pid	Process
2924	Update.exe
3016	Discord.exe
1020	Discord.exe
2136	Update.exe
3684	Discord.exe
3616	Discord.exe
2108	Discord.exe
3316	Discord.exe
4596	Discord.exe
3580	Discord.exe
4304	Discord.exe

Loads dropped DLL 18 IoCs

pid	Process
3016	Discord.exe
1020	Discord.exe
3684	Discord.exe
3616	Discord.exe
3684	Discord.exe
3684	Discord.exe
3684	Discord.exe
3684	Discord.exe
2108	Discord.exe
3316	Discord.exe
2108	Discord.exe
4596	Discord.exe
4596	Discord.exe
4596	Discord.exe
4596	Discord.exe
4596	Discord.exe
3580	Discord.exe
4304	Discord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Discord\DefaultIcon	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9039\\Discord.exe\",-1"	reg.exe

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
4900	reg.exe
4856	reg.exe
4172	reg.exe
3848	reg.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3016	Discord.exe
3016	Discord.exe
3016	Discord.exe
3016	Discord.exe
3016	Discord.exe
3016	Discord.exe
3016	Discord.exe
3016	Discord.exe
3016	Discord.exe
3016	Discord.exe
2108	Discord.exe
2108	Discord.exe
2108	Discord.exe
2108	Discord.exe
2108	Discord.exe
2108	Discord.exe
2108	Discord.exe
2108	Discord.exe
2108	Discord.exe
2108	Discord.exe

Suspicious use of AdjustPrivilegeToken 35 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeShutdownPrivilege	3016	Discord.exe
Token: SeCreatePagefilePrivilege	3016	Discord.exe
Token: SeDebugPrivilege	2924	Update.exe
Token: SeShutdownPrivilege	2108	Discord.exe
Token: SeCreatePagefilePrivilege	2108	Discord.exe
Token: SeShutdownPrivilege	2108	Discord.exe
Token: SeCreatePagefilePrivilege	2108	Discord.exe
Token: SeShutdownPrivilege	2108	Discord.exe
Token: SeCreatePagefilePrivilege	2108	Discord.exe
Token: SeShutdownPrivilege	2108	Discord.exe
Token: SeCreatePagefilePrivilege	2108	Discord.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2924	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 2924	3860	DiscordSetup.exe	80
PID 3860 wrote to memory of 2924	3860	DiscordSetup.exe	80
PID 3860 wrote to memory of 2924	3860	DiscordSetup.exe	80
PID 2924 wrote to memory of 3016	2924	Update.exe	81
PID 2924 wrote to memory of 3016	2924	Update.exe	81
PID 2924 wrote to memory of 3016	2924	Update.exe	81
PID 3016 wrote to memory of 1020	3016	Discord.exe	82
PID 3016 wrote to memory of 1020	3016	Discord.exe	82
PID 3016 wrote to memory of 1020	3016	Discord.exe	82
PID 3016 wrote to memory of 2136	3016	Discord.exe	83
PID 3016 wrote to memory of 2136	3016	Discord.exe	83
PID 3016 wrote to memory of 2136	3016	Discord.exe	83
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3684	3016	Discord.exe	84
PID 3016 wrote to memory of 3616	3016	Discord.exe	85
PID 3016 wrote to memory of 3616	3016	Discord.exe	85
PID 3016 wrote to memory of 3616	3016	Discord.exe	85
PID 2924 wrote to memory of 2108	2924	Update.exe	87
PID 2924 wrote to memory of 2108	2924	Update.exe	87
PID 2924 wrote to memory of 2108	2924	Update.exe	87
PID 2108 wrote to memory of 3316	2108	Discord.exe	88
PID 2108 wrote to memory of 3316	2108	Discord.exe	88
PID 2108 wrote to memory of 3316	2108	Discord.exe	88
PID 2108 wrote to memory of 4596	2108	Discord.exe	89
PID 2108 wrote to memory of 4596	2108	Discord.exe	89
PID 2108 wrote to memory of 4596	2108	Discord.exe	89
PID 2108 wrote to memory of 4596	2108	Discord.exe	89
PID 2108 wrote to memory of 4596	2108	Discord.exe	89
PID 2108 wrote to memory of 4596	2108	Discord.exe	89
PID 2108 wrote to memory of 4596	2108	Discord.exe	89
PID 2108 wrote to memory of 4596	2108	Discord.exe	89
PID 2108 wrote to memory of 4596	2108	Discord.exe	89
PID 2108 wrote to memory of 4596	2108	Discord.exe	89
PID 2108 wrote to memory of 4596	2108	Discord.exe	89
PID 2108 wrote to memory of 4596	2108	Discord.exe	89

C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe
"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --squirrel-install 1.0.9039
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3016
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
      C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9039 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=28.2.7 --initial-client-data=0x538,0x53c,0x540,0x530,0x544,0x876800c,0x8768018,0x8768024
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1020
  - - C:\Users\Admin\AppData\Local\Discord\Update.exe
      C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
      4⤵
      Executes dropped EXE
      PID:2136
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1928 --field-trial-handle=1932,i,5793446640823842763,5500865195555398080,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3684
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2088 --field-trial-handle=1932,i,5793446640823842763,5500865195555398080,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3616
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --squirrel-firstrun
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
      C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9039 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=28.2.7 --initial-client-data=0x528,0x52c,0x530,0x520,0x534,0x876800c,0x8768018,0x8768024
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3316
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1872 --field-trial-handle=1876,i,14131955604140385051,11182596912787022663,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4596
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=1980 --field-trial-handle=1876,i,14131955604140385051,11182596912787022663,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3580
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4900
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2756 --field-trial-handle=1876,i,14131955604140385051,11182596912787022663,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4304
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4856
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe\",-1" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:4172
  - - C:\Windows\SysWOW64\reg.exe
      C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe\" --url -- \"%1\"" /f
      4⤵
      Modifies registry key
      PID:3848
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "chcp"
      4⤵
      PID:1304
    - - C:\Windows\SysWOW64\chcp.com
        
        chcp
        5⤵
        
        PID:4736
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3984 --field-trial-handle=1876,i,14131955604140385051,11182596912787022663,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --enable-node-leakage-in-renderers /prefetch:1
      4⤵
      PID:3796
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3376 --field-trial-handle=1876,i,14131955604140385051,11182596912787022663,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --enable-node-leakage-in-renderers /prefetch:1
      4⤵
      PID:1144
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe
        
        "\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe" nvidia
        5⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe
        
        "\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe" amd
        5⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe
        
        "\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe" intel
        5⤵
        
        PID:5972
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c ""C:\Windows/System32/nvidia-smi.exe""
        5⤵
        
        PID:1908
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=3724 --field-trial-handle=1876,i,14131955604140385051,11182596912787022663,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      PID:5248
  - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe
      "C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --mojo-platform-channel-handle=4116 --field-trial-handle=1876,i,14131955604140385051,11182596912787022663,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
      4⤵
      PID:5204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discordapp.com/handoff?rpc=6463&key=e0b1b67c-a7e5-4bdf-b10d-9c2264e2cf2a
      4⤵
      PID:3616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9af2d3cb8,0x7ff9af2d3cc8,0x7ff9af2d3cd8
        5⤵
        
        PID:3724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,5828838974822733644,10487413402705271458,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
        5⤵
        
        PID:4452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,5828838974822733644,10487413402705271458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
        5⤵
        
        PID:3552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,5828838974822733644,10487413402705271458,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
        5⤵
        
        PID:4256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,5828838974822733644,10487413402705271458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
        5⤵
        
        PID:5236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,5828838974822733644,10487413402705271458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
        5⤵
        
        PID:5208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,5828838974822733644,10487413402705271458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
        5⤵
        
        PID:5620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,5828838974822733644,10487413402705271458,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3328 /prefetch:8
        5⤵
        
        PID:2820
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,5828838974822733644,10487413402705271458,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3444 /prefetch:8
        5⤵
        
        PID:4900

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000440 0x000000000000047C
1⤵
PID:5260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\Discord.exe

Filesize
134.5MB

MD5
8da0897af3eb019033f585bd8e64b296

SHA1
287de02175312f99f536ee2b26a152903eaae2e4

SHA256
0ee2942b11493f4947a2b1e244c34acd4f1f00b0677c91f9a07557ac84cb0774

SHA512
1caac9456db6796164531cf1f031162e280a24612cde57b16bd715d8308ddfb45e715cc4605da216a032f98abebc59058d813ec5869fe9a39bc5677ab9fb9a07

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\chrome_100_percent.pak

Filesize
163KB

MD5
4fc6564b727baa5fecf6bf3f6116cc64

SHA1
6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

SHA256
b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

SHA512
fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\chrome_200_percent.pak

Filesize
222KB

MD5
47668ac5038e68a565e0a9243df3c9e5

SHA1
38408f73501162d96757a72c63e41e78541c8e8e

SHA256
fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

SHA512
5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\d3dcompiler_47.dll

Filesize
3.9MB

MD5
08ac37f455e0640c0250936090fe91b6

SHA1
7a91992d739448bc89e9f37a6b7efeb736efc43d

SHA256
2438b520ac961e38c5852779103734be373ee2b6d1e5a7a5d49248b52acc7c4d

SHA512
35a118f62b21160b0e7a92c7b9305da708c5cbd3491a724da330e3fc147dde2ca494387866c4e835f8e729b89ee0903fd1b479fcc75b9e516df8b86a2f1364c8

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\ffmpeg.dll

Filesize
3.2MB

MD5
55edcca632b1a22e36d348932765600b

SHA1
8570a38b48b90bfff3a0bce4771d80a1668dbc75

SHA256
7c1749d47f64a46b2f1e658b99083b5444f1f405da6125f10fe335059de7a10a

SHA512
f30d3b9a05ebece5c2997c5b9f055ccf3fa30f929b2039af5d8c72f15b11a996acb669f51800d9ffd3409d7705caf807ddba374f72735e010bb57d6023b285f6

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\installer.db

Filesize
20KB

MD5
f2ddb1c9992532b36a55b910dc033e6c

SHA1
fe6fcde9762f50c52cde040a0fe52fb432017ff7

SHA256
bfd86153ef706f620b32b29771eadf3a0250060b915544161f2cb1a6bebd4877

SHA512
8bea919bec6d5f3e3c52354ffbc3530044cd1fd1f1129fda50c151df10ad6ef08bfc2343a81af975692ca92ddf6a54b5931e3786fd04fc57ee1f48ce51cda30a

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\libEGL.dll

Filesize
376KB

MD5
42c5ffe970aa12c10e5a45f837a033d9

SHA1
0b0d82cebe169768c892c7bbfcc0346db47da4a7

SHA256
3eafdd2a558f1110606e4c95b5f2efac0536bb0005d5bd9f68957d3e866771c6

SHA512
83de7c9638ac8e6ac2d34c87917dfc8aa309dfbec54e56b327384a47d959ce53207c2c214a2a42f44a6f9c524448f0cb405cbdcf9319f70a616da332dcaac0f5

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\libGLESv2.dll

Filesize
6.4MB

MD5
5dbf4a2b443fbe52d9b80511ea0b94cc

SHA1
a4a3d31f9d2902c455e9e5e1fab931fd6108272e

SHA256
53cd9f341abe29b5b53c58a9060087551685385cc18bf5c8c25b54cf8773d499

SHA512
e30aaaaeaf42250b45d8a867352af6aec33dd81bbd7eeb72fae17f6a8050cf7aeacba9ab08c3a5ea489a030738474909d97210f56f0222165b8c9a645540514a

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\locales\en-US.pak

Filesize
428KB

MD5
809b600d2ee9e32b0b9b586a74683e39

SHA1
99d670c66d1f4d17a636f6d4edc54ad82f551e53

SHA256
0db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb

SHA512
9dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\resources.pak

Filesize
5.1MB

MD5
e9056386a2b4edac9f0ffa829bc0cfa0

SHA1
f8d4b8289ebb088c9997a1fde1c2f12aedd6c82e

SHA256
546456d9a1328836a99876824f3beb7279f38403cd001515f5d9eb204939e57c

SHA512
c49e832e5c16a1846ea882395e83f9cbe9f4f6b44be9f0c7276d0a4495b88091bd95593c5e167dba853834058d7ca823db60d2fac73434ed952b7064b2daf6da

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\resources\app.asar

Filesize
6.3MB

MD5
a3fae9e385d9b80ea269c68bbdb97e41

SHA1
e5ab851e94104edcf4751b1c1b4312dbcfbf8214

SHA256
3674c0eb2a447e6449ba819e04d493a1f4284c587739f0611a19bb4ab236ba65

SHA512
a5cf45bae5c9ebd397504ccac18d3187a6034c1022b62bd7780f070460f8fb6d44aee08e1af964bd4cbcfab3c6263d8348740274a81f16483b6a4d76b2c73a2b

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\resources\build_info.json

Filesize
83B

MD5
2975d2275891f5984e461bdf7c5ac170

SHA1
c324f18d726e6591e56b2117703b2d23e1d335df

SHA256
415f673c0b3933f8bd08e30421b85f0d75f2f2339bd3e4a29f85fc5c7c98f457

SHA512
31f50d242ab3cd59fea7ebc22368f6b42574602ee5abd2905ecc3722cf40fad590c30028e6aa2c2b2be64d5954c09086bdb89900e8d47e3f60ab5dcd1e2a1e28

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\updater.node

Filesize
3.4MB

MD5
d6caf34b699b7c90a16276a7a4e80e74

SHA1
ee53185620f5a61f70408f1b79b8d38666dbf13a

SHA256
77b003656bbbd50620cd9400aff2dcc1a3484359af74d8c1d683c9cb69ac1930

SHA512
6a386a3c255be642d4ae84fd16ce7560749aca22ddf7bc6805acff82ac9a2a631b131b6a767ea1781ee7a9a2d5fa06390dc55655b35ddc1eb61ff2e902bef7ba

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\v8_context_snapshot.bin

Filesize
631KB

MD5
5e59b98c444e66f981b8605636e88efd

SHA1
78ce5d12ef8d76e5de09873eec59657a5b3964ee

SHA256
457167b96cf7cb9d80bf5f74976314b465439adb0563ed820be15d848f3daf66

SHA512
9401047fb86cd7d9b9aeea72bc3b7981b834e914d7ecc19ef2f787ccf946548a95241b89d508372caad6a7cc157e2be6fa931d952f836404b7c0c5abe4ca614b

Download Submit
C:\Users\Admin\AppData\Local\Discord\app-1.0.9039\vk_swiftshader.dll

Filesize
4.4MB

MD5
d045ce8fac358f6ca98e61ea86787f67

SHA1
71ce4486853720deaa43df67c1768e93e76f57c0

SHA256
0c75f2949da407561083ab79a3122152f69aa1ceb6d4df919fc2a277ba56c33b

SHA512
273308a6e0b094171aaa1cf445ef88c0449b54be69529532fcbe91d6742cac28ff5145f482130f9e7f2f528899bd4844d05e9c51b70e2334ed420e2e31d19fee

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\10a492fc20b9e768ad02faf3005c399ec45ee57881405a043cb8f2b663f53b7f

Filesize
9.4MB

MD5
53d02a77aa5921cdc17d8ba4de5c9b9f

SHA1
dc22b754ee3ec3b4db08d8de0dfa680e686c04ea

SHA256
10a492fc20b9e768ad02faf3005c399ec45ee57881405a043cb8f2b663f53b7f

SHA512
15c624014797972d5b1f64d070315faf6c316343ad1d4072bef12a07ce959e5345d2ac692831d455d423fc0579b196bca1a95f60df962ac589425ced0c003222

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\288fbd69d46ee7655c054ab17eadb0b78ea10c957fe37754b3976ac7e3d4ca51

Filesize
1.6MB

MD5
df16706a2d811d1ac325aaa5ee35ec79

SHA1
2a6b8536e444af7145ed2ce36a2043d811a92d7c

SHA256
288fbd69d46ee7655c054ab17eadb0b78ea10c957fe37754b3976ac7e3d4ca51

SHA512
fbda400025ce01775dc6a73f61251f35f106c702e62215563593e2de2c623ca0e85f688379c1c77ab07aea6b9f242e5bf8258f5e554cc3c6d8cd69285507d817

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\3544935742d583390dfffc8463c8a6e99c2b7dc94c300cc49c5cd765da1cc838

Filesize
1.4MB

MD5
f7b4bc7459e070caa16f8abfeb9533ed

SHA1
53da41dca3d098cfff8ef7369354a201bb604214

SHA256
3544935742d583390dfffc8463c8a6e99c2b7dc94c300cc49c5cd765da1cc838

SHA512
a617f7ff28c5d692a22e44fcf054cdd10b16488937632c9032f26c6d393df9ee4db8d00c3d39f7b2890e4aa19702bea91192dc9ced2fd64d9f343b207ebd3ab9

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\3f2952dd8d68ad1db475d663519d2f52f72384efeec8d0879c427f2c9cd2014c

Filesize
31KB

MD5
e2e753d139a7c78092fb2c7c631e0fca

SHA1
a499866709728efcb03f8e50b7bc1e32752e11ed

SHA256
3f2952dd8d68ad1db475d663519d2f52f72384efeec8d0879c427f2c9cd2014c

SHA512
34470f7afda5640463bddd8c2434bbe36d9eaddc6294e0060b10e422ffce3505a3b85d4db4dc8b1b0de0d62cd156a4824b75b6c2937587eb38cbb412a2667783

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\4885afd352b2fe799cb5bc1bf899473b8601c40c7f0277a97aee3f10ebbbe5fd

Filesize
1.6MB

MD5
32175f1616c9d1be440774969d1a82c8

SHA1
1bf27545834f6f5735302ce9303927b672cca7f0

SHA256
4885afd352b2fe799cb5bc1bf899473b8601c40c7f0277a97aee3f10ebbbe5fd

SHA512
f1a57ff4579ef82b80bb5503640f53329c99bb93497a27167027c1a2d62b303c155b2f8aeb92000e37f0f516e03862a6abc481a4735ca77c0f5f49fbec18bc83

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\4ce8f6a365e9aec3cb971903d4aed8a2b58a85b7d5fcb4c38249ce13b6cbf2b6

Filesize
415KB

MD5
aac2e496efdcfb9d23459f66d40d8f21

SHA1
5133c4785ea771a7130420e7ad9b606aa17ee65f

SHA256
4ce8f6a365e9aec3cb971903d4aed8a2b58a85b7d5fcb4c38249ce13b6cbf2b6

SHA512
95eb148f8e4271aa7407f89b5a827c309fd08f9183f0298685587fd5b2b9fce3da583daa1fdef4814938168bcffdf264c474defd6cae22ee19c289605f664e74

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\6dfbd96f0d6562965c8b4bfd7bf49088d6faabd76b0302a7aceebba2a66420f8

Filesize
193KB

MD5
9d18cb9986e82c72a6d8a00e82918029

SHA1
cfc9e5cdf39e714c96ce83d9bfe9b98024968657

SHA256
6dfbd96f0d6562965c8b4bfd7bf49088d6faabd76b0302a7aceebba2a66420f8

SHA512
4b51764f4e7966c171f9b3df7daeb0a6f8b191d352961ad0e02f0c04608c793e577ee82186e9e45bfe822cce883cd553df10ca0ebf91b6256adff060c99861e4

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\8248ea17b03ca1b0a8f0cdaa67a73f811e4bc0b292364f8d8c7a3d08d9d33813

Filesize
276KB

MD5
44195b079ffd6534ef0ff2a392c757aa

SHA1
11f925e294adeea077cb6b4260f24716df9fc941

SHA256
8248ea17b03ca1b0a8f0cdaa67a73f811e4bc0b292364f8d8c7a3d08d9d33813

SHA512
c01066ba24d6c9d5d76d7d9448c3ba67e8c6e4304386e013b04719fb99cbcf04b9cf1641da33cb22c5391e499a7f481869ceecb799fa695a233bbcbc5e9490b2

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\849a6620d6f9c67ce7ca7bafd069888963a99848035cbc4aa78b54ae75c571ce

Filesize
378KB

MD5
54bc30e5b9e6c0709e2e75699939b2f6

SHA1
fb63d36bd877a34f1bed04bf22b2abd8cef49523

SHA256
849a6620d6f9c67ce7ca7bafd069888963a99848035cbc4aa78b54ae75c571ce

SHA512
d369b1b4726de2fcbe6df396086c2913bfa2472f41c5c0ba8d84fccfc1230099c08cded9e264f36a4b4419bbf3a7a38c8ed0a1ba6a7b26c46b533db62be6121b

Download Submit
C:\Users\Admin\AppData\Local\Discord\download\b65e020558e6fce196b9da3b9b69ccc98f2a4f05107f5eda24fd4dad33ae44c8

Filesize
14.9MB

MD5
4cececac23d584578ed10ad43646237f

SHA1
6133f5e6bb11226359e64444eca37e7d265e1111

SHA256
b65e020558e6fce196b9da3b9b69ccc98f2a4f05107f5eda24fd4dad33ae44c8

SHA512
f67c9e0d679cbf611440731019de615fe549c95e49d40ad59682e2c4e9328d81a84e6795a469379a832f63ac25751a9430e7822397878b4c4568d3a84a7539ae

Download Submit
C:\Users\Admin\AppData\Local\Discord\packages\RELEASES

Filesize
73B

MD5
fc529593b1de685a3e09e9c2b5cb3d86

SHA1
c89184d3cf66ef865224a7fbc61856ceef13a3de

SHA256
95f7377b754fa791b9066fcc1380de05bb894f6c0d2b8c551f89c584f56be8d3

SHA512
390893a2c3b0a4149e0240c4ffdf163eb3beb6d1cf459058b1d21a3ae0c55cdfa44a3024b579dd33d43120256050af0dabf02999ccc7adf7f917c15e8d316964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2dc80f5403feb8461b7ffa09890d6a0

SHA1
d5b61e6d672e7e71571e0132e21cead181da8805

SHA256
eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a

SHA512
5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c48e8b68231fb5b2d7f1188b930bc0e

SHA1
1822aef5da8fdd47626fb91afcf79a2be175a325

SHA256
c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944

SHA512
2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
9dcfb256b63d83a3ecd69ee5013cded8

SHA1
c3064b0f9d1d38fcad87d0e66bcf5cdbee83f65a

SHA256
327e579253b6808259d55aae1f5b78a767a450af637940033d2bc6ea18eb5347

SHA512
3e5df33b3e7d52dae92f270afc0495a7352c3b8b2456a2a72b4398339b0b06cb0d93f6fd9ecaeffe2ee6a7281887acf65e40cd50eed7fd86123e6493c8dc79e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
251B

MD5
2b888d7f7f574da0a851404e2c3c3117

SHA1
4592249f049f5aed045c8acf6770e91b24278d3c

SHA256
6d914d1ddb4c5788216f5787efb5e94a9a3928e2953829857108ba0892021170

SHA512
1367659f249b3112ec96b2fba99219da9b3d3a5630fda59266108ee86029871774aa4f6a25d5c23c4190fc3825a5679bfaa6c69660756acafc6508850b7a837f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05219bb95cb7cd04b17ace0384307593

SHA1
33ba48e7619c99b5a2a2a01082667e4c422de078

SHA256
164b60b3aa6b41bad873b3ba265aa5cfa35943cac82a5af326c9faf99fb4b786

SHA512
d3cdbb7e5de08f41671bb1571b66454aa369212a9f69ba61a16099ea6fe4a38d1e1e49996a49a39bdbd11e537fa8d646e0f32464d1293ef6915707d67253f125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25b0be1d960817de0c5bf682c9df850a

SHA1
c96067218bb18040fb999c7f9f18c8dbfc76b8b1

SHA256
2369abb7e959a823c84ff819882d4a8e0c4dffe05f7aaa5caf59d6a6ceb1e55a

SHA512
6e982c29aa2393737f50d971b3c142b9f3a0352b7275d7647693636e5f389b6e9e27c30c3fd9a0394a6272af66aa4bd249fe670304d34c0783a1022b0ebb01e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
79a6f286b60147446900f765699484e1

SHA1
699b0823ee2bc49e9a4b570ade838072cd0b31aa

SHA256
70d6150d727e7fce43ea31d66d75d7045480c2aeff0fdd5014d4096e49aa2867

SHA512
eddb085dc3c7cd807b4c658e57b7da8681a4edac7086af3aec628bbfe933b5062f8c2e8d516891af1734145bee91f2965d65aac59cafa17475b7cd28e42d82c7

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9039-full.nupkg

Filesize
93.7MB

MD5
f6d21fe975682d7d6b33dda9c7006892

SHA1
3f219786844dcfe32c239d21ca36d38c6d6672c6

SHA256
41f3d369df1e1412dc5b6eabd03a0912fc94628f3c78346d4f31950925ed7b2c

SHA512
1d3c603c9f6d9896b01457a97f3455d8abd3bf6d9523c880508d9f984bf4d1b9f7139da03cbe74dbf7264f9e5ecfe1467875209613dc7c32b1e08fed6a17c1d1

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
08cb640b720c5d7b6fce3da10cff52df

SHA1
27eaf8eef5d4b0a0d7231fefb0117f5ef05b6b84

SHA256
a5597ddbea7f4a6719f343e223520fe4b5385e3a9da12de043c48d7e6353c93a

SHA512
6dcfaa05a0e9377b01541117e70246cd35d9029b219f7bdecdb5b7db61818b1ffb24dd4345067f89a1630f5efbffe58e8be31821ae09418d0af4850c9e3d8b3d

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
f41538e41528534513d514dab4766ef1

SHA1
c12f27a11dc965097768760ca89521f18b6f88bb

SHA256
efc81c7e0c2df31b7f7d79910aa2129703d6d19771e74d0978eecd84a0f4c8ef

SHA512
b23319ec5fbcaa07a67d7bf5697653d867e56c9d83ed9134c7403ed4f26637ecf0c72024c26898926d88581b02c89a6877f012a7940202e82e9b9fd0ee01a6f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk

Filesize
2KB

MD5
39ff8caab479897e0b7cd1433983896d

SHA1
6a2c30394cf41395b4fd2915fa1e1e25c37702e1

SHA256
7cf8e6fa1a202162eba17133c796745776ce0df86937306704b6a7dd241e9a4b

SHA512
833dc928a48eeb7197aec02ad12213039cbb45a49aac62526a4debae506df0d1a4a6927417b664e34431e160c2e7de97f01c86620eb5dd0862dca0d0445a126d

Download Submit
C:\Users\Admin\AppData\Roaming\discord\6c46abad-2576-4501-a6da-3f1e4d41b15b.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Cache\Cache_Data\index

Filesize
256KB

MD5
16dd1c9683c37174e56ec4ef7826827f

SHA1
0a5fcb8875a84c16c40d575668a71901865ba591

SHA256
6c5ccead06c72f8b7dd00581674163f582346bab1e2c711ea0a907feaee045fa

SHA512
c8107a236609855b3454a1c9a1fd1c366e0ca19823c63b0364f9a4e4c423fca8bb9e5ff355775b361c9196401e10702794a9295b2448a0b5422a05f5c59fea79

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.dat

Filesize
40B

MD5
62d011e8bd01c6ca966a009997f55d24

SHA1
d835f3399bd4551c71a19e8afe4b73d415194ae4

SHA256
42bfc464980a1eeb1541f4a204f2a941abbd6049022e61fb2857cb704b0e6932

SHA512
ff9c65bbc8354cc17a1b087c131f00d8b544af4b978f687535a9f201d057fa814f9db31caebdd98b0a5af93a039c0f9c87f7eb5b297742403b39e295930a8deb

Download Submit
C:\Users\Admin\AppData\Roaming\discord\DawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local State

Filesize
434B

MD5
3731624674c027a29256a16a6996b1db

SHA1
de9fd78f255c369d39b9185fa3951dd961b6ab64

SHA256
1c60c82f381b590a9562afb057c18b6c84dada6b76ef18d8ff0d01e99853a357

SHA512
b4dbea06496bc138ba9119adda4169da30e3e046ecbf6bc097aafa4a2c629f82eb195b51c2690aa3744beb929713eed12cfea525bcca9080e63d49ac6003d1a7

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local Storage\leveldb\LOG

Filesize
245B

MD5
8f00dd7abe61cd530ec315cde182ed09

SHA1
c8af73fb8d03babe3c68fa237187d6449e5121e0

SHA256
389215f3b507086afffd5c97ffd4f323a01ba270def59d2eed260b56e4ad3eb6

SHA512
b860d8e2c90b8acf851605f455c64a16c54cd714953e94de81085713664d2f8b8dcbac5fd2b6b15b6d15fd25755289f196e7cb22e9854815de30a34a5f7a2c69

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
355B

MD5
c2d8fe755ccc76ea0206c88e60f160cd

SHA1
367338d1180cad5fe1d5ca3710b5aa4cfbb670e8

SHA256
68a8b091d5cc5a7bf82615d2fa3e90e69ee14553b9982e11a0febd79e436565c

SHA512
b7823f81d61e9d543abfb8dc4e929831ce93ebc6a497e0ea23713b23d139f09d69655fa60e2929b01ab28e319f10518954227713af963c13f99f145f9d5c7927

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Network\TransportSecurity

Filesize
355B

MD5
077107eaa1232aa3fd621134b8f0bc09

SHA1
9db3f9835522128c05b2afdda2c78b3ea17af669

SHA256
1649c15f5381afff393ea2fe70a09a9d8668cc4c69782285b93f44cc1723c31c

SHA512
283a587c7b686495715b91a4a34ff3d52eb7931a95c0a82a80966acd04426d953dcbc8ce753acea3bac31ca0ab6d1d2efc5e81a9993d0ca273fc4281ea1413c6

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Preferences

Filesize
172B

MD5
9f54ba7a131c278f0430033817c9539a

SHA1
3f6f1e4e1fc6bb9f2158aaf3e8774581cad28c94

SHA256
eef9bd38879b0730e66c45bff02383486600ce89724ad7bb2cc3d3feb66a7ae6

SHA512
e4b5f824395db4bbf8478b842b757222efdbd2273a02c3fe6b13dd0fdee7f3cb9aff57455bc06c9dcf6325c890b571e6326769c7d42f49424a94e1a1613836d7

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
f5df7fa4f0657e8ed7a1cba7b6db2ee5

SHA1
2e714ff4a6e476a9b56b88f1f3401ff71487abce

SHA256
119b40ef78b95b42e8e2410707662c9f36c7fb1c7bee7a7df8688779c9913866

SHA512
4f9224f58e1b7b29abff26c6c9709e6a15c7ac0810fdc1193b6eb9f172250e88c97bcb2b9d5497cc71acdcfb8378a82c5050802d0a5a50d768d5e90e31845970

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Shared Dictionary\db

Filesize
44KB

MD5
4d4863ce15ec9c7dfdc50c288a2d2d1a

SHA1
4494a5c4eab04af1efc9a2d7e1d996064d489512

SHA256
2ef9ab8ec9e6b879a77d1d9dbe7d18a2171f50ff37e803bbd0243af1b87dcb15

SHA512
d34f62eac5f9f0540ed0c6f3c6fcf6713c4546a5625eedc43ecb2cead6af30b387764703637fdaa4ae69d0b6cd31b2e47d6639c41b841d46327886c7a5741247

Download Submit
C:\Users\Admin\AppData\Roaming\discord\module_data\crashlogs\2024_04_04T16_42_30_981Z-0-events.log

Filesize
254B

MD5
d36ebf2aab0830b817f27a59c752a148

SHA1
dc304f045180919ad5620f4e79abe722adec3fec

SHA256
acba024207953d91b63d861f26737940767a603bc69cd87f25d9dade421ef778

SHA512
4a7e94918f7760c52ffa8384139c37665c19f49c3434507f24b972664ddd29c9e78ddc1df3b1d19a599bba8d3ca95fe84660893ce5b56dda0ea9733871101810

Download Submit
C:\Users\Admin\AppData\Roaming\discord\sentry\queue\queue.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Roaming\discord\sentry\scope_v3.json

Filesize
1KB

MD5
55b008c85e4eb4d187859ae6f1594126

SHA1
3ad557f687805b6cf9375b3d0561fbf441624278

SHA256
c0edf8a7e64d67039eca3d43c67be8a6cd3f5a796c101fec3fac6c451e3f9099

SHA512
8cb882fb65b19d05d61baa5c63b757f42c3e694a093ba8e244c15422e10bec182a4ae0a48fd770499f8b07dd879cabd067a198c37216ebefb6a02b8c3fdec1a9

Download Submit
C:\Users\Admin\Desktop\Discord.lnk

Filesize
2KB

MD5
72f319ddb0af9ab61fa51e349efbf316

SHA1
6ed76872a5147f5f445f6fb476397f221272abc9

SHA256
db9790111eb8b7311373fd21899587185166bada49fdcab6d882310d63a1878b

SHA512
1c90b978d90954d277e662c6781e26e7b0b29639ca5469842bf39de27561c74d3116f24aa36e41f2119dd5205e1835988d73ac8b8f7ec89b74ea926c00a05e2d

Download Submit
memory/2136-225-0x0000000005740000-0x0000000005750000-memory.dmp

Filesize
64KB

Download
memory/2136-234-0x00000000057C0000-0x00000000057E0000-memory.dmp

Filesize
128KB

Download
memory/2136-222-0x0000000074210000-0x00000000749C1000-memory.dmp

Filesize
7.7MB

Download
memory/2136-326-0x0000000074210000-0x00000000749C1000-memory.dmp

Filesize
7.7MB

Download
memory/2924-9-0x0000000000990000-0x0000000000B06000-memory.dmp

Filesize
1.5MB

Download
memory/2924-25-0x0000000007BC0000-0x0000000007BF8000-memory.dmp

Filesize
224KB

Download
memory/2924-24-0x0000000007B40000-0x0000000007B48000-memory.dmp

Filesize
32KB

Download
memory/2924-332-0x000000000A5B0000-0x000000000A642000-memory.dmp

Filesize
584KB

Download
memory/2924-36-0x0000000005C90000-0x0000000005C9E000-memory.dmp

Filesize
56KB

Download
memory/2924-342-0x0000000074210000-0x00000000749C1000-memory.dmp

Filesize
7.7MB

Download
memory/2924-11-0x0000000005680000-0x0000000005690000-memory.dmp

Filesize
64KB

Download
memory/2924-10-0x0000000074210000-0x00000000749C1000-memory.dmp

Filesize
7.7MB

Download